Zero-downtime canister upgrades

Currently, the official advise is to always stop your canisters before upgrading them. This advise is well justified, but the result is quite unsatisfactory, and unbecoming of a service hosting platform that wants to attract “real” applications.

So in this blog post I explore how to write canisters that can be safely upgraded without stopping, both now and once the System API has improved:


Are there any plans of using something like “validUntil” or other timestamp-based mechanism where the message is dropped by the replica if it comes too late?