Igor Khavkine <i_khavki@alcor.concordia.ca> writes:
My idea is for anything that
acts in a supporting role (libraries, system calls, servers, etc.) not
to fail of their own volition unless they know that ABSOLUTELY NOTHING
else can be done. All other errors should be propagated to the program
or client that made the library/system/RPC call. This sort of "support
code" should not take upon itself to handle error conditions that do
not give users of this "support code" the freedom to handle it the
way they want.
The problem is that I would *rather* have my kernel crash than have
exim or apache start handing out error codes. You're assuming that
telling the user "memory is full" might fix the problem. That means
you're assuming that the user even knows what computer's memory is
full! Not so.
I've had weird exim failures cause my incoming email to get hosed. It
was a serious problem, and it could have been avoided if the system
had simply rebooted. It doesn't matter to me whether exim is hosed
because it hands out "memory exhausted" errors to incoming SMTP
connections, or if it responds in some other incomprehensible way:
*BOTH* are just as wrong.