[indiana-discuss] being more friendly in the face of panics
Richard Lowe
richlowe at richlowe.net
Mon Jul 23 14:28:17 PDT 2007
Richard Elling <Richard.Elling at Sun.COM> writes:
> Richard Lowe wrote:
>> There is no good reason, ever, to leave the system up when you *know*
>> something has gone drastically wrong.
>
> In general, I disagree and I believe you will find a number of safety-critical
> systems which do not agree with this philosophy. AFAIK, OpenSolaris is not
> designed for safety-critical systems, but that doesn't mean that bailing out
> of a flying airplane is the appropriate response.
After brief discussion off-line, we're in a combination between
confusion and violent agreement here, so I'll clarify what I meant.
The "when you *know* something has gone drastically wrong" in my text
above was intended to signify a failure where your only options were
to panic or to ignore the problem and hope (at greater risk to system
integrity, as the failures possibly cascade).
Given the choice between panicing, and other options that also
preserve the integrity of the system, of course the other options are
the better ones. :)
-- Rich
More information about the indiana-discuss
mailing list