This is why OpenBSD’s rc doesn’t have restarts. A crashing application has a bug that needs fixed. A crashing application probably has a security vuln if nothing else it has denial of service.
Well, obviously so if running under OpenBSD's rc system.
Pretty much all fault-tolerant systems feature recovery by strategies like auto-restarting things and raising alarms, so the OpenBSD people must know some secret that has eluded researchers in that area.
> A crashing application has a bug that needs fixed.
Sure, but you can fix that bug after it's been auto-restarted. Assuming this is a service that, say, customers rely on, your customers don't care about the details. They just care that they're able to use your service and get their work done.
Not having some sort of auto-restart or auto-healing system only serves to prolong downtime. Obviously you need to be alerted of these restarts so you can find the bug and fix it, but overall I'd value uptime over the fairly low probability that allowing it to auto-restart might expose some sort of security issue.
Of course there may be some circumstances where reliability is by far the biggest concern, so allowing something to crash and stay down may be preferable. I just think that's going to be a small minority of situations, for most people.
Yes this is my default --- let it crash, and figure out why, and fix the problem. It also helps identify services that nobody really uses. If a service is down, and nobody complains, maybe it's not needed at all.
Sometimes there are external demands that require the system to always be up or to minimize any downtime. In an ideal world, that requirement should be designed into the system architecture from the beginning, but in the real world that doesn't always happen.
Well, obviously so if running under OpenBSD's rc system.
Pretty much all fault-tolerant systems feature recovery by strategies like auto-restarting things and raising alarms, so the OpenBSD people must know some secret that has eluded researchers in that area.