On Oct 3, 2013, at 4:49 PM, Jonathan M Davis <jmdavisp...@gmx.com> wrote: > > Just because it won't kill anyone doesn't mean that it's okay for it to > continue after it's in a bad state. It could do other nasty things to the > system (including corrupt the files that it's operating on). Once a program's > in an invalid state, all bets are off. I fully concur with Walter that it's > better to kill the program at that point and restart it whether lives are on > the line or not. And if that means that the user sees crashes, oh well. > They'll complain and the developer will have to fix them, which is exactly > what > they need to do, because they wouldn't be getting stuff like segfaults or > Errors if their code wasn't broken.
I'm inclined to agree. However, in this case the user will need some method to remove the broken plugin or the app will be perpetually broken. It wouldn't surprise me if the original motivation for trying to withstand failures was a bad decision motivated by something like this, and at some point it was erroneously considered a feature. I'd prefer to be notified that a crash was likely caused by a bad plugin and given the option to restart in "safe" mode, though.
