> That's sensible, but if money or lives were on the line, I think It'd > be better to have a running but potentially vulnerable service. For my > use case, this is completely acceptable, I'm just curious about the > implications for others.
Then you can do that on your own, if it suits your use case. It does not suit the default use case. Go right ahead repeatedly restarting a service that some attacker is trying to attack a known hole in, which is being defeated by the entropy we added to the runtime. Except each time he's learning a little more about your runtime, and eventually he wins. Any remote service which crashes is potentially exploitable; we have to assume so, until we see the specific way it fails.
