ecsd:
> If I am writing production software (i.e. the end users have a
> very vested interest in it working properly), then if I see the
> user attempt to give me "empty" for a symbol required to be nonblank
> and for which I otherwise have a default value in hand, I would
> syslog that I had refused to accept the invalid value, that I was
> using the default instead, and the program would continue.
This is not a lack of "code quality", but a fundamental difference
between software that primarily interacts with users, such as a
word processor, and software that primarily operates primarily
autonomously, such as an MTA.
Software such as a wordprocessor that primarily interacts with the
user will not 'lose' a document when they specify an incorrect font
setting, or make some other change that the user can easily 'undo'.
Software that primarily operates autonomously does not have the
luxury of 'undoing'. There is no way to 'undo' email that was
delivered to the wrong user. Once it is sent, it is sent. That could
result in a breach of confidentiality. The best thing Postfix can
do in case of a bad configuration is to back off, and wait for
someone to retry the operation after the configuration us fixed.
>From this it follows that these different categories must be managed
differently.
Wietse
