Daring to rush in without having read the documents....
it seems to me that somewhere one needs a NOTE, something along the lines
of:
NOTE: In some situations, for instance when a destination disk is full or
damaged, a syslog facility may be unable to process all messages, despite
the message transport being reliable. In such a case, it is reasonable for
the logger of a message to have the option of either not logging more
messages or ceasing its own operation. This document does not specify which
option to take.
Or words to that effect.
Harald
--On 2. februar 2007 09:59 -0800 "David W. Hankins" <David_Hankins@xxxxxxx>
wrote:
On Fri, Feb 02, 2007 at 08:31:49AM +0100, Stephane Bortzmeyer wrote:
Wether it is a bug or a feature depends on your requirments. On some
high-security environments, people prefer to suspend the service
rather than not being able to log it. (Otherwise, an attacker could
easily attempt many attacks, fill in the hard disk and then perform
the real attack unlogged).
I'd just like to point out that you're choosing one bug over
another. A DOS in preference to lack of observance of events.
In my opinion, that's a bad selection, but it's your selection to
make.
That kind of preference, that kind of choice, is a good thing to
have, but it would be unwise to apply to the general case a
systematic selection of DOS over observation.
--
David W. Hankins "If you don't do it right the first time,
Software Engineer you'll just have to do it again."
Internet Systems Consortium, Inc. -- Jack T. Hankins
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf