I think that modules should not issue fatal errors and terminate the server unless the module determines that the error it has encountered will absolutely prevent correct operation of any part of the server. For example, the current nscp module will terminate the server with a fatal error if it cannot listen to the specified control port, but the server would be perfectly capable of processing HTTP requests (assuming nothing else went wrong), so I'd like to suggest that modules be more conservative in deciding when the server can't continue without them. Database drivers are another example -- if the driver can't connect to the DB, there's an API to return the failure, and with good engineering, you should be able to construct a server that does something reasonable even in the absence of a db connection failure, so a fatal isn't a good idea.
Anybody have any feelings one way or the other?
