> That it still continues to work, even when they've misconfigured their > end, means it is resilient to failure as a good security framework > should be.
The logic being that logging is not critical, so if it isn't configured successfully, it shouldn't prevent the really important functions (security) from operating. This is an architectural feature of highly resilient and very secure systems that most Java programmers don't think about much. We need to.
