Is it possible to have a policy on when to cause a reboot instead of just logging the error and continue?
I think you could say, for example, that any unrecoverable error should cause a reboot (like if malloc fails and you really cannot continue). Otherwise you log the error somewhere and carry on (maybe in other cases you can handle low memory conditions gracefully). Seems like the basis of a policy to me.
I think it is, but my boss says it isn't. He says it wouldn't work and each developer should use his/her judgement in each case.
What do you guys think?