> what if it's an exploit ? [...] it means the attacker only has to hit
> once to cause a denial of service that lasts until some admin can deal
> with it
I'd pick a one-hit DoS over unlimited attempts to execute code every day.

But yes, you're right that it heavily depends on what service we're
talking about + external factors. I was just trying to explain why
(I believe) rc.d and hence OpenRC do not auto-respawn.