You are making some very good arguments and I am not an expert. I would like to argue for *choice*, as I am not claiming to know enough to write the rules.

>> “std::inplace_vector::assert_push_back” just kills people.

If you look at error correcting RAM (ECC), the normal practice is to trigger a kennel panic when unrecoverable data corruption is detected. Proceeding with known corrupt data is not normally done.

I'd rather defer to someone from aerospace at this point. I never wanted anyone's life to depend on my code.