https://issues.dlang.org/show_bug.cgi?id=16218
--- Comment #2 from anonymous4 <[email protected]> --- The "private @trusted" pattern is sort of a gray zone, it's used here for safety inference. If readImpl was @system, all users will have to carefully infer attributes, which is error-prone. That said, the huge trusted islands make no sense indeed, whole readImpl should be a normal @trusted function, like the posix variant. It takes a pointer, because tempCString returns a voldemort type which is needlessly templated on the source range type. BTW messing with trusted code is a rather cruel task for DSS. --
