https://issues.dlang.org/show_bug.cgi?id=24724
--- Comment #5 from [email protected] --- (In reply to Nick Treleaven from comment #3) > > this is not enforced by restrictions on the function body > > Why not enforce it at the interface level? We do. With `@safe`. `@trusted` is specifically for manual enforcement. (In reply to Nick Treleaven from comment #4) > In what scenario is allowing @trusted to have an unsafe interface useful? A > single example will suffice, please provide one (that can't be @system). The compiler can't prove all memory-safe code is memory-safe, only a subset. It is occasionally useful to call manually-verified code from `@safe` functions, which `@trusted` enables. There is no other value to it. Adding enforcement to it removes that value, and reduces it to just a carbon copy of `@safe`. I'd rather see `@trusted` removed entirely than go down that path. --
