On Friday, 6 February 2015 at 17:12:40 UTC, David Nadlinger wrote:
It seems obvious that explicitly whitelisting a small number of
potentially dangerous but safe operations is much less
error-prone approach than disabling compiler checks for
everything and then having to remember to blacklist all
unverified external dependencies.
David
That seems obvious to me too. Isn't the whole purpose of having
'@trusted' in the first place to direct a programmer who's having
memory safety problems to the potential sources those problems?
But why have this and then stop at the function level? Why not
force the programmer to tag precisely those portions of his code
which cause him to tag his function @trusted to begin with? Why
help him get to the function, and then leave him hanging out to
dry once inside the function?
