On Thursday, 18 May 2017 at 12:12:18 UTC, Steven Schveighoffer wrote:
[...]

We still allow unsafe operations inside @safe code, using @trusted. This is a necessary evil, but it's so very important that the base libraries (druntime and phobos) keep this to a minimum, and that we review those @trusted blocks to death.


That and we need to make sure it is understood by everyone using third party @safe code that it is *not* a "I don't have to audit this code" free card. It merely reduced the amount of code you need to review to what is marked as @trusted (with regards to memory safety); as long as you don't *know* whether some third party code is @safe or @trusted, you (as the programmer) have to assume it is @trusted and that means you have to extend trust to the author and cannot assume any of the @safe guarantees for that code.

Reply via email to