On Wednesday, 27 May 2020 at 10:03:21 UTC, Walter Bright wrote:
It's not an acceptable solution for people who require
correctness. ZombineDev can't tell an auditor that he relies
on D-Scanner to find the problematic spots. I believe it's
unavoidable to provide an option to change the default. It
could make extern @system or refuse to compile safe code
calling @safe extern.
People who require correctness are going to have to manually
audit each and every C declaration regardless. There's no way
around it. A less strict auditor would focus his attention on
un-annotated declarations and assume that annotated ones are
annotated correctly.
A less strict auditor wouldn't have to look at un-annotated
extern(C) functions if they were @system by default. It's more
work for them to ensure they are actually @safe. The majority
will be un-annotated if you leave it as @safe.