On Thursday, 5 February 2015 at 19:49:41 UTC, Andrei Alexandrescu
wrote:
On 2/5/15 11:17 AM, H. S. Teoh via Digitalmars-d wrote:
In short, my proposal is:
Tainted variables are an interesting topic, but quite distinct
from the notion of separating safe code from unsafe code.
As much as I was shocked about the use of
@trusted/@safe/@system in std.file, std.array and sadly
possibly in other places, I found no evidence that the feature
is misdesigned. I continue to consider it a simple, sound, and
very effective method of building and interfacing robust code.
An excellent engineering solution that offers a lot of power at
a modest cost.
I do not support this proposal to change the semantics of
@trusted/@safe/@system. A separate tainted data proposal might
be of interest for loosely related topics.
Andrei
At minimum, there needs to be official documented guidance on how
to use @trusted. If phobos developers got this far without
knowing how to use it (assuming their complaints on its design
are indeed meritless), how can anyone else be expected to?
