On Tue, Nov 10, 2009 at 3:56 PM, Walter Bright <newshou...@digitalmars.com> wrote: > @unsafe was suggested (I think by Don) to provide symmetry with @safe and > @trusted. This is a good point, but I'm starting to think that @unsafe is > not a good idea. > > For example, one could make an entire module safe with: > > ------------------- > module foo; > @safe: > [...] > ------------------- > > And an observer could conclude that foo only contains safe and trusted code. > But if @unsafe could override, he has to delve into it looking for @unsafe > as well.
I don't assume that a class is entirely private when I see private: at the top. Incremental search and grep are not difficult to use if you're trying to find out if a module contains anything @unsafe. > Furthermore, why would a safe module wish to expose unsafe functions? > Shouldn't the programmer instead be obliged to produce trusted functions in > it? Private implementation might be using unsafe functions as part of the implementation of trusted functions. --bb