On Thursday, 18 May 2017 at 12:12:18 UTC, Steven Schveighoffer
wrote:
[...]
We still allow unsafe operations inside @safe code, using
@trusted. This is a necessary evil, but it's so very important
that the base libraries (druntime and phobos) keep this to a
minimum, and that we review those @trusted blocks to death.
That and we need to make sure it is understood by everyone using
third party @safe code that it is *not* a "I don't have to audit
this code" free card. It merely reduced the amount of code you
need to review to what is marked as @trusted (with regards to
memory safety); as long as you don't *know* whether some third
party code is @safe or @trusted, you (as the programmer) have to
assume it is @trusted and that means you have to extend trust to
the author and cannot assume any of the @safe guarantees for that
code.