On Friday, 17 August 2018 at 14:26:07 UTC, H. S. Teoh wrote:
[...]
And that is exactly why the whole implementation of @safe is
currently rather laughable. By blacklisting rather than
whitelisting, we basically open the door wide open to loopholes
-- anything that we haven't thought of yet could potentially be
a @safe-breaking combination, and we wouldn't know until
somebody discovers and reports it.
Sadly, it seems there is little interest in reimplementing
@safe to use whitelisting instead of blacklisting.
T
Fundamentally, I see it as a good idea. Walter has talked about
how important memory safety is for D. People thinking their @safe
code is safe is a big problem when that turns out to not be the
case. Imagine the black eye D would have if a company was hacked
because of something like this?
IMO, the problem is that you can't just replace @safe as it is
now. You could introduce something like @whitelist or
@safewhitelist and begin implementing it, but it would probably
be some time before it could replace @safe. Like when @whitelist
is only breaking unsafe code.