Greenwashing: best practices

[ag0aep6g]

On 30.05.20 23:31, Johannes T wrote:
> To force unchecked functions to compile, the corresponding declarations 
> should be surrounded by @trusted { } block. The block suggests it was 
> rubber-stamped without audit. It's also the path of least resistance for 
> multiple functions. @trusted should only be added to a single 
> declaration if it was verified.

I think it would be a mistake to try and distinguish `@trusted` from 
`@trusted { ... }` that way. A UDA (.e.g `@audited`) would be a better 
fit if you want to communicate that an audit has happened.

As far as I'm aware, there is generally no expectation of @trusted 
extern functions having their implementations verified. First and 
foremost, @trusted marks a safe interface [1]. Whether the 
implementation is bug-free is secondary.

On a D function, @trusted is also just an "I think it's safe" comment by 
the author. It doesn't indicate that the code was audited by anyone else.


[1] https://dlang.org/spec/function.html#safe-interfaces