[OffTopic] A vulnerability postmortem on Network Security Services

jmh530 john.michael.hall at gmail.com
Wed Dec 8 16:47:20 UTC 2021

On Wednesday, 8 December 2021 at 15:46:31 UTC, Steven 
Schveighoffer wrote:
> [snip]
> I proposed [during the 
> discussion](https://forum.dlang.org/post/r6kvm4$1vq5$1@digitalmars.com) that you can assume `extern(C)` functions are `@safe` as long as they are mangled differently. I think that would both solve the problems people had, and allow `extern(C)` to be safe by default.
> Walter seemingly ignored it, but silently [hated 
> it](https://forum.dlang.org/post/ra7958$2r8v$1@digitalmars.com), so I don't see that happening.
> -Steve

I think Walter (and likely Atila too) might come down on avoiding 
special casing as an important design goal.

To me, the best way to ensure that is to moving @safe from a 
black list to an white list. That is, @safe is currently 
structured so that you cannot do certain things. If instead it is 
structured so that only certain things are allowed, then 
something like having the body of the function available could be 
on that list. There would be no more special casing and it would 
only break code to the extent that the white list and black list 
do not match up (which might be considerable, who knows)

More information about the Digitalmars-d mailing list