Greenwashing: best practices
Johannes T
isrvoid at gmail.com
Sun May 31 11:08:04 UTC 2020
On Saturday, 30 May 2020 at 22:01:14 UTC, ag0aep6g wrote:
> On 30.05.20 23:31, Johannes T wrote:
>> To force unchecked functions to compile, the corresponding
>> declarations should be surrounded by @trusted { } block. The
>> block suggests it was rubber-stamped without audit. It's also
>> the path of least resistance for multiple functions. @trusted
>> should only be added to a single declaration if it was
>> verified.
>
> I think it would be a mistake to try and distinguish `@trusted`
> from `@trusted { ... }` that way. A UDA (.e.g `@audited`) would
> be a better fit if you want to communicate that an audit has
> happened.
You're right. It does seem bad and shouldn't be promoted. I think
there is still some value using it as a smell. If you see
@trusted: or @trusted { }, it's probably there to shut up the
compiler.
> As far as I'm aware, there is generally no expectation of
> @trusted extern functions having their implementations
> verified. First and foremost, @trusted marks a safe interface
> [1]. Whether the implementation is bug-free is secondary.
>
> On a D function, @trusted is also just an "I think it's safe"
> comment by the author. It doesn't indicate that the code was
> audited by anyone else.
>
> [1] https://dlang.org/spec/function.html#safe-interfaces
That's an important distinction. I didn't realize it until
recently.
Thank you.
More information about the Digitalmars-d
mailing list