Expose `#[forbid(unsafe_code)]` subset
fintelia opened this issue · comments
I was thinking of forking byteorder
to make a "byteorder-lite
" crate that only included the methods that could be implemented without using unsafe code. But before taking that step, I wanted to check whether there was interest in exposing this crate directly providing a feature flag without which the unsafe code wouldn't be included? Or some other way of achieving the same goal?
To be clear: this is not because I believe that any of the unsafe code in the crate is unsound. Rather, it is merely based on noticing a large number of lines of unsafe code in my dependency tree that I have no need for.
Hi, thanks for asking about this.
As a general rule, I don't do API guarantees in any of my crates around internal unsafe
uses. I generally think this is a bad idea for a variety of reasons:
- It limits possible future uses of
unsafe
because I've made a promise that some subset of the API will never use it. - It creates an additional feature configuration that needs to be tested.
- My opinionated stance is that the number of
unsafe
uses is not really what's important. What's important is whether they are correct. The number ofunsafe
uses is a good indicator for "hey someone might want to take a closer look at this," but I don't think it's something one ought to be generally optimizing for in and of itself.
I do appreciate that different folks have different risk profiles, but I think this sort of "safe lite version of crate" is not a scalable practice and not one I want to be encouraging.
Thanks for your reply. To double check, would you object to me releasing a fork under the name byteorder-lite
? I'd also be open to using safe-byteorder
/byteorder-safe
or picking a name that doesn't include "byteorder" if you'd prefer
I would object in that sense that I think it's a bad practice. But not in the sense that I'm going to be upset or think that you shouldn't feel empowered to do it if you think it's the right decision to make. I don't feel too strongly about the name. I don't see myself publishing any other byteorder-foo
crates. I think it would be a good idea to make it clear that it isn't affiliated with this project if you use byteorder
in the name.