BurntSushi / byteorder

Rust library for reading/writing numbers in big-endian and little-endian.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Expose `#[forbid(unsafe_code)]` subset

fintelia opened this issue · comments

I was thinking of forking byteorder to make a "byteorder-lite" crate that only included the methods that could be implemented without using unsafe code. But before taking that step, I wanted to check whether there was interest in exposing this crate directly providing a feature flag without which the unsafe code wouldn't be included? Or some other way of achieving the same goal?

To be clear: this is not because I believe that any of the unsafe code in the crate is unsound. Rather, it is merely based on noticing a large number of lines of unsafe code in my dependency tree that I have no need for.

Hi, thanks for asking about this.

As a general rule, I don't do API guarantees in any of my crates around internal unsafe uses. I generally think this is a bad idea for a variety of reasons:

  1. It limits possible future uses of unsafe because I've made a promise that some subset of the API will never use it.
  2. It creates an additional feature configuration that needs to be tested.
  3. My opinionated stance is that the number of unsafe uses is not really what's important. What's important is whether they are correct. The number of unsafe uses is a good indicator for "hey someone might want to take a closer look at this," but I don't think it's something one ought to be generally optimizing for in and of itself.

I do appreciate that different folks have different risk profiles, but I think this sort of "safe lite version of crate" is not a scalable practice and not one I want to be encouraging.

Thanks for your reply. To double check, would you object to me releasing a fork under the name byteorder-lite? I'd also be open to using safe-byteorder/byteorder-safe or picking a name that doesn't include "byteorder" if you'd prefer

I would object in that sense that I think it's a bad practice. But not in the sense that I'm going to be upset or think that you shouldn't feel empowered to do it if you think it's the right decision to make. I don't feel too strongly about the name. I don't see myself publishing any other byteorder-foo crates. I think it would be a good idea to make it clear that it isn't affiliated with this project if you use byteorder in the name.