I do understand the point you are making, but if the goal is to discourage use, the tooling should make it easy for downstream users (other developers) to know that a certain dependency "relies on a smart programmer doing the right thing". My 2 cents - some sort of `unsafe` usage score??
I am suggesting this to prevent the likes of the burn-out that happened with actix-web and its use of unsafe (which is now fixed apparently)
However a sufficiently determined evil crate can use soundness holes (like fake-static) or macros (like plutonium) to misbehave without visible unsafe.
Nothing really can stop a truly determined bad actor completely, but I don’t think that was GP’s point, rather that it’s good to easily know the potential risk you are exposing yourself to with your dependencies in a practical sense.
The issue with actix-we wasn't about people badgering the author to remove unsafe and they got tired of it/burned out and tried to find people to take over? I remember that the unsafe code wasn't really necessary with regards to the performance benefit.
I am suggesting this to prevent the likes of the burn-out that happened with actix-web and its use of unsafe (which is now fixed apparently)