Adding forbid unsafe_code

[ralpha]

There is no unsafe code in this repo.
So forbidding unsafe code does not effect the code itself.
I also added it to the build.rs script because of an issue in Cargo Geiger,
otherwise it will not detect that it is forbidden.

[dtolnay]

Thanks! I would prefer not to make this change though. It isn't really a "policy" of the crate to eschew unsafe code, we just happen to not need any currently.

[mleonhard]

Hi David,
I feel disappointed after reading this. Rust's unsafe keyword is a critical innovation for information security. I believe that Safe Rust will eventually be a foundational technology for all of human society. Getting to that point is a long process. Part of that process is rewriting crates that use unsafe to no longer use it. Another part is making "safe" the default.

To make "safe" the default, we need tools (like Cargo Geiger) to help developers understand which of the libraries they use are safe. We also need lint tools to allow white-listing of unsafe dependencies. These tools rely on crate authors adding forbid(unsafe_code). We can help the world get to "safe by default" by adding forbid(unsafe_code) to crates that don't use unsafe code. I urge you to reconsider and make proc_macro2 safe by default.

Sincerely,
Michael

[dtolnay]

Proc-macro2 is safe by default. It does not ship gratuitous unsafe code and never will.

I do push back against the fetishizing of forbid(unsafe_code) that you and those tools have been promoting. Unsafe where appropriate and justified is what you need to be pushing, not unsafe never.

[mleonhard]

The word 'fetishize' means, "to have an excessive and irrational commitment to or obsession with (something)."

Your response can be interpreted as a personal insult. Is that what you intended? You may believe that my enthusiasm for Safe Rust is excessive, but I reject any claim that it is irrational. How about we disagree without deriding each other?