> The idea is: Unsafe does not mean "I expect this is wrong but I want to do it anyway" rather "I am sure this is right but the compiler doesn't understand why" and the justification explains to other humans, maintainers, reviewers, and your future self, why you believe it's right.
I'd add one more aspect to it in addition to yours: "get back to this in the future and see if we can make it not use `unstable`". It's a very good marker in the code and I hope Rust doesn't move to implicitness.
Unstable aka Nightly features in Rust also need flagging, you must annotate to tell the compiler you want this feature (and so your code won't compile in stable Rust or in any future nightly Rust which lacks the feature)
No I don't think Rust would choose to make either nightly flags or the unsafe marker implicit.
In fact the opposite is likely, today unsafe functions have their body implicitly treated as unsafe, because you said the unsafe word at the start of the function. For short functions this seems convenient, in longer functions it would be nice to distinguish "actually needs its own safety rationale" from merely "happens to be in a function marked as unsafe".
I'd add one more aspect to it in addition to yours: "get back to this in the future and see if we can make it not use `unstable`". It's a very good marker in the code and I hope Rust doesn't move to implicitness.