I would like to propose that if I put {-# LANGUAGE Trustworthy #-} on a module and it infers as Safe, then the module should get marked Safe instead of Trustworthy. Putting Trustworthy in right now has the semantics "it is at most Trustworthy".

It would be far more useful to have the semantics "it is at least Trustworthy".

The current situation is actually a maintenance nightmare.

Currently, if I incur a dependency on a package has some Safe versions and some non-Safe versions, but I know I'm not using any unsafe componentry of it, I have to either

a.) Mark my package Trustworthy unnecessarily enlarging the trusted code base a lot.

b.) Track ALL of the dependencies of my dependencies to know when it will be Safe rather than Trustworthy, then insert brittle CPP pragmas that often fail.

Consider that hashable 1.2.1.0 recently became flagged Trustworthy, but was previously not.

Now, if I want to properly infer as Safe, I have to track the exact version of hashable I depend on and whether or not my Typeable instance is being rolled manually and make an enormous composite #ifdef at the top of the module.

Worse, we got the patch in about a month ago, so to future proof my code I'd have had to be psychic.

Now consider that I have 50 other packages to maintain in this same manner. I wind up shotgunning Trustworthy, do deal with the fact that I deigned to provide instances for vector. If vector ever refactored to support Safe Haskell, I'd have to go fix up 50 very arcane CPP pragmas to match the internal details of an external package.

Then I wind up checking them by round tripping through cabal installs and checking my haddocks.

This is further complicated by the fact that some things are just becoming Safe "for free" as they go, due to the fact that they no longer need or can supply hand-rolled Typeable instances.