How about:
/// Sets the **shadow** environment variable `key` to the value `value` for the currently running process.
///
/// ... rest of the docs
#[deprecated = "Confusing, use set_shadow_var or set_system_var instead"]
pub fn set_var<K: AsRef<OsStr>, V: AsRef<OsStr>>(key: K, value: V) {
set_shadow_var(key, value)
}
/// Sets the **shadow** environment variable `key` to the value `value` for the currently running process.
///
/// ... rest of the docs
pub fn set_shadow_var<K: AsRef<OsStr>, V: AsRef<OsStr>>(key: K, value: V) {
// ...
}
/// Sets the **system** environment variable `key` to the value `value` for the currently running process.
///
/// ...
/// ## Safety
/// ...
pub unsafe fn set_system_var<K: AsRef<OsStr>, V: AsRef<OsStr>>(key: K, value: V) {
}
- Old code gets warned of changed behavior
- Old code that doesn't interact with system can just rename to
shadowversion and be done with it - Old code that intended
systemwill have to be audited, but it was probably already broken - New code chooses one or the other from beginning and perhaps nudges people to avoid writing env vars entirely.
Or maybe even, in case of set_var write from shadow to system if we can undeniably prove that there's only one thread. That way most of the existing sound code intending to use system will continue to work, unsound code intending to use system will just break instead of UB-ing.
