Please include this informatin in the README

[dpc]

Hi,

I'm considering using speedy but I need to confirm certain important properties:

• stable? (can store long term data and expect they will encode with future versions)
• safe to use against (possibly) malicious data?
• deterministic and non-malleable (only one valid and accepted encoding for any value - important in certain cryptographic contexts)?

[koute]

stable? (can store long term data and expect they will encode with future versions)

Yes. (Actually, this is already mentioned in the readme.)

safe to use against (possibly) malicious data?

Mostly yes, but not entirely. 1) It trusts the lengths of the Vecs/etc. it reads and tries to preallocate that much memory, so without adding a limit there it could be vulnerable to a DoS attack, 2) it assumes the lengths it reads are less than 8 exabytes (this allows some extra LLVM optimizations; not sure what exactly the consequences would be if this is violated), and 3) there's a certain amount of unsafe in there, and assuming it's bug free it should be safe, but I'd suggest fuzzying just in case.

deterministic and non-malleable (only one valid and accepted encoding for any value - important in certain cryptographic contexts)?

Mostly yes, but not entirely. bool is always encoded as 1 but can be any non-zero value when decoded (this also applies to Option's implicit bool). Beside that everything else should have only one possible encoding, IIRC.