introduce a new Y3K bug, which will certainly make the code base worse

Author: tayloraswift

Sources/UnixTime/Timestamp.Sanity.swift

@@ -0,0 +1,15 @@
+extension Timestamp
+{
+    /// Timestamp sanity is an often-overlooked aspect of server security. Because Swift’s
+    /// “crash early” philosophy around trapping arithmetic overflows is very bad for servers,
+    /// server applications should always perform sanity checks on timestamps before using them
+    /// to perform **any** kind of date computation.
+    @frozen public
+    enum Sanity
+    {
+        /// The year is in the given range.
+        case year(in:ClosedRange<Year>)
+        /// No sanity checks will be performed.
+        case unchecked
+    }
+}

Sources/UnixTime/UnixInstant.swift

@@ -64,9 +64,22 @@ extension UnixInstant
         return .init(second: second, nanoseconds: milliseconds * 1_000_000)
     }
 
+    /// Y3K bug!
     @inlinable public
-    init?(utc timestamp:Timestamp.Components)
+    init?(utc timestamp:Timestamp.Components,
+        sanity checks:Timestamp.Sanity = .year(in: 1970 ... 2970))
     {
+        switch checks
+        {
+        case .unchecked:    break
+        case .year(in: let range):
+            guard range.contains(timestamp.date.year)
+            else
+            {
+                return nil
+            }
+        }
+
         var time:tm = .init(
             tm_sec:     timestamp.time.second,
             tm_min:     timestamp.time.minute,