What is going on with serde?
What is going on with serde?
hoooooly shit the new version of serde_derive includes a pre-built executable and has no official way to turn that off? Wtaf. https://github.com/serde-rs/serde/issues/2538 #rustlang
So, serde seems to be downloading and running a binary on the system without informing the user and without any user consent. Does anyone have any background information on why this is, and how this is supposed to be a good idea?
dtolnay seems like a smart guy, so I assume there is a reason for this, but it doesn't feel ok at all.
You're viewing a single thread.
The second comment explains a lot. There is a build script that generated the binary, which they are using to reduce the overall build time. They mention this resulting from a limitation on cargo and this being a workaround
It seems like you could build it all from scratch if needed with a bit of effort