So, serde seems to be downloading and running a binary on the system without informing the user and without any user consent. Does anyone have any background information on why this is, and how this is supposed to be a good idea?

dtolnay seems like a smart guy, so I assume there is a reason for this, but it doesn’t feel ok at all.

  • lolcatnip@reddthat.com
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    3
    ·
    1 year ago

    You can read the source of build.rs and and proc macros executed during a build, but do you? Does anyone do that every time they add a new dependency?

    • manpacket@lemmyrs.org
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      When adding a new dependency I almost always go over the source code to see what kind of performance to expect. If build.rs is there - checking it takes a single click so yes to that too. Derive macro - less frequently, but you have to do it when documentation is non existent.