92
What is going on with serde? (social.treehouse.systems)
submitted 10 months ago by snaggen@programming.dev to c/rust@programming.dev
28 comments fedilink hide all child comments

So, serde seems to be downloading and running a binary on the system without informing the user and without any user consent. Does anyone have any background information on why this is, and how this is supposed to be a good idea?

dtolnay seems like a smart guy, so I assume there is a reason for this, but it doesn't feel ok at all.

you are viewing a single comment's thread
view the rest of the comments
[-] lolcatnip@reddthat.com -2 points 10 months ago

You can read the source of build.rs and and proc macros executed during a build, but do you? Does anyone do that every time they add a new dependency?

[-] manpacket@lemmyrs.org 5 points 10 months ago

When adding a new dependency I almost always go over the source code to see what kind of performance to expect. If build.rs is there - checking it takes a single click so yes to that too. Derive macro - less frequently, but you have to do it when documentation is non existent.

this post was submitted on 18 Aug 2023
92 points (98.9% liked)

Rust

5390 readers
60 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 1 year ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
EdTheLegendary@programming.dev
kahnclusions@programming.dev
torcherist@programming.dev