What is going on with serde?(social.treehouse.systems)

posted 1 year ago

So, serde seems to be downloading and running a binary on the system without informing the user and without any user consent. Does anyone have any background information on why this is, and how this is supposed to be a good idea?

dtolnay seems like a smart guy, so I assume there is a reason for this, but it doesn’t feel ok at all.

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments View context

[ - ]

BB_C@programming.dev

5 points

1 year ago

bsdtar tfv ᐸ(curl -sL https://static.crates.io/crates/serde_derive/serde_derive-1.0.183.crate)

Edit: Ogh, using ᐸ which is a replacement character because Lemmy escapes the real one. This is annoying.

There, you will see that this file exists:

-rwxr-xr-x  0 0      0      690320 Jul 24  2006 serde_derive-1.0.183/serde_derive-x86_64-unknown-linux-gnu

Yes, that’s a pre-built binary in the crate source release. It’s that bad.

permalink

report

parent

[ - ]

TehPers@beehaw.org

1 point

1 year ago

Looks like I missed that, I was checking locally but I must have been checking an outdated version of the package. I’d feel better about it if it compiled on the user’s machine, which is the impression I was getting.

permalink

report

parent

Rust

!rust@programming.dev

Create post

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

Community stats

504
Monthly active users
890
Posts
3.9K
Comments

Wormhole

Community stats

Community moderators