My personal gut feeling: the maintainer will just shoot this attempt down and close the PR.
Happy to be proven wrong here though.
Has dtolnay shown a strong sentiment towards having it be on always? I can’t imagine there’s much reason not to make it configurable.
The precompiled implementation is the only supported way to use the macros that are published in serde_derive. If there is implementation work needed in some build tools to accommodate it, someone should feel free to do that work
~ dtolnay (source)
That sounds like he doesn’t like to (re-)introduce any other options.
The precompiled implementation is the only supported way to use the macros that are published in serde_derive
That statement is straight up gaslighting.
The precompiled binary is only provided for one platform, Linux. Windows does not use a precompiled binary but compiles its own from the source. How can he claim it’s the “only supported way”, when for most platforms he is doing it another way? Also, the crate, throughout most of its life, has been doing it another way.
That seems a bit concerning. At first I was under the impression the binary was compiled on the user’s machine, but once I saw that it’s distributed with serde I can see why people are upset.
dtolnay isn’t the only maintainer though. oli-obk is also a maintainer and is participating in the discussions on the PR.
I don’t think oli-obk has any say in this as they stated the following:
Because this crate is owned by dtolnay and he may do with it as he wishes. My personal opinions on the topic are irrelevant.
So, the general unsuspecting public will still be executing this potentially-malicious binary, and only those in the know will be able to avoid it?
