Rust@programming.devEnglish · 2 years ago

What is going on with serde?

social.treehouse.systems

What is going on with serde?

social.treehouse.systems

snaggen@programming.dev to

Rust@programming.devEnglish · 2 years ago

Meg (@megmac@treehouse.systems)

social.treehouse.systems

hoooooly shit the new version of serde_derive includes a pre-built executable and has no official way to turn that off? Wtaf. https://github.com/serde-rs/serde/issues/2538 #rustlang

So, serde seems to be downloading and running a binary on the system without informing the user and without any user consent. Does anyone have any background information on why this is, and how this is supposed to be a good idea?

dtolnay seems like a smart guy, so I assume there is a reason for this, but it doesn’t feel ok at all.

Chat

argv_minus_one@beehaw.orgBanned
link
fedilink
English
arrow-up
1·
2 years ago
Sandboxing the binary doesn’t protect you. It can still insert malicious code into your application.

Rust@programming.dev

rust@programming.dev

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !rust@programming.dev

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

36 users / day
73 users / week
365 users / month
2.86K users / 6 months
1 local subscriber
7.16K subscribers
883 Posts
4.31K Comments
Modlog