49
Rust devs push back as Serde project ships precompiled binaries (www.bleepingcomputer.com)
submitted 1 year ago by ruffsl@programming.dev to c/rust@programming.dev
14 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] argv_minus_one@beehaw.org 4 points 1 year ago

The proper way to handle this is to contact the maintainer, ask why this change was made, and start a discussion arguing the drawbacks and asking to revert it.

That has already occurred. The maintainer pretty much ignored the question, as far as I can tell.

People usually behave that way when they have an ulterior motive. In this case, I worry that the plan is to slip some malware into that binary…

[-] jhulten@infosec.pub 1 points 1 year ago

The maintainer took a very FOSS approach of "this is better and the tools we use don't support better choices, so you're welcome to fix the tools."

[-] argv_minus_one@beehaw.org 4 points 1 year ago

If the binary matched the source code, that argument would hold, but it doesn't, which is sounding alarm bells in my head. Just what is in those 600 kilobytes of machine code?

this post was submitted on 19 Aug 2023
49 points (96.2% liked)

Rust

5938 readers
1 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 1 year ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
EdTheLegendary@programming.dev
kahnclusions@programming.dev
torcherist@programming.dev