My personal gut feeling: the maintainer will just shoot this attempt down and close the PR.
Happy to be proven wrong here though.
Welcome to the Rust community! This is a place to discuss about the Rust programming language.
Credits
My personal gut feeling: the maintainer will just shoot this attempt down and close the PR.
Happy to be proven wrong here though.
dtolnay isn't the only maintainer though. oli-obk is also a maintainer and is participating in the discussions on the PR.
I don't think oli-obk has any say in this as they stated the following:
Because this crate is owned by dtolnay and he may do with it as he wishes. My personal opinions on the topic are irrelevant.
You're right, I missed that. That's unfortunate.
Technically true, but he has two merge commits in last three years. Not sure that will still give him much of a pull.
Author of the PR made it opt-out. I think it may be enough of the compromise for the maintainer.
Has dtolnay shown a strong sentiment towards having it be on always? I can't imagine there's much reason not to make it configurable.
The precompiled implementation is the only supported way to use the macros that are published in serde_derive. If there is implementation work needed in some build tools to accommodate it, someone should feel free to do that work
~ dtolnay (source)
That sounds like he doesn't like to (re-)introduce any other options.
That seems a bit concerning. At first I was under the impression the binary was compiled on the user's machine, but once I saw that it's distributed with serde I can see why people are upset.
I was under the impression the binary was compiled on the user's machine
That's how procedural macros used to and were intended to work.
The precompiled implementation is the only supported way to use the macros that are published in serde_derive
That statement is straight up gaslighting.
The precompiled binary is only provided for one platform, Linux. Windows does not use a precompiled binary but compiles its own from the source. How can he claim it's the "only supported way", when for most platforms he is doing it another way? Also, the crate, throughout most of its life, has been doing it another way.
So, the general unsuspecting public will still be executing this potentially-malicious binary, and only those in the know will be able to avoid it?
Only if that PR gets accepted, which is unlikely.