this post was submitted on 09 Apr 2024
49 points (98.0% liked)

Rust

5999 readers
23 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] sugar_in_your_tea@sh.itjust.works 3 points 7 months ago* (last edited 7 months ago)

That's not going to be particularly feasible when generating bindings and other complex build processes. For example, the Qt bindings run shell commands as part of the build.rs. As does gettext-rs.

So I don't think it's unreasonable to think a developer could sneak in an exploit with "temporary code" to improve some part of the build process on Windows.