Rust

5778 readers

49 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 1 year ago

MODERATORS

snowe@programming.dev

Ategon@programming.dev

EdTheLegendary@programming.dev

kahnclusions@programming.dev

torcherist@programming.dev

Rust devs push back as Serde project ships precompiled binaries (www.bleepingcomputer.com)

submitted 1 year ago by ruffsl@programming.dev to c/rust@programming.dev

13 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] sapient_cogbag@infosec.pub 5 points 1 year ago* (last edited 1 year ago) (2 children)

I've been pinning my projects with the code in https://github.com/rust-lang/miri/pull/3032

In particular, the important part is:

# Pin a version of serde without intransparent unreproducible binary blobs.
serde = { version = "1.0, &lt;1.0.172", features = ["derive"] }

Which both avoids the conflicts an =version pin would produce and ensures all your dependencies with ranged serde versions will use a version without the binary if possible ^.^

[–] sapient_cogbag@infosec.pub 3 points 1 year ago* (last edited 1 year ago) (1 children)

"<" should be a less-than sign, but it gets delimited into HTML magic character codes for some reason but only inside a code block? >.<

[–] Anders429@lemmy.world 3 points 1 year ago

Yeah, I've noticed this happening elsewhere on Lemmy instances, too.

[–] floofloof@lemmy.ca 3 points 1 year ago* (last edited 1 year ago) (1 children)

The developer has agreed to remove the precomputed binary in v1.0.184:

https://github.com/serde-rs/serde/releases/tag/v1.0.184

[–] sapient_cogbag@infosec.pub 2 points 1 year ago

Awesome!

Gotta figure a way to avoid the specific versions but I'm glad they relented ^.^