So, serde seems to be downloading and running a binary on the system without informing the user and without any user consent. Does anyone have any background information on why this is, and how this is supposed to be a good idea?
dtolnay seems like a smart guy, so I assume there is a reason for this, but it doesn’t feel ok at all.
No,
serde_derive
contains the binary and if you are on linux it will try to run it without asking the user. In fact there’s no way to make it so it won’t run.