So, serde seems to be downloading and running a binary on the system without informing the user and without any user consent.
Does anyone have any background information on why this is, and how this is supposed to be a good idea?
dtolnay seems like a smart guy, so I assume there is a reason for this, but it doesn't feel ok at all.
I saw some other crate doing something similar but using wasm, the idea is to sandbox the binary used as a proc macro. So that seems a bit better. Can't see to find it any more.