>> That seems like a lot of hoops to jump through considering that rust allows arbitrary code execution during compile time anyway.
If you mean build.rs build scripts, yes, those do run, but it is not arbitrary code. You can view and inspect them before building. If you need more security, you can download all the dependencies and build inside an isolated container.
thesuperbigfrog|1 year ago
If you mean build.rs build scripts, yes, those do run, but it is not arbitrary code. You can view and inspect them before building. If you need more security, you can download all the dependencies and build inside an isolated container.
icholy|1 year ago
uhh ya it is. There's also https://github.com/eleijonmarck/do-not-compile-this-code