Serde: Controversy Surrounds the Release of Precompiled Binaries

The article discusses the recent controversy surrounding the popular Rust (de)serialization project, Serde, as it ships its serde_derive macro as a precompiled binary. This decision has sparked concerns among developers regarding legal and technical implications, as well as the potential for supply chain attacks if the maintainer's account is compromised. Serde has been downloaded over 196 million times, while the serde_derive macro has reached over 171 million downloads, indicating its widespread usage. The article highlights the concerns raised by developers, including the inability to opt-out of using precompiled binaries. It also mentions the response from the Serde project maintainers, who argue that the move improves performance and reduces the burden on users. Overall, the controversy surrounding Serde's decision to ship precompiled binaries reflects the ongoing discussions within the programming community regarding security, trust, and the trade-offs between convenience and control.