|
|
|
|
|
|
by stubish
1189 days ago
|
|
|
'avoid the crates that do it' requires careful vetting of all code in the crates you use and all the crate's dependencies, now and in all future versions of your crate and crate's dependencies. Which in reality turns out to be impractical for most projects in most work environments. And even if practical, turns out that many ways of vetting the code will expand the macros and do arbitrary code execution. |
|
|
I just explained it would be useful to have a cargo sub-command for automating this