[littlestymaar]

> In fact, run time dependencies will often have _higher_ levels of privilege (e.g. access to production data sets). If you can't trust the dependency at build time, you sure as hell shouldn't trust it at run time.

The threat model with build-time exploitation and run-time exploitation is different, but in the general case, I'd rate build-time higher than run-time, because at build time you have access to the entire developer machine, including the ability to have run-time impacts on every projets the dev has access to (including ones that are more critical than the first one to be corrupted) or allows to impersonate the developer themselves in social engineering attacks against the company's management for instance.

[estebank]

`cargo test` and `cargo run` are just as scary as proc-macros and build.rs files. The only difference is that these two last ones can be executed automatically by rust-analyzer when opening a project, but that should be something to be tackled by the UI (VSCode should ask on first load "these are the set of proc-macros/build files that will be executed, do you want to proceed?").