Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
oblio
on Nov 9, 2023
|
parent
|
context
|
favorite
| on:
SciPy builds for Python 3.12 on Windows are a mino...
Wait a second, I need to understand this better.
If you cargo build, can that run a dependencies' build including trying to compile C and stuff?
oefrha
on Nov 9, 2023
|
next
[–]
Yes, see
https://doc.rust-lang.org/cargo/reference/build-scripts.html
.
bogeholm
on Nov 9, 2023
|
prev
[–]
I believe build.rs can do pretty much anything:
https://doc.rust-lang.org/cargo/reference/build-scripts.html
oblio
on Nov 10, 2023
|
parent
[–]
That's both scary and sad :-(
winstonewert
on Nov 11, 2023
|
root
|
parent
[–]
Why? If you are using a crate, its code will be running in your application. Its not really any more of a concern if it can run code while building.
oblio
on Nov 13, 2023
|
root
|
parent
[–]
Yeah, but with binary packages you can add another lay of defense in depth, signed packages, signature checking, etc. It's not just about the original authors themselves, it can also be about attacks on the public repositories, for example.
Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
If you cargo build, can that run a dependencies' build including trying to compile C and stuff?