Serde, a popular Rust (de)serialization project, has decided to ship its serde_derive macro as a precompiled binary. This has generated a fair amount of concern among some developers who highlight the future legal and technical issues this may pose, along with a potential for supply chain attacks.
That’s a great answer - thanks. I agree that communication is the first thing to try. Realistically a fork would just result in multiple versions of the same thing kicking around, including the binary that worries people.
Edit: Seems like diplomacy worked. The developer is removing the precompiled binary:
https://github.com/serde-rs/serde/releases/tag/v1.0.184