Remove serde?

[burdges]

Is serde too dangerous for key format stability? Should we remove the serde feature?

It's likely fine if someone uses bincode, etc. but if someone use something with unicode or utf-8 then maybe they'd output ligatures or something similarly messed up

Any thoughts @ordian or @becominginsane ?

Related:

• https://github.com/paritytech/substrate/issues/9072
• https://github.com/w3f/schnorrkel/commits/master/src/serdey.rs

[burdges]

https://github.com/dalek-cryptography/ed25519-dalek/pull/291/files

[ghost]

To be honest, I don't see a problem with the current implementation, or how UTF8 etc would impact this, but I suppose this comes into play when using a format that doesn't support raw bytes as "raw bytes" and instead tries to do something fancy with it?

I see in the PR that serdect was suggested, probably worth moving to that instead, so human readable always has hex, and non-human readable always has binary, so that should solve the issue

[burdges]

https://www.bleepingcomputer.com/news/security/rust-devs-push-back-as-serde-project-ships-precompiled-binaries/

https://twitter.com/eddyb_r/status/1693198713286541429 https://twitter.com/eddyb_r/status/1693215683449069981

[ghost]

The prebuilt binary has been removed since 1.0.184 but yeah, I didn't like it either