On Mon, 17 Jan 2000, Fred L. Drake, Jr. wrote:
Greg Ward writes: ...
What I'm a little leery about is using Python code as a data format. It's attractive because we all know the syntax and don't have to write a parser. But using a general-purpose language for *such* a specific, tightly-targeted task seems ... I dunno ... overkill-ish. And I wonder if there are security holes lurking in the concept of using code for system catalog data.
Does anyone else share my reservations (which are vague, ill-defined,
Yes. This stuff should not require any exec or eval. It might be reasonable to use something like the .ini format; this can be handled using ConfigParser. This way we still don't need to write a parser.
I second Fred here... use a format compatible with ConfigParser. Simple, clean, and easily handled. DBM or central databases are probably a bit bogus. What's the speed for? If you want to *locate* the _pkginfo files, then just append a pathname to a central file. Let the tool go and see if it is still there. Or the tool can be invoked with "do a filetree walk -- the log file may be out of sync." KISS :-) Cheers, -g -- Greg Stein, http://www.lyra.org/