What follows is a brief summary of offline discussions with Guido and Leonardo (I hope represented correctly, please complain if not):<br><br>Guido pointed out that previous versions of marshal could crash python.<br><br>I replied that that is a bug and all known instances have been fixed.&nbsp; Pickle executes arbitrary code by design -- which is much worse than just crashing a program.<br>
<br>Leonardo mentioned that pickle security concerns could be addressed using crypto tricks.<br><br>I replied that I would be comfortable unmarshalling a file from a known hostile party -- no crypto verification required, because the worst that could happen is that it would crash the interpreter.&nbsp; With pickle I&#39;d be handing my keyboard to a villian.<br>
<br>In summary: I think marshal.loads(s) is just as safe as unicode(s) or file.read().&nbsp; pickle.loads(s) is morally equivalant to __import__(s) or eval(s).<br>I think the security warning for marshal and the implied recommendation that pickle is okay for RPC should be removed.<br>
<br>&nbsp; alright already, &#39;nuff said. whatever.&nbsp; -- Aaron Watters<br><br>