
Guido van Rossum wrote:
BTW the warning for marshal is legit -- the C code that unpacks marshal data has not been carefully analyzed against buffer overflows and so on.
I thought the main issue with marshal is that it's happy to create code objects, which pickle doesn't do -- ostensibly for security reasons. But if pickle is inherently insecure anyway, does the exclusion of code objects really make much difference? BTW, I only consider pickle suitable for quick and dirty uses anyway, because it ties the external representation very closely to internal details of your program, which can make it difficult to evolve the program without invalidating previously written files. For long-term use, it's better to invest time in a properly-thought-out external format for the task, designed with extensibility in mind. -- Greg