Replacing shelve in the next 3.x release.
I suggest that we either replace the internals of shelve, or deprecate it, or remove it in favour of other dbm's like http://packages.python.org/sqlite3dbm/dbm.html. Many people feel that shelve is a pointless module that should not be used because it relies too much on pickle an insecure format, in my own searches Google showed only 13 projects using shelve and Github showed only 3000 odd snippets containing shelve.open so its time this module either died quietly or got the internals replaced. For a major start shelve doesn't support integer keys where as the suggestion put earlier clearly does. I'm sure there is other stuff I'm missing which is why I'm posting here first.
On Mon, 7 May 2012 19:43:17 +0100 Jakob Bowyer <jkbbwr@gmail.com> wrote:
pickle is only insecure if you want to accept data from untrusted sources. shelve would obviously be very bad for an exchange format, but I don't think that's what it's used for. Someone should post a proper comparison of shelve with its alternatives (including functionality and performance) before a decision is made. Regards Antoine.
On Mon, May 7, 2012 at 9:50 PM, Antoine Pitrou <solipsis@pitrou.net> wrote:
I used shelve for a long time on multiple projects as it's really easy to use but I had to deal with random data corruption on abrupt process termination. That was my motivator to implement an sqlite backend for shelve though I guess I wasn't motivated strongly enough to follow through. Yuval
On Mon, 7 May 2012 19:43:17 +0100 Jakob Bowyer <jkbbwr@gmail.com> wrote:
pickle is only insecure if you want to accept data from untrusted sources. shelve would obviously be very bad for an exchange format, but I don't think that's what it's used for. Someone should post a proper comparison of shelve with its alternatives (including functionality and performance) before a decision is made. Regards Antoine.
On Mon, May 7, 2012 at 9:50 PM, Antoine Pitrou <solipsis@pitrou.net> wrote:
I used shelve for a long time on multiple projects as it's really easy to use but I had to deal with random data corruption on abrupt process termination. That was my motivator to implement an sqlite backend for shelve though I guess I wasn't motivated strongly enough to follow through. Yuval
participants (3)
-
Antoine Pitrou -
Jakob Bowyer -
Yuval Greenfield