[Python-ideas] Adding a safe alternative to pickle in the standard library
Dustin J. Mitchell
dustin at v.igoro.us
Thu Feb 21 16:50:33 CET 2013
This conversation worries me. The security community has shown that safety
isn't something you can add to a powerful tool. With great power comes
great expressivity, and correspondingly more difficulty reasoning about
it. Not to mention reasoning about yhe implementation. JSON is probably
secure against code-execution exploits, but only probably.
When you put something in the stdlib and call it "safe", even with caveats,
people will make even more brazen mistakes than with a documented-unsafe
tool like pickle.
Dustin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20130221/4687db5b/attachment.html>
More information about the Python-ideas
mailing list