[Python-ideas] Adding a safe alternative to pickle in the standard library
Andrew Barnert
abarnert at yahoo.com
Thu Feb 21 18:35:14 CET 2013
On Feb 21, 2013, at 9:24, Antoine Pitrou <solipsis at pitrou.net> wrote:
> Le Thu, 21 Feb 2013 17:22:47 +0000,
> Mark Hackett <mark.hackett at metoffice.gov.uk> a
> écrit :
>
>> On Thursday 21 Feb 2013, Devin Jeanpierre wrote:
>>> On Thu, Feb 21, 2013 at 10:50 AM, Dustin J. Mitchell
>>> <dustin at v.igoro.us>
>> wrote:
>>>> When you put something in the stdlib and call it "safe", even with
>>>> caveats, people will make even more brazen mistakes than with a
>>>> documented-unsafe tool like pickle.
>>>
>>> Then how do we improve on the status quo? The best situation can't
>>> possibly be one in which the standard serialization tool allows for
>>> code injection exploits out of the box, by default, and where there
>>> is no reasonable alternative in the stdlib without such problems.
>>
>> By writing your application for its needs, not the needs of 10000
>> programs yet to be written and making the wrong assumption and
>> putting it in a stdlib.
>>
>> If every problem could be solved with a stdlib call, there'd only
>> have to be one programmer in the world...
>
> You're forgetting the millions of stdlib programmers :-)
This is one of those "any sufficiently powerful language becomes lisp" things, isn't it. :)
> Regards
>
> Antoine.
>
>
>
>
>
> _______________________________________________
> Python-ideas mailing list
> Python-ideas at python.org
> http://mail.python.org/mailman/listinfo/python-ideas
More information about the Python-ideas
mailing list