why use special config formats?

Sybren Stuvel sybrenUSE at YOURthirdtower.com.imagination
Fri Mar 10 16:14:49 EST 2006 

tomerfiliba at gmail.com enlightened us with:
> i dont know about your experience with config files, but there
> thousands of formats.

All the config files I needed were either very easy to learn, or well
documented in comments.

> on the python side -- just in this conversation, we mentioned
> ConfigObj, ConfigParser and the Config module i linked to.  when
> everybody writes his own config, you get loads of unique formats.

Hence the Python modules.

> anyway, for all the cry-babies here that can't edit pickle files.
> okay -- just load() them, change what you want, and dump() them.
> don't cry.

You really need to get real here. Configuration files are for *users*,
not programmers. You can't expect a user to learn about Python in
general and about pickle in specific.

> and if you insist, i'm sure there's a python serializer to
> XML/SOAP/whatever other readble format.

Which then gives you another configuration format to learn...

> and for security issues -- usually config files are edited by
> admins, so that's not a problem.

You go explain that to someone who just wants to edit his mail
client's config file.

> and per-user config files (at $HOME), can easily be achieved with
> execfile().

Which is then totally insecure. An exploit can easily be made then -
just inject a rootkit downloading & starting script into someone's
email client configuration file and boom, computer is hacked.

> the point is NOT TO WRITE A PARSER for every config file.

Hence standard config file formats and parser modules.

> * usually admins change the configuration, and they have too much
> power anyway

Admins have too much power? Go get an education.

> * if you worry about security/too much power, pickle your config

Sure, and where would you keep your comments explaining the
configuration fields?

> but inventing proprietary formats with unique syntaxes, and having
> to write and debug parsers for them -- that's stupid.

Which is why there are standard modules for them.

Sybren
-- 
The problem with the world is stupidity. Not saying there should be a
capital punishment for stupidity, but why don't we just take the
safety labels off of everything and let the problem solve itself? 
                                             Frank Zappa

More information about the Python-list mailing list