marshal vs pickle

Aaron Watters aaron.watters at gmail.com
Fri Nov 2 20:36:49 CET 2007


On Nov 1, 10:12 am, Aaron Watters <aaron.watt... at gmail.com> wrote:
> On Oct 31, 6:10 pm, Raymond Hettinger <pyt... at rcn.com> wrote:
>
> Alright already.  Here is the patched file you want
>
> http://nucular.sourceforge.net/kisstree_pickle.py

This file has been removed.  After consideration,
I don't want to create the moral hazard that someone
might distribute automatically executed
malicious code pickled inside a nucular index.
If you grabbed it, please destroy it.
I'm going back to using marshal.  I'd like to thank
Raymond and others for motivating me to think this over.
The possibilities for abuse are astounding.

Honestly, if you download any package containing a
pickle: delete it.

   -- Aaron Watters

===
How many mice does it take to screw in a light bulb?
2.




More information about the Python-list mailing list