YAML (was: Python and Ruby)
pecora at anvil.nrl.navy.mil
Fri Feb 5 15:22:03 CET 2010
In article <00f4bb3a$0$15566$c3e8da3 at news.astraweb.com>,
Steven D'Aprano <steve at REMOVE-THIS-cybersource.com.au> wrote:
> On Thu, 04 Feb 2010 09:57:59 -0500, Lou Pecora wrote:
> > Well, that looks a bit more complicated than I would like, but maybe
> > it's doing more stuff than I can grok. Here's what I needed and how I
> > did it in Python:
> > # Reading same list in:
> > instr=fp.readline()
> > inlist=eval(instr)
> > x1,y1,astr1,z1= inlist
> > That's what I needed. 3 lines to write or read a inhomogeneous
> > collection of variables.
> Easy, but also quick and dirty -- good enough for small scripts, but not
> really good enough for production applications.
> > I can add more variables, shuffle the order,
> > whatever without messing with formatting, etc.
> This is nice and easy. But there are at least four catches:
> * you can't safely treat the data file as human-editable
> (although a sufficiently careful and Python-aware user could edit it)
> * you can't use any data that isn't a built-in, or that contains
> something that is not a built-in
> * there may be reliability issues with floats - you're at the mercy of
> changes to the underlying repr of float objects, and it almost certainly
> will blow up in your face if you get an inf or nan (at least prior to
> Python 2.6)
> * you're using eval, which is a security risk if you can't trust the
> source of the data file.
> However, be aware that neither marshal nor pickle guarantees to be safe
> against malicious data either. The docs for both warn against using them
> on untrusted data. YAML or JSON *might* be safer, I haven't looked.
I understand where you are coming from: Production Code. I was just
making a point about Python and my code is only used by me. I can edit
the file for the simple I/O I do. I am not recommending this way for
everyone. Just an example.
-- Lou Pecora
More information about the Python-list