PyYaml?

[Jeremy Bowers]

On Sat, 18 Sep 2004 05:33:14 +0000, Chris S. wrote:
> I disagree. Pickle's mini programming language allows for arbitrary file 
> deletion. There's nothing in the concept of serialization that requires 
> this ability.

Point. But it is also insecure because instantiating objects can cause
arbitrary code to execute. This is fundamental to any Pickle in Python.
Given that, one might as well shoot for speed, ease of implementation, and
concise representations (power of implementation) without worrying about
security.

In other words, I expect that the ability to delete files is an effect
(second-order) of the fundamental insecurity, and not a cause, in the
sense that removing that particular issue does not get you significantly
closer to security.