YAML (was: Python and Ruby)

[Lou Pecora]

In article <00f4bb3a$0$15566$c3e8da3 at news.astraweb.com>,
 Steven D'Aprano <steve at REMOVE-THIS-cybersource.com.au> wrote:

> On Thu, 04 Feb 2010 09:57:59 -0500, Lou Pecora wrote:
> 
> > Well, that looks a bit more complicated than I would like, but maybe
> > it's doing more stuff than I can grok.  Here's what I needed and how I
> > did it in Python:
> [...]
> > # Reading same list in:
> > instr=fp.readline()
> > inlist=eval(instr)
> > x1,y1,astr1,z1= inlist
> > 
> > 
> > That's what I needed.  3 lines to write or read a inhomogeneous
> > collection of variables. 
> 
> Easy, but also quick and dirty -- good enough for small scripts, but not 
> really good enough for production applications.
> 
> 
> > I can add more variables, shuffle the order,
> > whatever without messing with formatting, etc. 
> 
> This is nice and easy. But there are at least four catches:
> 
> 
> * you can't safely treat the data file as human-editable
> (although a sufficiently careful and Python-aware user could edit it)
> 
> * you can't use any data that isn't a built-in, or that contains 
> something that is not a built-in
> 
> * there may be reliability issues with floats - you're at the mercy of 
> changes to the underlying repr of float objects, and it almost certainly 
> will blow up in your face if you get an inf or nan (at least prior to 
> Python 2.6)
> 
> * you're using eval, which is a security risk if you can't trust the 
> source of the data file.
> 
> However, be aware that neither marshal nor pickle guarantees to be safe 
> against malicious data either. The docs for both warn against using them 
> on untrusted data. YAML or JSON *might* be safer, I haven't looked.

I understand where you are coming from: Production Code.  I was just 
making a point about Python and my code is only used by me.  I can edit 
the file for the simple I/O I do.  I am not recommending this way for 
everyone. Just an example.

-- 
-- Lou Pecora