YAML (was: Python and Ruby)

[Steven D'Aprano]

On Thu, 04 Feb 2010 09:57:59 -0500, Lou Pecora wrote:

> Well, that looks a bit more complicated than I would like, but maybe
> it's doing more stuff than I can grok.  Here's what I needed and how I
> did it in Python:
[...]
> # Reading same list in:
> instr=fp.readline()
> inlist=eval(instr)
> x1,y1,astr1,z1= inlist
> 
> 
> That's what I needed.  3 lines to write or read a inhomogeneous
> collection of variables. 

Easy, but also quick and dirty -- good enough for small scripts, but not 
really good enough for production applications.


> I can add more variables, shuffle the order,
> whatever without messing with formatting, etc. 

This is nice and easy. But there are at least four catches:


* you can't safely treat the data file as human-editable
(although a sufficiently careful and Python-aware user could edit it)

* you can't use any data that isn't a built-in, or that contains 
something that is not a built-in

* there may be reliability issues with floats - you're at the mercy of 
changes to the underlying repr of float objects, and it almost certainly 
will blow up in your face if you get an inf or nan (at least prior to 
Python 2.6)

* you're using eval, which is a security risk if you can't trust the 
source of the data file.

However, be aware that neither marshal nor pickle guarantees to be safe 
against malicious data either. The docs for both warn against using them 
on untrusted data. YAML or JSON *might* be safer, I haven't looked.



> That's pretty easy for me
> and it's easy for anyone to see and understand what's being done.  Not
> trying to start an argument, just showing how the former messasge I was
> replying to made a good point about Python's way of doing things and the
> effort to shake off old habits from other languages.

These are all good points. 




-- 
Steven