On Oct 9, 2009, at 9:11 AM, Jarkko Hietaniemi wrote:
I really don't think we should have Perl data structures in files
(that means Perl code, right?), because that indicates doing an eval,
and I don't want to eval any more random code off the 'net than
necessary.
I strongly agree that we should not be having perl code in the META
file for
security reasons. Although most people would use Safe to read it,
there would be
those that would not and could get caught out
But the spec should also not be biased to a particular format, IMO. So
describing
what goes into the META data in terms of perl data types seems
reasonable.
The spec should contain a separate section which describes how the
data is serialized
Graham.
