Angus, yes, oslo.serialization should "remain suitable for security-sensitive purposes". i don't believe we use either of the features today and no intention to add it the future.
-- dims On Thu, Jul 23, 2015 at 12:56 AM, Angus Lees <g...@inodes.org> wrote: > I'm working on a draft spec[1] for a new privilege separation mechanism > (oslo.privsep) and one of the reviewers mentioned oslo.serialization. Yay. > > My question is: From a quick glance over the current objects, it looks fine > atm - but is the intention that this library remain suitable for > security-sensitive purposes? > > I guess I'm mostly concerned about things like PyYaml's "!!python/object" > feature or pickle's ability to serialise arbitrary objects - super useful in > normal use, just not in a security context. > > - Gus > > [1] https://review.openstack.org/#/c/204073 > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Davanum Srinivas :: https://twitter.com/dims __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev