On Thu, Feb 9, 2017 at 7:43 PM, dieter <die...@handshake.de> wrote: > "pickle", too, has a potential security risk -- if you allow > unpickling from untrusted source. Usually, however, configuration > comes from trusted sources.
Pickle's other downside is that it's an opaque binary file, unlike ConfigParser, JSON, and Python code, which are human-readable text. Letting the end user edit your configs is often a feature, not a bug. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
