> > 1) Is notsoserial a "great solution" or a "useful solution" in mitigating > the problem of promiscuous deserialization? >
Useful? Certainly 2) Is it a "better" solution than IO-487? > Not sure - but does that really matter? It has a broader scope. 3) Is it in the interest of Commons and the community at large to accept a > donation of this code and include it under its umbrella? > I bet we would be fine to accept it. While this community is great, it does not mean you couldn't also build a micro community around it on github. I think it really depends if you are willing to take the extra step towards the ASF. cheers, Torsten