[ https://issues.apache.org/jira/browse/PIRK-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15565699#comment-15565699 ]
ASF GitHub Bot commented on PIRK-45: ------------------------------------ Github user tellison commented on a diff in the pull request: https://github.com/apache/incubator-pirk/pull/107#discussion_r82813654 --- Diff: src/main/java/org/apache/pirk/query/wideskies/Query.java --- @@ -26,41 +26,51 @@ import java.util.concurrent.ConcurrentHashMap; import java.util.function.Consumer; +import com.google.gson.annotations.Expose; import org.apache.pirk.encryption.ModPowAbstraction; import org.apache.pirk.serialization.Storable; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** * Class to hold the PIR query vectors - * */ + public class Query implements Serializable, Storable --- End diff -- I assume we can also drop ```implements Serializable``` now too, right? This instance, and friends elsewhere. > Remove dependency on Java serialization > --------------------------------------- > > Key: PIRK-45 > URL: https://issues.apache.org/jira/browse/PIRK-45 > Project: PIRK > Issue Type: Improvement > Reporter: Tim Ellison > Assignee: Walter Ray-Dulany > > Pirk should not depend upon Java serialization as a persistent object format. > Maintaining support for a variety of versions of Java serialized form can be > difficult, this includes both the querier and responder sides of a PIR. > Alternative formats such as XML and JSON are more forgiving/extensible. > Furthermore, and despite Pirk's trust between querier and responder, there > are potential implications for loading the binary representation of Java's > serialized instances as a vector for security vulnerabilities. -- This message was sent by Atlassian JIRA (v6.3.4#6332)