10.05.2016, 11:54, Paul Moore kirjoitti:
On 10 May 2016 at 08:38, Alex Grönholm <alex.gronh...@nextday.fi> wrote:
A few facts:
YAML is good enough for Salt, Ansible and numerous other common tools
The YAML standard has been stable for many years, unlike TOML which still
hasn't even reached 1.0
YAML has widespread tooling support, unlike TOML
We all agree that JSON is not the solution. No comments, trailing commas
etc.
TOML isn't much better than ConfigParser in terms of representing nested
structures.
Just as another data point, Cookiecutter started off using pyYAML,
moved to ruamel.yaml, and ended up with their own (separated out into
an independent project, but written specifically for Cookicutter)
implementation of "some of" YAML, called poyo. I believe the reason
they did this was repeated issues with the existing YAML libraries.
And while the YAML-subset provided by poyo *looks* reasonable, I don't
see any documentation of precisely *what* subset of YAML is
implemented (apart from some examples). The poyo library is also very
new, and I doubt it's seen much usage/testing outside of cookiecutter
so far.
I would love to use YAML. I really would. But for pip, we need a
robust, easy to vendor Python implementation (with no C dependency)
that is safe (see
http://community.embarcadero.com/blogs/entry/yaml-and-remote-code-execution-38738).
Writing our own is simply a way to end up with additional maintenance
work, that we really don't have the resources for.
So far the ONLY objective problems with YAML seems to be the problematic
implementation named PyYAML. If this is really the case, I'd gladly help
build a better one just to prevent TOML from being chosen for this task.
If you can get a robust, stable YAML library written fast enough to be
an option for the PEP, then that would certainly be a possibility. But
given that poyo has been under development for 5 months, are you going
to be able to do better than that in a few weeks? (And see my comments
above on poyo).
Probably not all on my own, but if I get collaborators, then why not.
The most important thing would be to have support for this so I know I'm
not wasting my time.
If PyYAML's test suite can be reused, that too would help a lot. Any new
implementation would have
to make sure they catch all the difficult corner cases.
That we're even considering building something as important as this on an
unstable standard is pretty horrifying to me in itself.
Well, IMO, the state of things in terms of config file formats (and
not just in Python) is itself pretty dreadful - every time I write an
application, I am astounded that there are no good options for
something as basic as a configuration file format.
Paul
I've used PyYAML in safe mode with no problems, but the API
is...awkward, to say the least.
I'm not wondering why Donald is -1 on vendoring it to packaging tools.
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
