I'm working on a draft spec[1] for a new privilege separation mechanism (oslo.privsep) and one of the reviewers mentioned oslo.serialization. Yay.
My question is: From a quick glance over the current objects, it looks fine atm - but is the intention that this library remain suitable for security-sensitive purposes? I guess I'm mostly concerned about things like PyYaml's "!!python/object" feature or pickle's ability to serialise arbitrary objects - super useful in normal use, just not in a security context. - Gus [1] https://review.openstack.org/#/c/204073
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev