>> > The two points are still the same, Stef. The lesser important point was the > absence of a cross platform parser for that format. Here I understand Dale. > He spawns of project after project that depend on each other. I think he is > not willing to yet postpone this project only to create such a parser when > there is a usable alternativ. Others might create it and convince him > afterwards which isn't very difficult if I take my experience until now. That > would be the easier part. > The harder part is security. The security standpoints always divide between > white lists and black lists. Meaning a white list forbids everything and > allows things on a white list. Or vice versa you allow everything and put > things you don't like on a black list. Having a Smalltalk format means I have > two options: "Read and parse it" or "Read and evaluate it". As far as I > understand Dale he sees a big problem if people just evaluate configurations > which contain bogus code. It is just so easy to introduce code that borkes > your system. > While I really can understand the security concerns I personally think that > having two options is better. The standard tools should just take parse route.
I will develop a literal parser and this is solved. No security hole no JSON. Easy.
