On Sat, Apr 11, 2009 at 2:55 AM, Chris McCormick <[email protected]> wrote: > Hi, > > On Fri, Apr 10, 2009 at 04:44:30PM -0700, Patrick Mullen wrote: >> Python2.6 comes with json. Other than that, it is a small thing to include. >> >> The library seems to be built around json, so removing it as a >> dependency doesn't make much sense. > > Actually I don't think it would be a huge job to change the serialisation > method to something else, optionally. I'll have a look it and see. My only > concern is about security - I chose JSON serialisation over something like > pickling because there's no way a client can inject malicious code using JSON. > I wonder if there's some other safe, built-in, pythonic way of serialising > data > structures that I don't know about?
True. You could probably make the serialization abstract and allow other methods, by plugging in a different Serializer class of some sort. Other than json, yaml, xml, etc I don't know any other good serialization for python, and everything I can think of is a dependency. Maybe for easy testing it could work with repr/eval, but prefers json if it is there. (Repr/eval can serialize the same dictionaries that json can, and I think it's a bit faster too, its just a bit more dangerous)
