Angus,
yes, oslo.serialization should remain suitable for security-sensitive
purposes. i don't believe we use either of the features today and no
intention to add it the future.
-- dims
On Thu, Jul 23, 2015 at 12:56 AM, Angus Lees g...@inodes.org wrote:
I'm working on a draft spec[1] for a new privilege separation mechanism
(oslo.privsep) and one of the reviewers mentioned oslo.serialization. Yay.
My question is: From a quick glance over the current objects, it looks fine
atm - but is the intention that this library remain suitable for
security-sensitive purposes?
I guess I'm mostly concerned about things like PyYaml's !!python/object
feature or pickle's ability to serialise arbitrary objects - super useful in
normal use, just not in a security context.
- Gus
[1] https://review.openstack.org/#/c/204073
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
--
Davanum Srinivas :: https://twitter.com/dims
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
