Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #92394
| Path | csiph.com!usenet.pasdenom.info!news.redatomik.org!newsfeed.xs4all.nl!newsfeed2a.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <python-python-list@m.gmane.org> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.002 |
| X-Spam-Evidence | '*H*': 1.00; '*S*': 0.00; 'classes,': 0.05; 'constructor': 0.07; 'versions.': 0.07; 'backwards': 0.09; 'eat': 0.09; 'executes': 0.09; 'objects.': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'storage.': 0.09; 'underlying': 0.09; '\xe2\x80\x94': 0.09; 'python': 0.11; 'compatible.': 0.16; 'executed.': 0.16; 'kern': 0.16; 'py3': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'subject:make': 0.16; 'unsafe': 0.16; 'wrote:': 0.16; 'module,': 0.18; 'language': 0.19; '>>>': 0.20; 'essential': 0.20; 'environments': 0.22; 'interpret': 0.22; 'problem:': 0.22; 'subject:request': 0.22; 'programming': 0.23; 'code,': 0.23; '2015': 0.23; 'third-party': 0.23; 'header:In-Reply-To:1': 0.24; 'header:User-Agent:1': 0.26; 'header:X-Complaints-To:1': 0.26; 'chris': 0.26; '(e.g.': 0.27; 'least': 0.27; 'object,': 0.27; 'fine': 0.29; 'subject:/': 0.29; 'pickle': 0.29; 'there.': 0.30; 'work.': 0.30; 'certainly': 0.31; 'code': 0.31; 'anyone': 0.32; 'language.': 0.32; 'class': 0.33; 'instances': 0.33; 'instead,': 0.33; 'languages': 0.34; 'this?': 0.34; 'file': 0.34; 'could': 0.35; 'to:addr:python-list': 0.35; 'attempt': 0.35; 'formats': 0.35; 'protocol': 0.35; 'robert': 0.35; 'something': 0.35; "isn't": 0.35; 'but': 0.36; 'being': 0.36; 'there': 0.36; '(and': 0.36; 'cases': 0.36; 'two': 0.37; 'should': 0.37; 'subject:: ': 0.37; 'delete': 0.37; 'tue,': 0.38; 'received:org': 0.38; 'someone': 0.38; 'files': 0.38; 'or,': 0.38; 'means': 0.39; 'pm,': 0.39; 'to:addr:python.org': 0.39; 'data': 0.40; 'some': 0.40; 'your': 0.60; 'safe': 0.63; 'complete': 0.63; 'different': 0.64; 'world': 0.64; 'our': 0.64; 'between': 0.65; 'else.': 0.66; 'believe': 0.67; 'stated': 0.70; 'becker': 0.84; 'construct': 0.84; 'eco': 0.84; 'presumably': 0.84; 'subject:read': 0.84; 'subject:write': 0.84; 'terrible': 0.84; 'who,': 0.84 |
| X-Injected-Via-Gmane | http://gmane.org/ |
| To | python-list@python.org |
| From | Robert Kern <robert.kern@gmail.com> |
| Subject | Re: enhancement request: make py3 read/write py2 pickle format |
| Date | Wed, 10 Jun 2015 12:22:47 +0100 |
| References | <ml7a2p$hp$1@ger.gmane.org> <CAMw+j7K7JmRPo3PnzTE2rZEstdZRF085+VA=v1ieMMHk2Gp6mQ@mail.gmail.com> <ml95k2$8ka$1@ger.gmane.org> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8; format=flowed |
| Content-Transfer-Encoding | 8bit |
| X-Gmane-NNTP-Posting-Host | uk.enthought.com |
| User-Agent | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 |
| In-Reply-To | <ml95k2$8ka$1@ger.gmane.org> |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.20+ |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.337.1433935377.13271.python-list@python.org> (permalink) |
| Lines | 49 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1433935377 news.xs4all.nl 2859 [2001:888:2000:d::a6]:57233 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:92394 |
Show key headers only | View raw
On 2015-06-10 12:04, Neal Becker wrote: > Chris Warrick wrote: > >> On Tue, Jun 9, 2015 at 8:08 PM, Neal Becker <ndbecker2@gmail.com> wrote: >>> One of the most annoying problems with py2/3 interoperability is that the >>> pickle formats are not compatible. There must be many who, like myself, >>> often use pickle format for data storage. >>> >>> It certainly would be a big help if py3 could read/write py2 pickle >>> format. You know, backward compatibility? >> >> Don’t use pickle. It’s unsafe — it executes arbitrary code, which >> means someone can give you a pickle file that will delete all your >> files or eat your cat. >> >> Instead, use a safe format that has no ability to execute code, like >> JSON. It will also work with other programming languages and >> environments if you ever need to talk to anyone else. >> >> But, FYI: there is backwards compatibility if you ask for it, in the >> form of protocol versions. That’s all you should know — again, don’t >> use pickle. > > I believe a good native serialization system is essential for any modern > programming language. If pickle isn't it, we need something else that can > serialize all language objects. Or, are you saying, it's impossible to do > this safely? By the very nature of the stated problem: serializing all language objects. Being able to construct any object, including instances of arbitrary classes, means that arbitrary code can be executed. All I have to do is make a pickle file for an object that claims that its constructor is shutil.rmtree(). This is fine in some use cases (e.g. wire format for otherwise-secured communication between two endpoints under your complete control), but it is worrying in others, like your use case of data storage (and presumably sharing). Python 2/3 is also the least of your compatibility worries there. Refactor a class to a different module, or did one of your third-party dependencies do this? Poof! Your pickle files no longer work. -- Robert Kern "I have come to believe that the whole world is an enigma, a harmless enigma that is made terrible by our own mad attempt to interpret it as though it had an underlying truth." -- Umberto Eco
Back to comp.lang.python | Previous | Next — Next in thread | Find similar | Unroll thread
Re: enhancement request: make py3 read/write py2 pickle format Robert Kern <robert.kern@gmail.com> - 2015-06-10 12:22 +0100
Re: enhancement request: make py3 read/write py2 pickle format Marko Rauhamaa <marko@pacujo.net> - 2015-06-10 15:08 +0300
Re: enhancement request: make py3 read/write py2 pickle format random832@fastmail.us - 2015-06-10 09:38 -0400
Re: enhancement request: make py3 read/write py2 pickle format Robert Kern <robert.kern@gmail.com> - 2015-06-10 14:52 +0100
Re: enhancement request: make py3 read/write py2 pickle format Gregory Ewing <greg.ewing@canterbury.ac.nz> - 2015-06-11 11:30 +1200
Re: enhancement request: make py3 read/write py2 pickle format random832@fastmail.us - 2015-06-10 20:47 -0400
csiph-web