[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: zodbpickle/0.6.0-1 [ITP]

On Mon, 2018-04-23 at 22:17 +0200, Julien Muchembled wrote:

> I suggest to update embedded-code-copies because this package forks
> the 'pickle' modules of Python 2.7.6 and 3.3.2

> python2.7
>         - zodbpickle <unknown> (embed)
>         NOTE: embeds stdlib modules: pickle, cpickle
> I am surprised to see no entry for any version of Python 3.
> Maybe start one with python3.6

Added both.

> However, given the warning at the top of https://docs.python.org/3/library/pickle.html
> I am not sure it's useful to bother about the security of this code.
> And unfortunately, the many changes in Python are not merged into zodbpickle.

I'd suggest that you work with ZODB upstream to remove zodbpickle from
their dependencies/codebase. It is technical debt, problematic for
security and there are likely faster ways to serialise data in Python.



Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: