Message 400716 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Antony.Lee
Recipients	Antony.Lee, pitrou, serhiy.storchaka
Date	2021-08-31.12:01:27
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1630411287.56.0.541477139861.issue27175@roundup.psfhosted.org>
In-reply-to

Content
Despite the now well-known security limitations of pickle, it is still used as a simple way (from the user PoV) to exchange arbitrary Python objects (see e.g. https://joblib.readthedocs.io/en/latest/persistence.html). Such objects can sometimes include Paths as attributes, and it seems unfortunate that the presence of a Path makes the entire object (which may include many more things than just the Path) impossible to unpickle on a different OS (especially if unpickling into a PurePath keeps all the functionality that makes sense on that other OS).

Despite the now well-known security limitations of pickle, it is still used as a simple way (from the user PoV) to exchange arbitrary Python objects (see e.g. https://joblib.readthedocs.io/en/latest/persistence.html).  Such objects can sometimes include Paths as attributes, and it seems unfortunate that the presence of a Path makes the entire object (which may include many more things than just the Path) impossible to unpickle on a different OS (especially if unpickling into a PurePath keeps all the functionality that makes sense on that other OS).

History
Date	User	Action	Args
2021-08-31 12:01:27	Antony.Lee	set	recipients: + Antony.Lee, pitrou, serhiy.storchaka
2021-08-31 12:01:27	Antony.Lee	set	messageid: <1630411287.56.0.541477139861.issue27175@roundup.psfhosted.org>
2021-08-31 12:01:27	Antony.Lee	link	issue27175 messages
2021-08-31 12:01:27	Antony.Lee	create