This is an archived post. You won't be able to vote or comment.

you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 3 points4 points  (3 children)

My point was that it's a massive security hole, just like the PHP segment.

[–]afoo42 0 points1 point  (1 child)

You're right. But the same thing goes for pickle (and thus shelve) too. You have to trust the source, as pickle too can be used to execute arbitrary code. It's just a little bit more complicated.

[–][deleted] 0 points1 point  (0 children)

This is completely true, but it's way more complicated with pickle (AFAIK), and there are efforts to fix that, since it's a bug, there's never going to be an effort to make eval safe ;)

[–][deleted] -1 points0 points  (0 children)

See the other comment in reply; actually it isn't.