this post was submitted on 10 Feb 2026
26 points (88.2% liked)

Python

7790 readers
22 users here now

Welcome to the Python community on the programming.dev Lemmy instance!

๐Ÿ“… Events

PastNovember 2023

October 2023

July 2023

August 2023

September 2023

๐Ÿ Python project:
๐Ÿ’“ Python Community:
โœจ Python Ecosystem:
๐ŸŒŒ Fediverse
Communities
Projects
Feeds

founded 2 years ago
MODERATORS
jnovinger@programming.dev
erlingur@programming.dev
norambna@programming.dev
26
Stop using pickle already. Seriously, stop it! (mina86.com)
submitted 3 weeks ago by mina86@lemmy.wtf to c/python@programming.dev
12 comments fedilink hide all child comments
 

It is common knowledge that pickle is a serious security risk. And yet, vulnerabilities involving that serialisation format keep happening. In the article I shortly describe the issue and appeal to people to stop using pickle.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] mina86@lemmy.wtf 2 points 1 week ago (1 children)

It is a better approach, it just may be more complex. Only people developing or packaging the library need to compile the message definitions. Itโ€™s not a big burden to require than they have protoc installed. The end user will only need to depend on the created package.

[โ€“] logging_strict@programming.dev 1 points 1 week ago (1 children)

It's a potential single point of failure. Which have experienced first hand. The rest of the app could not run cuz a non-essential piece was non-operable due to the missing compiled message definitions file or message definitions file was updated but not compiled.

So protobuf carries a non-zero risk.

Could the app have been designed without an essential exploding binary blob? Most definitely yes!

[โ€“] mina86@lemmy.wtf 2 points 1 week ago* (last edited 1 week ago) (1 children)

Writing software carries a non-zero risk. If compiling was part of building the package rather than manually committed to the repository, things would work. And that would make the design have no essential binary blob.

[โ€“] logging_strict@programming.dev 1 points 1 week ago

project cost = sigma(1...n)(risk likelihood of occurring * risk cost), but we aren't discussing every possible risk. Only the one risk.

The risk of having to:

  • for the app to work, requires compiled components
  • having to be familiar with setup.py. This is referred to as the sewer, which is what is targeted by hackers e.g. xv
  • maintainers who come later being familiar and can maintain packages that incorporate other languages e.g. C or rust
  • possibly neglecting to perform the compile (but lets ignore this)
  • compiler runs a binary written and maintained by the spy agency Google

or

Just not doing that

The only justification for going with protoc, over other methods, could only come down to data serialization speed. But in that case, wouldn't a rust solution be: not only as fast, but also much safer.