Daniel Shahaf wrote:
> julianfoad_at_apache.org wrote on Mon, 18 Nov 2019 17:00 +00:00:
>> +++ subversion/trunk/tools/dist/release.py Mon Nov 18 17:00:16 2019
>> @@ -70,43 +71,22 @@ except ImportError:
>> +# Read the dist metadata (about release lines)
>> +with open(get_dist_metadata_file_path(), 'r') as stream:
>> + dist_metadata = yaml.load(stream)
> yaml.load() is/was unsafe:
> yaml.safe_load() should be used instead.
Meh, ok, didn't know that; will change it.
> Separately, at the risk of bikeshedding, I'd suggest to use json, for
> two reasons:
> - It's part of the Python stdlib.
> - jq(1) exists.
But this isn't machine communication, it's human input and so needs the
ability to have at least comments and preferably other conveniences (I
used define-and-reference, for example).
Received on 2019-11-19 18:16:34 CET