On Fr, 29.10.21 13:57, David Cantrell (dcantr...@redhat.com) wrote: > Has there been any consideration for potential security risks with > regards to the data in this string? Of concern to me are encoding > formats, size limits or reporting, and structure formats. The > proposal notes JSON, which has been involved in security related > problems in the past.
One of the reasons we are sticking to JSON here is so that we can use battle-tested parsers we already use for other stuff. you want a parser that is already used, verified, tested elsewhere, and JSON makes that easy. A homegrown parser of an entirely new special purpose format is a lot more problematic security-wise. Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
