I'm working on a draft spec[1] for a new privilege separation mechanism (oslo.privsep) and one of the reviewers mentioned oslo.serialization. Yay. My question is: From a quick glance over the current objects, it looks fine atm - but is the intention that this library remain suitable for security-sensitive purposes? I guess I'm mostly concerned about things like PyYaml's "!!python/object" feature or pickle's ability to serialise arbitrary objects - super useful in normal use, just not in a security context. - Gus [1] https://review.openstack.org/#/c/204073 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150723/4b3d1819/attachment.html>