Message 331421 - Python tracker (original) (raw)

Paul Ganssle wrote at Fri, 07 Dec 2018 17:22:36 +0000:

Gregory P. Smith (gregory.p.smith) 2017-03-02 18:57 TL;DR - Just one more example of why nobody should ever use pickle under any circumstances. It is useless for data that is not transient for consumption by the same exact versions of all software that created it.

This is something that users can work around by not abusing pickle in this way and instead using a proper cross-platform serialization format. I realize that that makes it more difficult for some people to do so, but as Gregory points out, these people are doing dangerous stuff that will break in a way that we are not going to be willing or able to fix at some point anyway.

This is completely and utterly wrong, to put it mildly.

The official documentation of the pickle module states (I checked 2.7 and 3.7):

The pickle serialization format is guaranteed to be backwards
compatible across Python releases.

Considering that this issue is 4.5 years old, one would assume that the pickle documentation would have been changed in the meantime if Gregory's and Paul's view matched reality.

But my or your personal views about the usability of pickle don't matter anyway. There are too many libraries and applications that have been using pickle for many years.

I personally know about this kind of usage in applications since 1998. In that particular case, the pickled information resides on machines owned by the customers of the applications and must be readable by any new version of the application no matter how old the file containing the pickle is. Rewriting history by some Python developers is not going to impress the companies involved!

Have a nice day!