Faust latest version (1.10.4) still makes use of the pickle.loads function, even if it is marked in Python documentation as "not secure".
This is reported by tools such as NexusIQ as a major vulnerability, with potentially a no go for production in sensitive projects.
Since the "raw_pickle" serializer is rather trivial, I propose to remove it from the code and move it into the documentation. People who really need it will be able easily to add it in their own project (at their own risk).
Faust latest version (1.10.4) still makes use of the pickle.loads function, even if it is marked in Python documentation as "not secure". This is reported by tools such as NexusIQ as a major vulnerability, with potentially a no go for production in sensitive projects.
Since the "raw_pickle" serializer is rather trivial, I propose to remove it from the code and move it into the documentation. People who really need it will be able easily to add it in their own project (at their own risk).