Consider an alternative to Utf8Json for persistence #144
reeseschultz
started this conversation in
Ideas
Replies: 1 comment 1 reply
-
|
Thanks again! You're right of course, something like this is also already planned :) Unfortunately I didn't get to change the persistence API yet, but there would be other alternatives like NetJSON or a UTF8-JSON community-fork which is actively maintained :) |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Sounds excellent. Thanks for letting me know. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
While scrutinizing dependencies (related to #143), I noticed Utf8Json, which the persistence extension depends on, is no longer maintained and has not been for years.
Utf8Json has many reported instances of inherent data corruption and undisclosed(?) security flaws. As a result, users of Arch could be indirectly introducing a riskier-than-justifiable attack surface with no authoritative hotfix channel.
I'm opening discussion on this because, while I have no particular recommendation for a JSON serializer, I do know it's something that needs to be addressed if not purely for maintainability. I understand serialization performance is obviously a high goal, but I imagine the ease of transitioning to a different serializer is almost as important.
Beta Was this translation helpful? Give feedback.
All reactions