RFC: Remove serialize._loads_v1 and _loads_v2 #309
Description
Opening this as an RFC because it's technically a behavioral change.
At the moment, CacheControl has 5 serialization "implementations":
_loads_v0: legacy, currently a no-op_loads_v1: legacy, loads from a pickle file_loads_v2: legacy, loads from a zlib-compressed base64 stream_loads_v3: legacy, currently a no-op_loads_v4: the current msgpack-based serialization
These are all defined under cachecontrol.serialize, and are dispatched to based on the version in the cache entry's "header".
I propose removing _loads_v1 and _loads_v2 in a similar manner to v0/v3: we can just make them no-ops, meaning that any entries that happen to be found in those formats will be treated as cache-misses instead.
Rationale:
- For just
_load_v1: loading from pickle files is well known to be dangerous. - For both: both formats are very old, and were deprecated years ago (around 2017, with
0.12.0). As a result, any lingering cache entries that happen to be on still-running systems are very likely expired anyways.
Benefits:
- For
_load_v1, removing an old and potentially dangerous deserialization surface - For both: generally reducing the complexity of the de/serialization code, and allowing us to simplify the
serialize.loadslookup logic
Thoughts? If this sounds reasonable, I'm happy to do it.
Metadata
Metadata
Assignees
Labels
No labels