[alanh]

YAML is more complex that most people tend to realize. (This was brought up in a 2011 discussion about possibly standardizing a metadata section for Markdown documents which sadly went nowhere. [1])

Take a look at example 2.11 in the YAML spec [2], for example, and see if you can make heads or tails of it.

[1]: https://pairlist6.pair.net/pipermail/markdown-discuss/2011-A...

[2]: http://www.yaml.org/spec/1.2/spec.html#id2760395

[detaro]

pyYAML has this collection of problems with the spec: http://pyyaml.org/wiki/BugsInTheYAMLSpecification

(and pyYAML itself can't always parse its own output correctly...)

[crdoconnor]

You don't need most of those features. A pared down YAML with the cruft removed (implicit typing, flow style, tag tokens, node anchor & references) is actually pretty simple as well as less "gotcha-y".

[__david__]

Sure, but most language YAML parsers support all or most of the spec. That can be a problem if you aren't expecting it.

[alanh]

I believe it has even created security issues. Didn’t Rails have at least one YAML-based vuln?

[rurban]

You need to restrict YAML to SecureLoad, with manually adding allowed typed and classes.

At least perl doesn't support this, so it's inherently insecure there, but you can always use YAML::Syck which didn't go this way.