[vinkelhake]

I used yaml for some things back in the stone age (shout out to why the lucky stiff and syck). The more I used it, and the more I came in contact with it I started to dislike that it has so many features, and tries to be overly clever. I'm kind of surprised to see that it's making a comeback (or maybe it never went away).

https://noyaml.com/

[xelxebar]

That site's listed complaints are all either about a really old YAML spec or about self-inflicted, unrelated technical debt.

Granted, Python and other popular languages are also on an ancient YAML version for some inexplicable reason...

[rurban]

The safety concerns are all about the later YAML specs, tags and code. That's why most stayed on the early version, with some white list API.

[xelxebar]

You mean the executable YAML claims? Some are explicitly listed as for the older spec, but indeed a few are for 1.2. However...

If you configure your YAML loader to run arbitrary, input-controlled deserialization code, then of course you're opening a can of worms. Just, uh, don't do that for untrusted input maybe?

Is $programming_language terrible because some people run user input through eval?

The latest YAML (1.2 currently) gives you the option of doing all that stuff if you want. It's a bad implementation that decides to run random code by default, or heaven forbid, bakes such behavior in.

[jdwithit]

YAML is so ubiquitous I have to wonder what corner of tech you work in that you aren't encountering it in the wild. Kubernetes really brought it to center stage going on 10 years ago, but it's the config file format for many many applications these days.

That's not meant as an endorsement, just saying it's not "making a comeback" any more than Taylor Swift is in music. It's The Thing right now and has been for a while.

[alwillis]

YAML is so ubiquitous I have to wonder what corner of tech you work in that you aren't encountering it in the wild.

Ansible is another tool for devops that uses YAML extensively; it shipped in 2012.

[rurban]

To _why the little stiff favor his libsyck never had the problems of later YAML extensions by Ingy, which should make them represent everything, but also made it totally insecure. That's why perl5 never really followed on to use the newer YAML specs and libraries for its cpan state files. syck was also much faster. I never bought the argument that it wasn't maintained anymore, I was not aware of any bugs.

[alwillis]

It really never went away.

[sixdimensional]

Is 2001 the stone age now (the year YAML was conceived)?