(but you often get something much better when config files are plain lisp code; i.e. they are eval'ed, assuming that the threat model allows it)