Towards better serialization

Brian Goetz brian.goetz at
Wed Jun 12 13:57:09 UTC 2019

> there is something i think is dangerous, the keyword "open" offers a false promise

The `open` mechanism has nothing whatsoever to do with serialization; it 
has to do with access control, and who can invoke it.  Any concern you 
have about open methods, you also have about public methods.

> Once an instance is serialized (by whatever serializers), it becomes public knowledge because you can always forge it. Trying to hide that is IMO an error.

Once a class is serializable (whether you've ever serialized an instance 
or not), you've given the world an effectively-public mechanism to 
instantiate new instances.  In the old world, that mechanism bypasses 
user-written constructors (bad!), but with the new mechanism, we can 
defend that public API the same way we can defend any other API -- 
through validation, normalization, copying, etc.

More information about the amber-dev mailing list