The ubjson module has a number of quality defects and is unsafe.
Considering CBOR is popular, standarized and supported in RIOT and that
the ubjson implementation is a home-grown one whose API will likely be
unfamiliar to new users, I propose to delete it.
This removal, of course, dows not have to be NOW. We can deprecate it for
one or two releases before.
What's wrong with this module?
- Unsafe: the parsing is done recursively. This is embedded in the API, so it
is not possible to fix it without changing the API. A document with too much
nesting can cause a stack overflow.
- Does not validate writing: it is possible to produce invalid output. From
the docs:
> The library won't complain if you write multiple values that are not
> inside an array or object. The result will just not be properly serialized.
- Poorly tested. As shown by #11702, #11703 the tests were not even detecting
that a False was stored as True.
- In line with the previous remark, see
68dc5b0d6e/tests/unittests/tests-ubjson/tests-ubjson.c (L66-L77)
Why is the following code in the unit tests??
```c
irq_disable();
sched_set_status(data->main_thread, STATUS_PENDING);
```
- #2175 is still unfixed after 3.5 years.
- Code quality. The code has multiline macros that assign variables and
return. See c332514875/sys/ubjson/ubjson-write.c (L34-L41)
Can we mark it as deprecated this release and sweep it in the following one?
bea30c3f89