From my point of view, most things related to software config is hierachical, meaning that a tree like structure is the most intuitive in understanding them. YAML is tree based, while TOML is section based. I find YAML much easier to keep track of. And I have great experience with Python, so the indentation is pretty straight forward for me.
But I’m not picking sides and defying the other. It’s purely personal mind set related. Actually I do find some workflow very suited for TOML, like build systems, where each task is in its own section, shouting clear cut domain and dependency boundaries.
yes, there are professional third party cybersecurity auditors you can hire, but I doubt anyone here would ever need them.
Please people, stop being paranoid about your security. close up all unnecessary ports, and that’s what you can do on your end. whatever else, if the service binding to an open port has security vulnerabilities you don’t know, the project team may very well be unaware of it either, and there’s nothing you could do.
also, if you have multiple users using your service, then it’s their password strength that you should be worrying the most, not your infrastructure.