On 08/31/2012 09:59 AM, Raphael Hertzog wrote: Hi,
(I hope you are still patient with me.) It is hard to judge how severe the use of SHA1 in django-registration 0.7.1 is. I think we can go endlessly here. (What if an attacker requests 2 accounts: one on a valid e-mail address and one on a invalid one? Is 5 characters of salt, 26 bits of randomness, enough safeguard?). I think in the end it is a subjective decision and I am not to judge here. So lets get back to the original issue: the changelog mentions fixed compatibility issues with Django 1.4: https://bitbucket.org/ubernostrum/django-registration/src/2d6fcc0c55d0/CHANGELOG It is for sure referring to this commit: https://bitbucket.org/ubernostrum/django-registration/changeset/b79f9f2cf3c9f246d68a0e5d3b9e75ab0c1b20c6 I have seen one bug report about this causing problems: http://spottedsun.com/django-registration-activation-error-for-django-1-4/ I can recall also fixed problems with the naming schemes between 0.7.1 and 0.8, but I can't give exact references to those. Winfried -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
