I'm unsure of exactly how to proceed, probably due to my poor string encoding/unicode understanding.
Is a system check warning to suggest basestring (py2) / str (py3) secret keys desirable? Aymeric, on the ticket you said, "Currently, since the type isn't enforced, every app that wants to do something with SECRET_KEY should conditionally convert it to bytes, typically with force_bytes, since it _could_ be bytes. I don't think this is common knowledge; it's even a pitfall. Enforcing the type would simplify that code and avoid errors for the minority who uses bytes in pluggable apps that assume text e.g. by doing settings.SECRET_KEY.encode()." But then above, you said, "a bytes key will crash in some places [in Django]. (This is a bug and it should be fixed.)" It sounds like you're saying Django should promote the use of basestring/str but also allow bytestrings (even non-ASCII bytestrings as reported in #19980?). On Thursday, December 22, 2016 at 7:05:36 PM UTC-5, Ryan Hiebert wrote: > > > On Dec 22, 2016, at 5:22 PM, Adam Johnson <m...@adamj.eu <javascript:>> > wrote: > > +1 to what Aymeric wrote. I was just drafting an email with a similar > argument about how it's hard to manage pure bytes in config management > systems that write to env vars, that's why ascii strings are so useful. > They're also easy to copy/paste and verify when adding them to your config > management. > > > Thanks for this. As someone who writes 12-factor apps all day, this > argument makes a lot of sense to me. > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/0e5f1c34-421e-465c-93f6-0abac07790cf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
