Hi,
On 09/04/2022 11.35, Carlton Gibson wrote:
But — question — would documenting the existing options be viable?
We don't normally point to (many) third-party apps in the docs. It's too
variable, too difficult to maintain (etc).
The exception is third-party databases backends, which we do link to.
Would a topic doc explaining the basic idea and listing the options
out-there be helpful to the community?
I imagine between maintainers, and Security Team, and user community we
could easily enough say both "Yes, this is a good option, let's include
it" and "This package should be removed now".
I am not sure that the existing options are sufficiently mature.
django-otp certainly is mature, but it does not and never will support
WebAuthn[1].
Last time I checked I wasn't really happy with any of the other options.
That is why I started django-mfa3. But I wouldn't call that mature either.
I believe it would be best to first try out some different approaches in
third party apps and then integrate the "winner" (or parts of it) into
core. Those third party apps do already exist, but as far as I am aware
they are not widely used yet.
Is it possible to start some kind of poll? Options could include:
- "I already use 2FA with django, using the library …"
- "I already use 2FA with django, using custom code"
- "I do not use 2FA with django yet, but I would like to"
- "I do not use 2FA with django yet, and I do not intent to"
thanks
tobias
[1]:
https://github.com/django-otp/django-otp/issues/40#issuecomment-633079273
--
You received this message because you are subscribed to the Google Groups "Django
developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/bdd1003e-bf0e-19a1-c1db-9b9731f24d39%40posteo.de.
