Ah sorry for the fuzz, I read too much into your idea and jumped to the
conclusion, that you want to extend INSTALLED_APPS at runtime.
What you describe here
> INSTALLED_APPS = [
> "django.contrib..."
> "..."
> "myapp.core"
> ]
>
> PluginManager.find_apps(INSTALLED_APPS, "myapp.plugins")
makes perfect sense, as it only decorates INSTALLED_APPS very early
during settings.py loading, so the boostrapping should be fine. I dont
see any issues with that - beside hiding the explicit loading nature, as
Jacob pointed out, but thats indeed already an issue baked into python
with setup.py deps or carelessly pulling untrusted stuff via pip. So
nope, the explicit nature of INSTALLED_APPS is a "false friend" in terms
of security concerns from 3rd party modules.
As you already pointed out, the proper app ordering might be a bigger
issue for an automated app discovery. Not sure how you solved that, this
might need some tree balance logic, but the question remains, where to
get the info "xy must be loaded before/after z" from in the first place.
Ideally apps should be loading position independent, but thats not
always the case, and you might even run into edge cases, where a proper
loading strategy cannot be found due to incompatible before/after
requirements.
Cheers,
Jörg
--
You received this message because you are subscribed to the Google Groups "Django
developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/32215db2-a151-51ed-a491-eb0d2d7a313f%40netzkolchose.de.
