Re: Adding generated common table expressions

2017-03-18 Thread Matthias Kestenholz
Hi, On Sat, Mar 18, 2017 at 12:49 AM, Tim Graham wrote: > Hi, I don't know anything about CTE, but did you see this third-party > package? https://github.com/petrounias/django-cte-trees -- It seems to be > PostgreSQL only. Just chiming in to point out a maintained and up-to-date friendly fork of

Re: Adding generated common table expressions

2017-03-18 Thread Adam Johnson
> > supported is added in MySQL 8 [0] > Additionally MariaDB 10.2 supports them, and it's nearing release. On 18 March 2017 at 07:59, Matthias Kestenholz wrote: > Hi, > > On Sat, Mar 18, 2017 at 12:49 AM, Tim Graham wrote: > > Hi, I don't know anything about CTE, but did you see this third-pa

Re: Adding generated common table expressions

2017-03-18 Thread Josh Smeaton
Thanks for bringing this up Ashley, and for all of the detail you provided. I'd certainly like to see CTEs make their way into Django, provided we could come up with a nice enough API. From the look of it, you've already got something that works with an okay API so I'm hopeful. I'd be very inte

Re: Add ability to choose a different secret for PasswordResetToken

2017-03-18 Thread Adam Johnson
Presumably you mean PasswordResetTokenGenerator when you write PasswordResetToken. Seems like a fairly small feature, but my security sense is tingling when you say you're putting the secret key of one application in a variable for another. Normally in a situation where multiple applications need

Re: Add ability to choose a different secret for PasswordResetToken

2017-03-18 Thread jann.haber via Django developers (Contributions to Django itself)
Thank you for your input. Yes I meant the PasswordResetTokenGenerator, sorry for this. It agree, it would be a fairly small addition to Django, however there doesn't seem to be an easy (non-hackish) way to get around. Since the impact on Django would be very small, I wanted to share my thoughts

Re: Add ability to choose a different secret for PasswordResetToken

2017-03-18 Thread Collin Anderson
"the self-service site is basically a small subset of our internal site. So if somebody would gain access to our interal site, he/she would already have access to a superset of data of the other site. So there is really no point to also take over to the other site." Just curious: why not just use

Re: status of 1.11 release blockers

2017-03-18 Thread Tim Graham
A handful of blockers (mostly in the final stages) remain as of right now [0]. We're on track to issue the release candidate on Monday. [0] https://code.djangoproject.com/query?status=!closed&severity=Release%20blocker&desc=1&order=changetime On Saturday, February 11, 2017 at 5:14:34 PM UTC-5,

Fellow Report - March 18, 2017

2017-03-18 Thread Tim Graham
Triaged --- https://code.djangoproject.com/ticket/27931 - Clarify the meaning of "django catch-all logger" (accepted) https://code.djangoproject.com/ticket/27937 - Potential issue with field.queryset._result_cache persisting (reopened ticket that caused the regression) https://code.dja