date:20150908

Re: Password validation in Django revisited

2015-09-08 Thread Florian Apolloner



On Monday, September 7, 2015 at 7:30:58 PM UTC+2, Unai Zalakain wrote:
>
> Some other related questions also come to my mind: What exactly are we 
> considering a secure password?


Whatever we consider "secure" at this point. 
 

> Why not leave the validator list empty by 
> default and document the feature on the security checklist, with the 
> rest of deployment-related features that aren't on by default? 
>

Cause noone reads docs and this is not really deployment related imo. 

Don't take me wrong, I *do* think this is a great feature, but it should 
> be the developers choice to turn it on. 
>

When it comes to security I rather have devs turn it off, in the end this 
will provide a safer behavior… 

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/3b8aafb1-bb16-4b00-b1f8-1414577e4c42%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: draft blog post for Oracle help

2015-09-08 Thread Jani Tiainen

All hands on deck.. ;)

I wouldn't mind having an additional pair of hands to help. Normal
backend is in rather good shape - all tests do pass. GIS backend on the
other hand is having more or less fun-to-fix issues.

I've made some progress to make current backend even pass the tests. If
you want to help, you can poke me on #django or #django-dev irc channels
so I can give you a sitrep what I know and what needs further
investigations.

On 07.09.2015 20:49, Mariusz Felisiak wrote:

Hi everybody,

I would like to volunteer to help maintain Oracle and Oracle GIS
backend. I have been developing (commercial) apps with Django
framework and oracle backend for 8 years now. I am familiar with the
problems associated with it because few times I have been forced to
find ways to solve them:)

FeliXX

W dniu czwartek, 13 sierpnia 2015 18:12:17 UTC+2 użytkownik Tim Graham
napisał:

I've drafted a blog post to advertise our need for Oracle
expertise. Please take a look and give feedback before it's
published. Thanks!

Django team seeks help maintaining Oracle and Oracle GIS backends

---

Several members of the Django team that have previously provided
Oracle
expertise no longer work with Oracle in their day jobs, and
therefore, the team
is seeking new contributors who have an ongoing interest in the
backend.

Ideally, the team seeks to move the Oracle backend from "built-in"
status, to a pip
installable backend that would be maintained under the "django"
GitHub account.
Your duties would include monitoring a build that runs with Django
master and the
latest version of the Oracle backend and fixing any issues that
arise. To help with
the continuous integration infrastructure, knowledge of
maintaining Oracle servers
would also be a plus, but these duties could be split among
several people. Please
introduce yourself on the `django-developers mailing list`_ if
this is something you
are interested in.

Also, the Oracle GIS backend has been broken for several months and
no one has answered `requests for help`_ on the django-developers and
geodjango mailing lists. If no one helps out, this backend will be
dropped in
Django 1.9. This is the least used backend according to the
`Django Developers
Community Survey`_, receiving 5 votes out of more than 3,000
responses.

.. _django-developers mailing list:
https://groups.google.com/forum/#!forum/django-developers

.. _requests for help:
https://groups.google.com/d/topic/django-developers/2ritQ26PRLI/discussion

.. _Django Developers Community Survey:

https://docs.google.com/forms/d/1Owv-Y_beohyCm9o2xPamdBnvjreNYoWai3rDloKZxWw/viewanalytics#start=publishanalytics

Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/bbb2ccfe-cc2b-4665-b440-6f211d2f8808%40googlegroups.com
.

For more options, visit https://groups.google.com/d/optout.

--
Jani Tiainen

--
You received this message because you are subscribed to the Google Groups "Django
developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/55EEC1B0.1030206%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: draft blog post for Oracle help

2015-09-08 Thread Jani Tiainen

On 08.09.2015 14:08, Jani Tiainen wrote:

All hands on deck.. ;)

I wouldn't mind having an additional pair of hands to help. Normal
backend is in rather good shape - all tests do pass. GIS backend on
the other hand is having more or less fun-to-fix issues.

I've made some progress to make current backend even pass the tests.
If you want to help, you can poke me on #django or #django-dev irc
channels so I can give you a sitrep what I know and what needs further
investigations.

Hit enter too fast. I forgot to mention that my IRC nick is jtiai :-)

On 07.09.2015 20:49, Mariusz Felisiak wrote:

Hi everybody,

FeliXX

W dniu czwartek, 13 sierpnia 2015 18:12:17 UTC+2 użytkownik Tim
Graham napisał:

I've drafted a blog post to advertise our need for Oracle
expertise. Please take a look and give feedback before it's
published. Thanks!

Django team seeks help maintaining Oracle and Oracle GIS backends

---

Ideally, the team seeks to move the Oracle backend from
"built-in" status, to a pip
installable backend that would be maintained under the "django"
GitHub account.
Your duties would include monitoring a build that runs with
Django master and the
latest version of the Oracle backend and fixing any issues that
arise. To help with
the continuous integration infrastructure, knowledge of
maintaining Oracle servers
would also be a plus, but these duties could be split among
several people. Please
introduce yourself on the `django-developers mailing list`_ if
this is something you
are interested in.

Also, the Oracle GIS backend has been broken for several months and
no one has answered `requests for help`_ on the django-developers and
geodjango mailing lists. If no one helps out, this backend will
be dropped in
Django 1.9. This is the least used backend according to the
`Django Developers
Community Survey`_, receiving 5 votes out of more than 3,000
responses.

.. _django-developers mailing list:
https://groups.google.com/forum/#!forum/django-developers
.. _requests for help:
https://groups.google.com/d/topic/django-developers/2ritQ26PRLI/discussion

.. _Django Developers Community Survey:

https://docs.google.com/forms/d/1Owv-Y_beohyCm9o2xPamdBnvjreNYoWai3rDloKZxWw/viewanalytics#start=publishanalytics

For more options, visit https://groups.google.com/d/optout.

--
Jani Tiainen

--
You received this message because you are subscribed to the Google Groups "Django
developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/55EEC201.9000904%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: draft blog post for Oracle help

2015-09-08 Thread Tim Graham

Another place to help is to update the instructions on how to run the tests 
with the Oracle Developer Days VM. The current instructions are for version 
11 of the VM, but now Oracle only provides a VM for version 12.

https://code.djangoproject.com/wiki/OracleTestSetup

On Tuesday, September 8, 2015 at 7:10:07 AM UTC-4, Jani Tiainen wrote:
>
>
>
> On 08.09.2015 14:08, Jani Tiainen wrote:
>
> All hands on deck.. ;)
>
> I wouldn't mind having an additional pair of hands to help. Normal backend 
> is in rather good shape - all tests do pass. GIS backend on the other hand 
> is having more or less fun-to-fix issues.
>
> I've made some progress to make current backend even pass the tests. If 
> you want to help, you can poke me on #django or #django-dev irc channels so 
> I can give you a sitrep what I know and what needs further investigations.
>
>
> Hit enter too fast. I forgot to mention that my IRC nick is jtiai  :-)
>
> On 07.09.2015 20:49, Mariusz Felisiak wrote:
>
> Hi everybody,
>
> I would like to volunteer to help maintain Oracle and Oracle GIS backend. 
> I have been developing (commercial) apps with Django framework and oracle 
> backend for 8 years now. I am familiar with the problems associated with it 
> because few times I have been forced to find ways to solve them:)
>
> FeliXX
>
> W dniu czwartek, 13 sierpnia 2015 18:12:17 UTC+2 użytkownik Tim Graham 
> napisał: 
>>
>> I've drafted a blog post to advertise our need for Oracle expertise. 
>> Please take a look and give feedback before it's published. Thanks!
>>
>> Django team seeks help maintaining Oracle and Oracle GIS backends
>>
>> ---
>>
>> Several members of the Django team that have previously provided Oracle
>> expertise no longer work with Oracle in their day jobs, and therefore, 
>> the team
>> is seeking new contributors who have an ongoing interest in the backend.
>>
>> Ideally, the team seeks to move the Oracle backend from "built-in" 
>> status, to a pip
>> installable backend that would be maintained under the "django" GitHub 
>> account.
>> Your duties would include monitoring a build that runs with Django master 
>> and the
>> latest version of the Oracle backend and fixing any issues that arise. To 
>> help with
>> the continuous integration infrastructure, knowledge of maintaining 
>> Oracle servers
>> would also be a plus, but these duties could be split among several 
>> people. Please
>> introduce yourself on the `django-developers mailing list`_ if this is 
>> something you
>> are interested in.
>>
>> Also, the Oracle GIS backend has been broken for several months and
>> no one has answered `requests for help`_ on the django-developers and
>> geodjango mailing lists. If no one helps out, this backend will be 
>> dropped in
>> Django 1.9. This is the least used backend according to the `Django 
>> Developers
>> Community Survey`_, receiving 5 votes out of more than 3,000 responses.
>>
>> .. _django-developers mailing list: 
>> https://groups.google.com/forum/#!forum/django-developers
>> .. _requests for help: 
>> https://groups.google.com/d/topic/django-developers/2ritQ26PRLI/discussion
>> .. _Django Developers Community Survey: 
>> https://docs.google.com/forms/
>> d/1Owv-Y_beohyCm9o2xPamdBnvjreNYoWai3rDloKZxWw/viewanalytics#start=publishanalytics
>>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-develop...@googlegroups.com .
> To post to this group, send email to django-d...@googlegroups.com 
> .
> Visit this group at http://groups.google.com/group/django-developers.
> To view this discussion on the web visit 
> 
> https://groups.google.com/d/msgid/django-developers/bbb2ccfe-cc2b-4665-b440-6f211d2f8808%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
> -- 
> Jani Tiainen
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/554d21da-54b0-4bbd-abd7-cf54fdbe5457%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Password validation in Django revisited

2015-09-08 Thread Carl Meyer

On 09/07/2015 06:31 PM, Tim Graham wrote:
> The extra complexity of varying validation logic based on DEBUG doesn't
> seem quite right to me, but I guess I won't oppose it if that's the
> consensus.

I'm strongly -1 on anything that automatically turns off password
validation everywhere based on DEBUG, especially if there's no way to
override. Django should always be _very_ cautious about introducing more
automatic variance in behavior between development and production modes.
(Not to mention that I don't think DEBUG should be used as a proxy for
"development vs production" anyway, but that ship sailed a long time
ago.) If people want this behavior, they should do it themselves in
their settings file.

My favorite option is for the createsuperuser command specifically (and
nothing else) to implement password validation as a confirm dialog
rather than a hard block. If your password fails validation, it tells
you how and asks you to confirm that you really want to use that
password. This makes sense to me because the createsuperuser command
(unlike any site web UI) can only ever be used by someone who would also
have the ability to set their password directly via shell if they want.
So it's good to remind them of the validation fail, but there's no
reason to make their life difficult.

> Another option could be this in the generated settings file:
> 
> AUTH_PASSWORD_VALIDATORS = [
> {
> 'NAME':
> 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
> },
> ...
> ] if not DEBUG else []
> 
> Of course this depends on whether or not you expect other places like
> the admin's change password form to do validation in debug mode.

I'm -0.5 on this. I don't think varying behavior based on DEBUG is
really something we should push that strongly. People can still do it if
they want, of course.

Carl

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/55EEF114.8070704%40oddbird.net.
For more options, visit https://groups.google.com/d/optout.

signature.asc
Description: OpenPGP digital signature

Re: Password validation in Django revisited

2015-09-08 Thread Unai Zalakain


Cause noone reads docs and this is not really deployment related imo.

What if the checks framework warned it?


--
unai

--
You received this message because you are subscribed to the Google Groups "Django 
developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/20150908151752.GC3679%40def.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Digital signature

Re: Making the test suite run faster

2015-09-08 Thread Michael Manfre

I agree with Shai. The database backend needs to be able to control this
feature.

Regards,
Michael Manfre

On Sun, Sep 6, 2015 at 12:48 PM, Shai Berger  wrote:

> Hi,
>
> On Sunday 06 September 2015 13:06:18 Aymeric Augustin wrote:
> >
> > This will require ./runtests.py --no-parallel or ./runtests.py
> > --parallel-num=1 to run tests under Oracle. I think it’s a good tradeoff
> > because the defaults should be optimized for occasional contributors.
> >
>
> Can we somehow make this default controlled by the database backend, so
> that
> it only defaults to --parallel on backends which support it?
>
> While not many, Oracle does have its own occasional contributors, and I'm
> not
> sure this kind of change would be welcomed by the 3rd-party backends.
>
> This could be done, I think, with a feature flag on the backend
> ("supports_parallel_tests"), defaulting to False, set to True on supporting
> backends.
>
> My 2 cents,
> Shai.
>
>


-- 
GPG Fingerprint: 74DE D158 BAD0 EDF8
keybase.io/manfre

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAGdCwBv%3DyraZ7hN5rCPQAV4ySrzrW%2BUJ-P96Bb8RLGbmkkQ4fA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Password validation in Django revisited

2015-09-08 Thread Florian Apolloner

On Tuesday, September 8, 2015 at 5:18:32 PM UTC+2, Unai Zalakain wrote:
>
> >Cause noone reads docs and this is not really deployment related imo. 
> What if the checks framework warned it?
>

If it is empty? fine for me, but the default has to stay with enabled ones… 

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/ff2357e7-c9ea-4d20-85a0-8368a8793485%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Ability to migrate other applications

2015-09-08 Thread Andrew Godwin

I still feel like merge migrations are necessary, if not only because
they're a way of reducing the potential collision area of migration
ordering from different branches, but it might be that the solver is
predictable enough that it's not a problem. Two separate branches in
migrations still don't have an order relative to each other, so if we
change the code in Django that does order resolution even slightly it could
result in different operation orders or even different "final" rendered
models.

Andrew

On Mon, Sep 7, 2015 at 5:16 PM, Shai Berger  wrote:

> Ok, two things:
>
> 1) Markus' idea of having more than one folder for migration modules seems
> reasonable enough. I disagree with his comment about the placement of merge
> migrations --
>
> > Django needs to know where to
> > place the merge-migration. I'd go with the first item in the list
>
> I'd require an explicit selection by the user; I'd still want to make sure
> the
> selected path is one of those specified for migration modules, so a dialog
> for
> selection may be more appropriate than a command-line parameter.
>
> BUT
>
> 2) Emma's experiment, essentially, proves that the migration system can
> live,
> migrate, and generate new migrations with two leaf-migrations present.
> Which
> begs the question -- are merge migrations really necessary at all? I know
> why
> they were necessary for South, where migrations in an app were ordered
> linearly, but we have grown past that.
>
> If, as I now suspect, we actually don't need them, then the whole idea
> sounds
> much more reasonable. I still feel funny about a migration which belongs to
> one app and works on the models of another, and would prefer some better-
> looking solution -- e.g. "project migrations" (there are other reasons to
> think of them, like, special migrations to change swappable models); but
> unless some such idea gets some backing, I'd be only -0 on this.
>
> Shai.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAFwN1uq6zdnK1nCRj0hT4AUkp_NcTh_6TFSxudHJp8FtVmyjcw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Password validation in Django revisited

Re: draft blog post for Oracle help

Re: draft blog post for Oracle help

Re: draft blog post for Oracle help

Re: Password validation in Django revisited

Re: Password validation in Django revisited

Re: Making the test suite run faster

Re: Password validation in Django revisited

Re: Ability to migrate other applications

9 matches

Site Navigation

Mail list logo

Footer information