Want to contribute to this amazing open source community

2021-01-08 Thread Sunny Tyagi 

Hello everyone,
I am new to this community, and really want to contribute in this 
organization. It feels amazing when you are work on such software in which 
there is some ,may be not that much, code that is yours.
Can anyone guide me how to contribute here.
With regards,
Sunny

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/988c3496-83c3-464f-a0b4-7b03bcf24665n%40googlegroups.com.

Opt-in to maintain django-contrib-comments

2021-01-08 Thread Alexander Todorov 

Hi folks,
I've exchanged couple of pull requests and then emails with Claude Paroz (in CC) 
and the summary is:



What do you say ? Yay or nay for some fresh blood in the project ?


Hi Alex,

I'd say: yes, absolutely!
Now I don't have all necessary permissions to grant you more rights, so I'd suggest to write to the django-developers mailing list, and you can say that I'm supporting your request. 



I'm already maintaining pylint-django and django-attachments (not original 
author) plus contributing to many others. django-contrib-comments makes a good 
fit b/c I've got an application which depends on it.



My GitHub and PyPI usernames are "atodorov".  Let me know what the process is ?

Regards,
Alex

--
You received this message because you are subscribed to the Google Groups "Django 
developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/7eef7670-1ba2-df52-b673-5c0f1e4c952b%40otb.bg.

New Here !

2021-01-08 Thread Naveen Kumar 
Hello everyone ,

I am new here , and i really wants to contribute to Django community . Just 
need some guidance how to start . I got confused after looking such a huge 
codebase , so please help 

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/018484b2-5d8a-4966-9967-14553e6be4fen%40googlegroups.com.

Re: Opt-in to maintain django-contrib-comments

2021-01-08 Thread Carlton Gibson 
Hi Alex,

Thank you for your contributions!

I can add you to the django-contrib-comments repo. Let me see if I can find
the right button... ๐Ÿ™‚

Welcome aboard! โ›ต๏ธ

Kind regards, Carlton

On Fri, 8 Jan 2021 at 15:22, Alexander Todorov  wrote:

> Hi folks,
> I've exchanged couple of pull requests and then emails with Claude Paroz
> (in CC)
> and the summary is:
>
> >> What do you say ? Yay or nay for some fresh blood in the project ?
> >
> > Hi Alex,
> >
> > I'd say: yes, absolutely!
> > Now I don't have all necessary permissions to grant you more rights, so
> I'd suggest to write to the django-developers mailing list, and you can say
> that I'm supporting your request.
>
>
> I'm already maintaining pylint-django and django-attachments (not original
> author) plus contributing to many others. django-contrib-comments makes a
> good
> fit b/c I've got an application which depends on it.
>
>
> My GitHub and PyPI usernames are "atodorov".  Let me know what the process
> is ?
>
> Regards,
> Alex
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers  (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/7eef7670-1ba2-df52-b673-5c0f1e4c952b%40otb.bg
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAJwKpyTU%3DwZU%2B-fqiWDn_Zzqwojf8f-t-%3DG2p%3DMFmRpU6rE6Vw%40mail.gmail.com.

Re: Technical Board Decision Needed: Admin append_slash behaviour.

2021-01-08 Thread Markus Holtermann 
Thanks you for bringing this up, Carlton. And thanks Jon for tackling the 
issues.

I concur with what has been said so far. Especially what James said, that there 
are so many places where one possibly/maybe/theoretically could come up with 
timing attacks. Mitigating the difference in response code behavior (302 vs 
404) seems like a sensible idea.

But adding the append slash behavior to the Admin seems unnecessary. Especially 
given the example Adam brought up. Maybe you want to post that approach on the 
corresponding ticket, Adam, and close it as wontfix?

Cheers,

Markus

On Thu, Jan 7, 2021, at 5:26 PM, Florian Apolloner wrote:
> 
> 
> On Thursday, January 7, 2021 at 2:16:57 PM UTC+1 carlton...@gmail.com wrote:
> > 1. Add the catch-all view to admin to stop the unauthenticated probing, as 
> > per the Security Teams initial idea, but not the AdminSite.append_slash 
> > option.
> > 2. Don't even add the catch-all, and close the ticket as wontfix. 
> 
> I think the catch-all view is certainly a worthwhile addition, it is a 
> low hanging fruit that makes fast probing if auth.user is installed 
> impossible.
> 
> > * It SEEMS to me that the catch-all view does serve it's purpose as as the 
> > AdminSite.admin_view decorator redirects all non-staff requests equally to 
> > login (whether they exist or not, because the catch-all view exists.) This 
> > is prior to any per-view timing variation. (I think ๐Ÿ™‚)
> 
> Technically you could already mount a timing attack because url 
> resolving is not constant time, the first matching view wins :รพ
> 
> Cheers,
> Florian
> 
> -- 
> You received this message because you are subscribed to the Google 
> Groups "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/django-developers/03910826-32d4-44c9-a3d5-a35f984c05e7n%40googlegroups.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/a19773d6-4482-45b6-aaf0-08f08626b398%40www.fastmail.com.

Re: Technical Board Decision Needed: Admin append_slash behaviour.

2021-01-08 Thread Adam Johnson 
I don't think we should mark the ticket as closed since we want to merge
part of the open PR, the catch-all view.

On Fri, 8 Jan 2021 at 17:24, Markus Holtermann 
wrote:

> Thanks you for bringing this up, Carlton. And thanks Jon for tackling the
> issues.
>
> I concur with what has been said so far. Especially what James said, that
> there are so many places where one possibly/maybe/theoretically could come
> up with timing attacks. Mitigating the difference in response code behavior
> (302 vs 404) seems like a sensible idea.
>
> But adding the append slash behavior to the Admin seems unnecessary.
> Especially given the example Adam brought up. Maybe you want to post that
> approach on the corresponding ticket, Adam, and close it as wontfix?
>
> Cheers,
>
> Markus
>
> On Thu, Jan 7, 2021, at 5:26 PM, Florian Apolloner wrote:
> >
> >
> > On Thursday, January 7, 2021 at 2:16:57 PM UTC+1 carlton...@gmail.com
> wrote:
> > > 1. Add the catch-all view to admin to stop the unauthenticated
> probing, as per the Security Teams initial idea, but not the
> AdminSite.append_slash option.
> > > 2. Don't even add the catch-all, and close the ticket as wontfix.
> >
> > I think the catch-all view is certainly a worthwhile addition, it is a
> > low hanging fruit that makes fast probing if auth.user is installed
> > impossible.
> >
> > > * It SEEMS to me that the catch-all view does serve it's purpose as as
> the AdminSite.admin_view decorator redirects all non-staff requests equally
> to login (whether they exist or not, because the catch-all view exists.)
> This is prior to any per-view timing variation. (I think ๐Ÿ™‚)
> >
> > Technically you could already mount a timing attack because url
> > resolving is not constant time, the first matching view wins :รพ
> >
> > Cheers,
> > Florian
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Django developers (Contributions to Django itself)" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > an email to django-developers+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/django-developers/03910826-32d4-44c9-a3d5-a35f984c05e7n%40googlegroups.com
> <
> https://groups.google.com/d/msgid/django-developers/03910826-32d4-44c9-a3d5-a35f984c05e7n%40googlegroups.com?utm_medium=email&utm_source=footer
> >.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers  (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/a19773d6-4482-45b6-aaf0-08f08626b398%40www.fastmail.com
> .
>


-- 
Adam

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAMyDDM2W_cPF0df%2BfJ0yNxTjG57%3Di7ZdWegXcgOF9SsajKHbuw%40mail.gmail.com.