Re: Django for beginners

2020-04-26 Thread Larbi Gharib
Hi Adam and Elisabetta, Adam is right my bad. Larbi Le sam. 25 avr. 2020 à 13:45, Adam Johnson a écrit : > Larbi, that is the roadmap for Django CMS, a separate project that is an > extension to Django. > > Elisabetta, yes this is more of a support question. If you’re looking for > learning ma

Re: Generate JWTs with Django

2020-04-26 Thread James Bennett
I understand that this will probably get shouted down due to the popularity of JWTs, but: I don't think Django should include any type of JWT support in the core framework. JWTs are an absolute security nightmare. Some of the Django security team have heard me rant on this topic already, but: ther

Re: Generate JWTs with Django

2020-04-26 Thread Ryan Hiebert
On Sun, Apr 26, 2020 at 8:29 AM James Bennett wrote: > JWTs are an absolute security nightmare. Some of the Django security > team have heard me rant on this topic already, but: there is no such > thing as a safe JWT implementation, because there are fundamental > flaws in the design of JWT that

Re: Remove automatic date-naming of migrations (00XX_auto_YYYMMDD)

2020-04-26 Thread Adam Johnson
Since this proposal seems to be broadly supported, I've created a corresponding ticket and pull request: https://code.djangoproject.com/ticket/31516 and https://github.com/django/django/pull/12799 . Thanks all. On Sat, 25 Apr 2020 at 19:08, Tom Forbes wrote: > I would be in favour of Adam’s pr

Re: Generate JWTs with Django

2020-04-26 Thread Adam Johnson
James, I too would like to know your criticisms! I've always understood that they aren't much different to signed cookies, but I haven't looked too deeply at them. On Sun, 26 Apr 2020 at 16:00, Ryan Hiebert wrote: > > > On Sun, Apr 26, 2020 at 8:29 AM James Bennett > wrote: > >> JWTs are an abs

Google Groups contingency plan

2020-04-26 Thread Tom Forbes
Hello, Given the recent worldwide situation I’ve found myself thinking a lot about contingency plans recently. I wanted to raise a question about our reliance on Google Groups and if we had any contingency plans if this service was shut down? To put it politely, it's pretty obvious that Google G

Re: Google Groups contingency plan

2020-04-26 Thread אורי
On Sun, Apr 26, 2020 at 7:14 PM Tom Forbes wrote: > Hello, > Given the recent worldwide situation I’ve found myself thinking a lot > about contingency plans recently. I wanted to raise a question about our > reliance on Google Groups and if we had any contingency plans if this > service was shut

Re: Google Groups contingency plan

2020-04-26 Thread אורי
‪On Sun, Apr 26, 2020 at 7:34 PM ‫אורי‬‎ wrote:‬ > > By the way, is Django a commercial entity? Why does it use the .com domain > suffix? Python uses .org, but doesn't Django use .org too? From reading the > website I see that the Django Software Foundation is non-profit. > Sorry, I meant: Pyth

Re: Google Groups contingency plan

2020-04-26 Thread Tom Forbes
> I think python.org and Django are managed by different > (legal) entities so it doesn't make sense for Django mailing lists to use the > domain name python.org That’s a good point, it was just an idea. However running mailserver can be annoying and the

Re: Google Groups contingency plan

2020-04-26 Thread Abayomi Oloko
Hello Tom, I must commend your great foresight as we may be robbed of not only the rich content of our email communication history, our mailing list may also not be available. My suggestion will be for us to look in the direction of something open source as a stop gap between the time that we

Re: Google Groups contingency plan

2020-04-26 Thread Adam Johnson
> > I think python.org and Django are managed by different (legal) entities > so it doesn't make sense for Django mailing lists to use the domain name > python.org I think it's fine to share with them, if possible. As Tom, says other projects like scikit do. Tom - you didn't mention backing u

Re: Google Groups contingency plan

2020-04-26 Thread Tom Forbes
Actually, after taking a look I found that there is actually a new version of Groups that is in beta (https://support.google.com/a/answer/9687393?hl=en&ref_topic=14869 ). It seems they are more tightly integrating it with G-Suit

Re: Google Groups contingency plan

2020-04-26 Thread Abayomi Oloko
I think it’s premature to posit that Groups isn’t going to die. To be honest, I have been thinking along the line of your original post and wondering what would happen should Google adopt a policy change towards groups. Moreover, one cannot be certain that Groups will be perpetual. I will advise

Re: Google Groups contingency plan

2020-04-26 Thread Alex Krupp
If someone has all of the email messages going back to the beginning of the group in a Gmail account, it would be very easy to export them that way and then either re-host them elsewhere on the web or else put them into a long term preservation format so that people can download them and use them l

Re: Generate JWTs with Django

2020-04-26 Thread James Bennett
On Sun, Apr 26, 2020 at 8:46 AM Adam Johnson wrote: > > James, I too would like to know your criticisms! I've always understood that > they aren't much different to signed cookies, but I haven't looked too deeply > at them. Well, people asked. So. The short summary is: JWT is over-complex, put

Re: Generate JWTs with Django

2020-04-26 Thread Ryan Hiebert
On Sun, Apr 26, 2020 at 9:53 PM James Bennett wrote: > On Sun, Apr 26, 2020 at 8:46 AM Adam Johnson wrote: > > The short summary is: JWT is over-complex, puts too much power in the > attacker's hands, has too many configuration knobs, and makes poor > cryptographic choices. This is why we see vu