On 15/11/13 18:42, Erik van Zijst wrote:

> How do people feel about this approach and should it be merged into
> Django? If not, then I can turn it into a library instead. Maybe at our
> size we're not in Django's sweet spot anymore. However, in their current
> version the recommended hashers are just not usable for us.

>From my point of view, this is definitely something for an external
library, not for Django itself. The additional complexity makes it much
harder to review from a security point of view, and easier to make
mistakes when deploying, and we want to avoid that. Also, many people
will not need the additional performance, and we don't want to make it
easy for people to use a less secure option just because they want a
really fast site or something.

It seems like this can work fine as external code, and so I can't see a
reason why this needs to be in Django itself.



"DO NOT DISTURB.  I'm disturbed enough already."

Luke Plant || http://lukeplant.me.uk/

You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to