I agree with Aymeric and Markus that createsuperuser should not validate strength of passwords when DEBUG is on. Having to use a secure password for development/test accounts is an unnecessary level of interference for users.
I agree its safer to prevent using admin/admin in production and this is a good thing, but there's no reason to prevent this for development. In fact, I'd argue enforcing it for development will encourage teams to have a "standard" secure password for their sites, which is also used in production. By allowing admin/admin in development, and enforcing something better in production we are more helpfully enforcing best practice. On 7 September 2015 at 16:44, Florian Apolloner <f.apollo...@gmail.com> wrote: > > > On Monday, September 7, 2015 at 5:37:03 PM UTC+2, Unai Zalakain wrote: >> >> I would even dare to say I'm totally against activated-by-default >> password validators. > > > Security comes first, so the should stay on by default. > > >> I think it should be a decision the developers take >> consciously, as it again adds just more overhead (which Django surely >> doesn't need). >> > > I doubt the overhead there is big, got any numbers to back up that claim? > Also if it adds too much overhead for you, feel free to disable them. > > Cheers, > Florian > > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at http://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/e653f37d-dc81-430b-87c4-47477bd971d9%40googlegroups.com > <https://groups.google.com/d/msgid/django-developers/e653f37d-dc81-430b-87c4-47477bd971d9%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAMwjO1ECNTs-iGbtvzqsZGPigmDLKSAM-QB3MTd5yMj5PwnnOA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
