+1 for consistency too. You can always use a timedelta if you want, with total_seconds() (not seconds as mentioned before😉).
On 22 September 2017 at 08:48, Florian Apolloner <f.apollo...@gmail.com> wrote: > +1 for consistency > > On Friday, September 22, 2017 at 2:46:14 AM UTC+2, Collin Anderson wrote: >> >> Seconds is consistent with all of the other settings, even for long ones >> like CSRF_COOKIE_AGE and SESSION_COOKIE_AGE. It also means you can avoid >> importing datetime in your settings file. >> >> On Thu, Sep 21, 2017 at 8:36 PM, Tom Forbes <t...@tomforb.es> wrote: >> >>> It also seems odd to express it as seconds, it's often going to be a >>> large value between an hour and several days and the lowest resolution for >>> the value anyone would need is minutes. >>> >>> On 22 Sep 2017 01:29, "Tom Forbes" <t...@tomforb.es> wrote: >>> >>>> I would still vote for a timedelta, im not sure if there is a strong >>>> consensus in the thread. >>>> >>>> Representing the time as seconds always irks me, you can make it more >>>> readable by using multiplication but you often end up with a comment anyway >>>> and it doesn't scan nearly as well. Having to do 'timedelta.seconds' is OK, >>>> but it seems a bit like busywork. >>>> >>>> It's a small thing but I don't see any practical problem with just >>>> accepting a timedelta, they are nicer to work with in the settings file >>>> itself and within Django, especially if the TimestampSigner accepts them >>>> natively and we start to use that. >>>> >>>> On 21 Sep 2017 22:41, "Zhiqiang Liu" <zachl...@gmail.com> wrote: >>>> >>>> If most agree, I will proceed with using seconds. >>>> >>>> It is a good idea for the potential documentation Dylan! >>>> >>>> Zach >>>> >>>> >>>> On Thursday, September 21, 2017 at 10:09:50 AM UTC-4, Dylan Reinhold >>>> wrote: >>>> >>>>> I still think seconds are the way to go, but maybe the documentation >>>>> could give a clue that timedelta().seconds can be used for readability >>>>> PASSWORD_RESET_TIMEOUT = datetime.timedelta(hours=6, >>>>> minutes=30).seconds >>>>> >>>>> Dylan >>>>> >>>>> On Thu, Sep 21, 2017 at 6:14 AM, Zhiqiang Liu <zachl...@gmail.com> >>>>> wrote: >>>>> >>>>>> Yeah I don't think float number of days is a good choice because the >>>>>> calculation will be weird with precision issues. >>>>>> >>>>>> I think it makes sense to use PASSWORD_RESET_TIMEOUT. For timedelta >>>>>> vs. integer seconds. Timedelta has the benefit of readability, but >>>>>> integer >>>>>> has the benefit of simplicity. I think in SETTINGS everything should be >>>>>> as >>>>>> simple as possible, so I think integer seconds is a better choice here. >>>>>> And >>>>>> it is used in most applications too. >>>>>> >>>>>> >>>>>> On Thursday, September 21, 2017 at 8:56:36 AM UTC-4, charettes wrote: >>>>>>> >>>>>>> That's what I proposed on the ticket but I feel like it felt odd to >>>>>>> me, the setting name does't suggest this is possible and it might be >>>>>>> hard >>>>>>> to achieve exact second precious because of float rounding? >>>>>>> >>>>>>> In my opinion introducing PASSWORD_RESET_TIMEOUT with timedelta >>>>>>> support would be the best option. >>>>>>> >>>>>>> Simon >>>>>>> >>>>>>> Le jeudi 21 septembre 2017 05:26:23 UTC-4, Adam Johnson a écrit : >>>>>>>> >>>>>>>> Why not just keep PASSWORD_RESET_TIMEOUT_DAYS and allow floats? >>>>>>>> Then you can just do 1/24 for an hour. >>>>>>>> >>>>>>>> On 21 September 2017 at 09:50, Eddy C <coupo...@chicheng.me> wrote: >>>>>>>> >>>>>>>>> I think Minute, with default value 30 or 60, is the best unit for >>>>>>>>> this setting. >>>>>>>>> >>>>>>>>> 3 minutes (even 1) is short enough for edge case and 720 (12 >>>>>>>>> hours) also looks good. >>>>>>>>> >>>>>>>>> On Thursday, September 21, 2017 at 6:22:20 PM UTC+10, Tom Forbes >>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> I think we shouldn't shoe-horn a timedelta into the existing >>>>>>>>>> setting, so my vote is with the second option, but I think a >>>>>>>>>> timedelta is >>>>>>>>>> much more readable than just an integer. >>>>>>>>>> >>>>>>>>>> Also, the existing 3 day timeout for password links is quite >>>>>>>>>> surprising from a security point of view. The consultants I work >>>>>>>>>> with would >>>>>>>>>> flag up a token that lasts longer than 12 hours as an issue during a >>>>>>>>>> pentest. >>>>>>>>>> >>>>>>>>>> IMO a new, far shorter default should be added to this setting. >>>>>>>>>> >>>>>>>>>> On 21 Sep 2017 03:56, "Zhiqiang Liu" <zachl...@gmail.com> wrote: >>>>>>>>>> >>>>>>>>>> I need general consensus on how to proceed with supporting >>>>>>>>>> password expire time to be under a day. Currently it is not possible >>>>>>>>>> because we use PASSWORD_RESET_TIMEOUT_DAYS. >>>>>>>>>> >>>>>>>>>> In ticket 28622 <https://code.djangoproject.com/ticket/28622> we >>>>>>>>>> have two options. >>>>>>>>>> >>>>>>>>>> One is to continue to use the same setting >>>>>>>>>> PASSWORD_RESET_TIMEOUT_DAYS, but change the value to non-integer >>>>>>>>>> (such as >>>>>>>>>> timedelta) so we can send hours, minutes, etc to it. >>>>>>>>>> >>>>>>>>>> The other one is to create a new setting like >>>>>>>>>> PASSWORD_RESET_TIMEOUT which takes seconds.To support backward >>>>>>>>>> compatibility, I think we should keep PASSWORD_RESET_TIMEOUT_DAYS >>>>>>>>>> and its >>>>>>>>>> default value of 3. Only use PASSWORD_RESET_TIMEOUT when provided. >>>>>>>>>> >>>>>>>>>> I'm unsure which one is better, so inputs are welcome. >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "Django developers (Contributions to Django itself)" >>>>>>>>>> group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to django-develop...@googlegroups.com. >>>>>>>>>> To post to this group, send email to django-d...@googlegroups.com >>>>>>>>>> . >>>>>>>>>> Visit this group at https://groups.google.com/grou >>>>>>>>>> p/django-developers. >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>> https://groups.google.com/d/msgid/django-developers/c8e96008 >>>>>>>>>> -eb95-4924-8e5e-9b02d6b90c99%40googlegroups.com >>>>>>>>>> <https://groups.google.com/d/msgid/django-developers/c8e96008-eb95-4924-8e5e-9b02d6b90c99%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>>> . >>>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "Django developers (Contributions to Django itself)" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to django-develop...@googlegroups.com. >>>>>>>>> To post to this group, send email to django-d...@googlegroups.com. >>>>>>>>> Visit this group at https://groups.google.com/grou >>>>>>>>> p/django-developers. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/django-developers/6d0d4251 >>>>>>>>> -64bc-40a0-b191-9cf3dfe8c91b%40googlegroups.com >>>>>>>>> <https://groups.google.com/d/msgid/django-developers/6d0d4251-64bc-40a0-b191-9cf3dfe8c91b%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Adam >>>>>>>> >>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Django developers (Contributions to Django itself)" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to django-develop...@googlegroups.com. >>>>>> To post to this group, send email to django-d...@googlegroups.com. >>>>>> Visit this group at https://groups.google.com/group/django-developers >>>>>> . >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/django-developers/2857fb9f >>>>>> -4959-4d08-91ca-1287fd3d8246%40googlegroups.com >>>>>> <https://groups.google.com/d/msgid/django-developers/2857fb9f-4959-4d08-91ca-1287fd3d8246%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Django developers (Contributions to Django itself)" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to django-develop...@googlegroups.com. >>>> To post to this group, send email to django-d...@googlegroups.com. >>>> Visit this group at https://groups.google.com/group/django-developers. >>>> To view this discussion on the web visit https://groups.google.com/d/ms >>>> gid/django-developers/d2c48f2a-7017-4ffc-9f33-0cfdb1db31de% >>>> 40googlegroups.com >>>> <https://groups.google.com/d/msgid/django-developers/d2c48f2a-7017-4ffc-9f33-0cfdb1db31de%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Django developers (Contributions to Django itself)" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to django-develop...@googlegroups.com. >>> To post to this group, send email to django-d...@googlegroups.com. >>> Visit this group at https://groups.google.com/group/django-developers. >>> To view this discussion on the web visit https://groups.google.com/d/ms >>> gid/django-developers/CAFNZOJMLiFj0csHPJ1_cNfxBizG2T_ >>> UzHX7oV9%3DS4zhkRfA7DQ%40mail.gmail.com >>> <https://groups.google.com/d/msgid/django-developers/CAFNZOJMLiFj0csHPJ1_cNfxBizG2T_UzHX7oV9%3DS4zhkRfA7DQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at https://groups.google.com/group/django-developers. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/django-developers/56d501f3-6bc2-4869-b935- > 0cda273b78c9%40googlegroups.com > <https://groups.google.com/d/msgid/django-developers/56d501f3-6bc2-4869-b935-0cda273b78c9%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Adam -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAMyDDM3MzQroaqLTHNBZoJLJRk9L_FKq6VaQO7EbXx4NYv00uQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
