#21363: TimestampSigner.unsign should accept a timedelta for max_age
-------------------------------+--------------------
Reporter: gwahl@… | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.4
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
Currently, the max_age parameter to TimestampSigner.unsign is a number
representing the max age of the signature as a number of seconds. In
Python, the correct way to represent an time interval (an age) is a
datetime.timedelta.
A timedelta is very obvious and readable:
{{{
max_age=datetime.timedelta(days=12)
}}}
Versus
{{{
max_age=12 * 24 * 60 * 60
}}}
A timedelta provides much better error reporting for long intervals:
'Signature age 1296123 > 1209600 seconds' versus 'Signature age 15 days,
0:02:03 > 14 days, 0:00:00'
A timedelta is also the intuitive type for the max_age parameter. I asked
a few of my colleagues what they thought should be passed as a max_age,
and all of them said a timedelta. Using a value object instead of a simple
number also provides type safety by only allowing semantically valid
operations.
It is unfortunate that to preserve backwards compatibility there is now
more than one way to pass a timeout to unsign. My patch currently accepts
both, but it would be easy to deprecate the seconds version.
--
Ticket URL: <https://code.djangoproject.com/ticket/21363>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/062.680f331a5be484a9bb420210d3b65dfa%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.
