Re: [Django] #35900: staticfiles: Make staticfiles.json location unguessable for security (by obscurity!)

[Django]

#35900: staticfiles: Make staticfiles.json location unguessable for security (by
obscurity!)
-------------------------------------+-------------------------------------
     Reporter:  Sebastian Pipping    |                    Owner:  (none)
         Type:  New feature          |                   Status:  closed
    Component:  contrib.staticfiles  |                  Version:  dev
     Severity:  Normal               |               Resolution:  wontfix
     Keywords:  staticfiles          |             Triage Stage:
  security hardening                 |  Unreviewed
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Natalia Bidart):

 * resolution:   => wontfix
 * status:  new => closed
 * type:  Uncategorized => New feature

Comment:

 Hello Sebastian, thank you for taking the time to create this report.

 Given this report requests a new feature for Django, the recommended path
 forward is to first propose and discuss the idea with the community and
 gain consensus. To do that, please consider starting a new conversation on
 the [https://forum.djangoproject.com/c/internals/5 Django Forum], where
 you'll reach a broader audience and receive additional feedback. This
 consensus would require agreement on the implementation details for this
 change since, besides the comments from Florian in the
 [https://github.com/django/django/pull/18778 PR], I thinks this would
 require some form of a deprecation path where the current
 `staticfiles.json` is still available, or perhaps a way to declare the
 `manifest_name` in the `STORAGES` definition to allow for the current
 behavior...

 I'll close the ticket for now, but if the community agrees with the
 proposal, please return to this ticket and reference the forum discussion
 so we can re-open it. For more information, please refer to
 [https://docs.djangoproject.com/en/stable/internals/contributing/bugs-and-
 features/#requesting-features the documented guidelines for requesting
 features].
-- 
Ticket URL: <https://code.djangoproject.com/ticket/35900#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/010701931b9597fd-18262089-4195-47d5-8f66-f700915ade62-000000%40eu-central-1.amazonses.com.