On Jan 17, 2007, at 10:01 PM, James Bennett wrote:
Some of the people on this project are having serious concerns about
the choice to use Django for this particular project; do folks have
any thoughts/answers for them?
I'm not sure really what sort of answers there are to give; there
aren't any silver bullets which magically make web development "safe".
I agree, certainly. I understand that this sort of bug will,
unfortunately, come up occasionally. Our concern is that it's been
order of a thousand SVN revisions since its patch was submitted, and
a version of the code with this bug is still being distributed as a
major release, with no warning to new users that the code is unsafe.
I've been using Django since before this security policy was posted,
so I hadn't seen it; I always assumed that Django would have one
additional item on the list: - Apply the patch to the downloadable
distribution, at all locations where it's available, so naive new
users don't get bitten by old bugs.
The question really was, Is Django's policy to do this? If so, what
went wrong, and are there mechanisms in place to keep it from
happening again? If not, we're not sure what we will do; in terms of
evaluating frameworks as we go, Django has just dropped a rather
large notch in our view of things.
Thanks,
Adam
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django
users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
