context = context.new(context)

[John Bazik]

I'm looking at code that does this:

 context = context.new(context)

Prior to 1.7, I assume that worked since a context was a dict.  Now that 
it's a stack, it breaks.

I could suggest they use flatten:

 context = context.new(context.flatten())

but that's not exactly a copy, which is what I think they're after.

What do you think they should be doing?

John

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/1d653737-d69d-4c95-b50d-8f4ce5566a5d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Discussion] Legacy documentation / Boken docs Django v1.2

[Florian Apolloner]

On Thursday, February 18, 2016 at 4:24:09 PM UTC+1, Tim Graham wrote:
>
> I guess I'm not strongly opposed if someone wants to do that, but I don't 
> think I can justify spending time on the DSF's dime to help out users of 
> unsupported versions.
>

+1

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/2baf4917-d427-4d65-b6cb-e14b91a532b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: remove support for unsalted password hashers?

[Tim Graham]

Feedback is welcome on the draft blog post. The links to the pull requests 
will be replaced with links to the docs once those PRs are reviewed and 
merged.

Security advisory: Strengthening the password hashes in your database

Summary: If you have MD5 or SHA1 password hashes in your database, here's a 
way to update them without requiring all your users to login again.

Body:

Are the password hashes in your database strong enough to prevent them from 
being cracked if your database is compromised?

Django 0.90 stored passwords as unsalted MD5. Django 0.91 added support for 
salted SHA1 with automatic upgrade of passwords when a user logs in. Django 
1.4 added PBKDF2 as the default password hasher.

If you have an old Django project with MD5 or SHA1 (even salted) encoded 
passwords, be aware that these can be cracked fairly easily with today's 
hardware. Consider using a `wrapped password hasher 
`_ to strengthen the hashes in 
your database. Django 1.10 will `remove the MD5 and SHA1 hashers 
`_ from the default 
``PASSWORD_HASHERS`` setting to force projects to acknowledge continued use 
of a weak hasher.

On Wednesday, February 17, 2016 at 1:24:04 PM UTC-5, Tim Graham wrote:
>
> To answer my own question, I did a little experiment and cracked about 10% 
> of the SHA1 password hashes in the djangoproject.com database in minutes 
> on my several year old PC.
>
> I think that's sufficiently weak to:
> 1. Make a blog post recommending that projects upgrade using the 
> instructions in [1] 
> 2. Remove SHA1PasswordHasher from the default PASSWORD_HASHERS in Django 
> 1.10 to force projects to explicitly acknowledge use of an insecure hash if 
> they require it.
>
> [1] https://github.com/django/django/pull/6114
>
> On Wednesday, February 10, 2016 at 5:16:11 PM UTC-5, Tim Graham wrote:
>>
>> Is salted SHA1 sufficiently insecure to remove it from the default 
>> PASSWORD_HASHERS or should we leave it for now? Any project created before 
>> pbkdf2 was introduced in Django 1.4 (March 2012) will likely have some SHA1 
>> hashes unless all their users have logged in since. I've written 
>> instructions on how to upgrade such passwords without requiring all your 
>> users to login [1]. If it's warranted, we could make a blog post advising 
>> this. 
>>
>> [1] https://github.com/django/django/pull/6114 
>> 
>>
>> On Monday, February 8, 2016 at 3:12:28 PM UTC-5, Tim Graham wrote:
>>>
>>> Thanks for the feedback everyone. I've created a few action items:
>>>
>>> https://code.djangoproject.com/ticket/26187 - Remove weak password 
>>> hashers from the default PASSWORD_HASHERS setting
>>> https://code.djangoproject.com/ticket/26188 - Document how to wrap 
>>> password hashers
>>> https://github.com/django/djangoproject.com/issues/632 - Use a wrapped 
>>> password hasher to upgrade SHA1 passwords
>>>
>>> On Saturday, February 6, 2016 at 3:56:00 AM UTC-5, Curtis Maloney wrote:

 I kept meaning to weigh in on this... but all my points have been made. 

 It sounds like the middle ground is to: 

 1) remove them from the default list 
 2) keep them in the codebase 
 3) make them noisy (raise warnings) 
 4) provide docs/tools on how to upgrade 

 Then we get "secure by default" (1), as well as "encouraging upgrades" 
 (3), whilst also "supporting slow-to-update installs" (4), and 
 "encouraging best practices" (3). 


 -- 
 C 


 On 06/02/16 19:51, Aymeric Augustin wrote: 
 > Yes, that would be good from the “security by default” standpoint. 
 This 
 > would also allow us to trim the full list of hashers which is 
 repeated 
 > several times in the docs. 
 > 
 > -- 
 > Aymeric. 
 > 
 >> On 6 févr. 2016, at 00:03, Tim Graham > > wrote: 
 >> 
 >> I would guess most users aren't customizing the default list of 
 >> hashers, so I'd rather remove weak hashers from the PASSWORD_HASHERS 
 >> setting and let anyone who needs to use a weak hasher define their 
 own 
 >> setting (at which point a warning probably isn't needed). Does that 
 >> seem okay? 
 >> 
 >> On Friday, February 5, 2016 at 3:20:41 PM UTC-5, Aymeric Augustin 
 wrote: 
 >> 
 >> Adding a check for weak password hashers could be a good 
 >> compromise to drive attention to the issue but make it 
 reasonably 
 >> easy to ignore it if you need MD5 for compatibility with other 
 >> systems. 
 >> 
 >> -- 
 >> Aymeric. 
 >> 
 >>> On 5 févr. 2016, at 21:11, Sergei Maertens <
 sergeim...@gmail.com 
 >>> > wrote: 
 >>> 
 >>> This is my main concern as well. I 

Re: [Discussion] Legacy documentation / Boken docs Django v1.2

[Tim Graham]

I guess I'm not strongly opposed if someone wants to do that, but I don't 
think I can justify spending time on the DSF's dime to help out users of 
unsupported versions.

On Thursday, February 18, 2016 at 9:33:52 AM UTC-5, Fred Stluka wrote:
>
> I vote for a 301 to the matching ReadTheDocs page.
>
> I recently had to manually update these bookmarks:
>
> - Django 1.4 Docs
>   - Old: https://docs.djangoproject.com/en/1.4/
>   - New: https://django.readthedocs.org/en/1.4/
>
> - Django 1.4 API Ref
>   - Old: https://docs.djangoproject.com/en/1.4/ref/
>   - New: https://django.readthedocs.org/en/1.4/ref/
>
> - Django 1.4 Doc Detailed TOC
>   - Old: https://docs.djangoproject.com/en/1.4/contents/
>   - New: https://django.readthedocs.org/en/1.4/contents.html
>
> - Django 1.4 Doc Index
>   - Old: https://docs.djangoproject.com/en/1.4/genindex/
>   - New: https://django.readthedocs.org/en/1.4/genindex.html
>
> - Django 1.4 Module Index
>   - Old: https://docs.djangoproject.com/en/1.4/py-modindex/
>   - New: https://django.readthedocs.org/en/1.4/py-modindex.html
>
> - Django 1.4 Testing
>   - Old: https://docs.djangoproject.com/en/1.4/topics/testing/
>   - New: https://django.readthedocs.org/en/1.4/topics/testing.html
>
> - Django 1.4 Testing Assertions
>   - Old: https://docs.djangoproject.com/en/1.4/topics/testing/#assertions
>   - New: 
> https://django.readthedocs.org/en/1.4/topics/testing.html#assertions
>
> - Django 1.5 Docs
>   - Old: https://docs.djangoproject.com/en/1.5/
>   - New: https://django.readthedocs.org/en/1.5.x/
>
> - Django 1.6 Docs
>   - Old: https://docs.djangoproject.com/en/1.6/
>   - New: https://django.readthedocs.org/en/1.6.x/
>
> --Fred 
> --
> Fred Stluka -- mailt...@bristle.com  -- 
> http://bristle.com/~fred/ 
> Bristle Software, Inc -- http://bristle.com -- Glad to be of service! 
> Open Source: Without walls and fences, we need no Windows or Gates. 
> --
> On 2/17/16 5:21 AM, Daniel Chimeno wrote:
>
> IMHO We should keep the older version of docs somewhere, ReadTheDocs it's 
> fine. 
> But we can't only remove them. We may notice the users instead of 
> returning a simple 404.
> There are a lot of people still using those versions.
> To keep happy search engines, we should give a 301 to somewhere, not sure 
> if we should do it or not.
>
>
>
> El jueves, 7 de agosto de 2014, 13:32:25 (UTC+2), Areski Belaid escribió: 
>>
>> Hi Folks, 
>>
>> I wanted to open a discussion regarding the following ticket 
>> https://code.djangoproject.com/ticket/23042
>>
>> To summarize briefly, you may notice that we can search doc for Django 
>> version 1.2 (for example 
>> 
>> https://docs.djangoproject.com/search/?q=forms=4) but the links 
>> in the result won't work.
>>
>>
>> As Baptiste (IRC bmispelon) explained on IRC, we may have 2 approach to 
>> solve this problem:
>>
>> 1) Fix the docs builder for versions < 1.2 (at the moment the 
>> doc-building process is broken on old branches due to different version of 
>> Sphinx)
>>
>> 2) Discontinue older Django docs version and decide a policy regarding 
>> doc hosting
>>
>>
>> What do you think?
>>
>>
>> -- 
>> //Areski
>>
>> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-develop...@googlegroups.com .
> To post to this group, send email to django-d...@googlegroups.com 
> .
> Visit this group at https://groups.google.com/group/django-developers.
> To view this discussion on the web visit 
> 
> https://groups.google.com/d/msgid/django-developers/ba425446-63fb-4039-b238-443adac456ed%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/afa7c7db-ed85-400b-b1dd-c2d9789151d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Discussion] Legacy documentation / Boken docs Django v1.2

[Fred Stluka]

I vote for a 301 to the matching ReadTheDocs page.

I recently had to manually update these bookmarks:

- Django 1.4 Docs
  - Old: https://docs.djangoproject.com/en/1.4/
  - New: https://django.readthedocs.org/en/1.4/

- Django 1.4 API Ref
  - Old: https://docs.djangoproject.com/en/1.4/ref/
  - New: https://django.readthedocs.org/en/1.4/ref/

- Django 1.4 Doc Detailed TOC
  - Old: https://docs.djangoproject.com/en/1.4/contents/
  - New: https://django.readthedocs.org/en/1.4/contents.html

- Django 1.4 Doc Index
  - Old: https://docs.djangoproject.com/en/1.4/genindex/
  - New: https://django.readthedocs.org/en/1.4/genindex.html

- Django 1.4 Module Index
  - Old: https://docs.djangoproject.com/en/1.4/py-modindex/
  - New: https://django.readthedocs.org/en/1.4/py-modindex.html

- Django 1.4 Testing
  - Old: https://docs.djangoproject.com/en/1.4/topics/testing/
  - New: https://django.readthedocs.org/en/1.4/topics/testing.html

- Django 1.4 Testing Assertions
  - Old: https://docs.djangoproject.com/en/1.4/topics/testing/#assertions
  - New: 
https://django.readthedocs.org/en/1.4/topics/testing.html#assertions


- Django 1.5 Docs
  - Old: https://docs.djangoproject.com/en/1.5/
  - New: https://django.readthedocs.org/en/1.5.x/

- Django 1.6 Docs
  - Old: https://docs.djangoproject.com/en/1.6/
  - New: https://django.readthedocs.org/en/1.6.x/

--Fred

Fred Stluka -- mailto:f...@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.

On 2/17/16 5:21 AM, Daniel Chimeno wrote:
IMHO We should keep the older version of docs somewhere, ReadTheDocs 
it's fine.
But we can't only remove them. We may notice the users instead of 
returning a simple 404.

There are a lot of people still using those versions.
To keep happy search engines, we should give a 301 to somewhere, not 
sure if we should do it or not.




El jueves, 7 de agosto de 2014, 13:32:25 (UTC+2), Areski Belaid escribió:

Hi Folks,

I wanted to open a discussion regarding the following ticket
https://code.djangoproject.com/ticket/23042


To summarize briefly, you may notice that we can search doc for
Django version 1.2 (for example
https://docs.djangoproject.com/search/?q=forms=4
) but
the links in the result won't work.


As Baptiste (IRC bmispelon) explained on IRC, we may have 2
approach to solve this problem:

1) Fix the docs builder for versions < 1.2 (at the moment the
doc-building process is broken on old branches due to different
version of Sphinx)

2) Discontinue older Django docs version and decide a policy
regarding doc hosting


What do you think?


-- 
//Areski


--
You received this message because you are subscribed to the Google 
Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to django-developers+unsubscr...@googlegroups.com 
.
To post to this group, send email to 
django-developers@googlegroups.com 
.

Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/ba425446-63fb-4039-b238-443adac456ed%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Django 
developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/56C5D635.9020500%40bristle.com.
For more options, visit https://groups.google.com/d/optout.

Re: Contribution to django

[Tim Graham]

Please read our contributing documentation: 
https://docs.djangoproject.com/en/dev/internals/contributing/new-contributors/

On Thursday, February 18, 2016 at 8:28:07 AM UTC-5, ABHINAV RAI wrote:
>
> Hello
>
> I am Abhinav Rai, Sophomore from Computer Science Engineering from Indian 
> Institute of Technology, Jodhpur. I am a beginner in contributing to 
> open-source.
> Can anyone please advice me on how can i start contributing to Django.
>
> Thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/e8ef7945-6530-4a37-a3a7-9d2eef52d68a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Contribution to django

[ABHINAV RAI]

Hello

I am Abhinav Rai, Sophomore from Computer Science Engineering from Indian 
Institute of Technology, Jodhpur. I am a beginner in contributing to 
open-source.
Can anyone please advice me on how can i start contributing to Django.

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/e8891e1e-169e-4680-8df8-8b8f05bc5659%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.