[ANNOUNCE] Django 1.11 alpha 1 released

[Tim Graham]

We've made the first release on the way to Django's next major release, 
Django 1.11! With two and a half months until the scheduled final release, 
we'll need timely testing from the community to ensure an on-time and 
stable release. Check out the blog post:

https://www.djangoproject.com/weblog/2017/jan/17/django-111-alpha-1/

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/ec78273c-eeb7-44d9-bd54-4efa0c71b971%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: status of 1.11 release blockers

[Tim Graham]

I've reviewed and merged as much as I can (thank you to everyone who 
helped!) and plan to create the stable/1.11.x branch and issue the alpha 
release in approximately 7 hours.

On Monday, December 26, 2016 at 1:17:01 PM UTC-5, Tom Christie wrote:
>
> > 
> this feature https://github.com/django/django/pull/7482 will also be a 
> very good inclusion.
>
> Can't see simplified URL routing being complete before the feature freeze. 
> What might be feasible is getting the URL kwarg type conversion basics in, 
> so that it can fully exist as a third party package, with full support 
> slated for 2.0.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/07880ee7-8111-4dd5-8c68-b521953be9d6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Django 2.0 Python version support (Python 3.6+ only?)

[Tim Graham]

I propose to tentatively target Python 3.5+ for Django 2.0 but not to 
remove the current workarounds for Python 3.4 at this time. Shortly before 
the alpha for Django 2.0, an interested person can look into how much work 
is required to fix any test failures on Python 3.4 and we'll make a 
decision then.

On Sunday, January 8, 2017 at 8:52:13 PM UTC-5, Cheng Chi wrote:
>
> +1 on type hinting. PyCharm always gives me 20+ options when I want to 
> jump to the definition of modelInstance.save() method (or any other method 
> with a common name like save), which makes me really miss static type 
> languages... As the framework for perfectionists with deadlines, I think 
> type hinting (with IDE) does help a lot on productivity for many developers 
> who are not experts on Django core.
>
> Since django core is considerably mature and no major new feature is on 
> the horizon currently, I'd like to see more python language features 
> adopted as django evolving.
>
> On Sunday, January 8, 2017 at 6:43:46 PM UTC+11, roboslone wrote:
>>
>> I do not think this matters, first off there is no commitment from our 
>> side on type hinting or anything. We do not have any DEP or something 
>> related and didn't even discuss if we actually want type hinting. 
>> Personally I am kinda against it anyways, since it clutters the code for 
>> not much gain. So if we were to do it, I would prefer stub files anyways, 
>> in which case we won't depend on any python version as far as I understood 
>> that.
>>
>>
>> As Django user, I have to say type hinting would help a lot to understand 
>> how things work in Django without looking at docs. It could save a lot of 
>> time for beginners, too. Also I have to mention, that PyCharm (which is the 
>> most popular IDE for Python, I believe) has support for type hinting and 
>> could help you avoid many problems before even firing up a server.
>>
>> In my opinion not adding type hints in Django 2.0 would be a mistake.
>>
>> "Django 2.0 will be the last version of Django to support Python 3.4. 
>> This allows those running older operating systems with Python 3.4 (such as 
>> Ubuntu 14.04 and CentOS 6) to use the latest version of Django for an 
>> additional eight months. If you don't intend to upgrade to a system with 
>> Python 3.5 or later by the end of security updates for Django 2.0 in April 
>> 2019, stick with Django 1.11 LTS which is supported until April 2020."
>>
>>
>> As to Python 3.4 support, Django 1.11 will be LTS and most projects 
>> written with Django <=1.10 will probably stay on LTS version. Using Django 
>> 2.0 in existing project would require rewriting some bits anyway (correct 
>> me if I'm wrong), so there's really not much point in sticking to Python 
>> 3.4/3.5 in my opinion. If you're rewriting your code to use new version of 
>> Django, you could as well use new version of Python. Isn't it the whole 
>> point of major release?
>>
>> Sticking to 3.6 would allow using format strings, and that would greatly 
>> increase readability (looking at %-strings here). To be honest, using 
>> str.format on string with many variables can hurt readability almost as 
>> much as % does. Also, variable annotation only appeared in 3.6, so 
>> supporting Python 3.5 an older would mean that variable annotation is only 
>> possible using comments (which is not necessarily a bad thing, tough it has 
>> some downsides as pointed out in PEP-526).
>>
>> I have to add, that nowadays deploying python applications with desired 
>> version of Python is fairly easy. One could use relocatable virtualenvs, 
>> Docker containers and so on. So even if you're on an outdated distro (or 
>> something like RHEL, that wouldn't get new python version in ages, 
>> probably) and your OS is stuck with older version of Python, your 
>> application doesn't have to be.
>>
>> Since there're a lot of Django users out there who aren't subscribed to 
>> this mailing list, I suggest to sum up this discussion in a blog post and 
>> let users vote. I believe a big "Help decide Django 2.0 fate" button on 
>> djangoproject.com would attract much more attention to the issue. Maybe 
>> most of Django users are ready to migrate to Python 3.6 when they switch to 
>> Django 2.0 (probably not, but who knows) and developers could start 
>> enjoying new Python features a year or two earlier.
>>
>> P.S. Please treat everything above as a personal opinion, I'm probably 
>> wrong about some things. And sorry for a bad English, it's not my native 
>> language.
>>
>> On 7 Jan 2017, at 19:48, Tim Graham  wrote:
>>
>> Daniele, here's my try at being more concrete than "It seems reasonable" 
>> and "decent ledge of overlap". Let me know if you meant something different!
>>
>> "Django 2.0 will be the last version of Django to support Python 3.4. 
>> This allows those running older operating systems with Python 3.4 (such as 
>> Ubuntu 14.04 and CentOS 6) to use the latest version of Django for an 
>> additional eight months. If you

Re: Time based one time password and django ?

['Tom Evans' via Django developers (Contributions to Django itself)]

Also django-two-factor, which builds on django-otp and provides all
extra bits you might need, eg setup views, QR code generation for
device registration, login wizards etc supporting HOTP/TOTP, static
tokens, Yubikey and SMS.

https://markusholtermann.eu/2016/09/2-factor-authentication-in-django/

Cheers

Tom

On Mon, Jan 16, 2017 at 4:38 PM, Alexander Dutton
 wrote:
> There's also , which is fairly easy
> to integrate into a Django project.
>
> As a long-term user of (but rare contributor to) Django I'd say the ease
> of using one of a number of third-party solutions points to keeping it
> out of core.
>
> Relatedly, integrating custom auth (i.e. not just username/password)
> would be easier if the Django admin site deferred to LOGIN_URL by
> default instead of presenting its own login form. An example issue is
> when one uses some sort of web server SSO module with
> RemoteUserMiddleware, and then the admin site presents asks for a
> username and password for already-authenticated non-staff (who have no
> local credentials).
>
> Yours,
>
> Alex
>
>
>
> On 16/01/17 16:28, Gavin Wahl wrote:
>> I have a project that implements TOTP and U2F as a third-party
>> package: https://github.com/gavinwahl/django-u2f
>>
>> On Sunday, January 15, 2017 at 3:47:56 AM UTC-7, ludovic coues wrote:
>>
>> Hello,
>>
>> After reading the recent thread on authentification in django, I
>> wondered about the chance of getting a 2-step auth mechanism in
>> django.contrib.
>>
>> Time based one time password, or TOTP, is now part of the RFC 6238.
>> For those who don't know it, it use a shared secret and current time
>> to produce 6 digit number. That number change every 30 seconds and is
>> used to confirm login after entering a correct username and password.
>>
>> As far as I can tell, there is no such thing present in django
>> currently. But I don't know if it's because nobody have done the  work
>> or if there are reason to not include 2-step solution in django.
>>
>> --
>>
>> Cordialement, Coues Ludovic
>> +336 148 743 42
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send
>> an email to django-developers+unsubscr...@googlegroups.com
>> .
>> To post to this group, send email to django-developers@googlegroups.com
>> .
>> Visit this group at https://groups.google.com/group/django-developers.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-developers/7a3b3837-5c24-4984-abb8-d68d9ce31459%40googlegroups.com
>> .
>> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Django developers  (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-developers.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/django-developers/fb94cbfa-5987-4aa7-e74a-6fa53ce05cce%40alexdutton.co.uk.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAFHbX1J02Kz62Th38x_USngaBQ-tKOd3DJH0OUyp4FFyMC879Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.