Re: Trimming in the settings file (Was: Re: Follow-up to #28307: Possible app_template improvements)
Hello Melvyn,
> On 26 Jun 2017, at 12:21, Melvyn Sopacua wrote:
>
> keep STATIC_URL (which I rarely change) but remove STATIC_ROOT (which is
> different per project and sometimes even per install) is beyond me.
Back when Apache + mod_wsgi was the standard deployment stack, collecting
staticfiles inside the project tree was a bad security practice. For that
reason it couldn't be the default. A safer default value such as
`/var/www/{project_name}/static` would require additional setup and wouldn't
work well as a default.
(It's a bad security practice because developers just trying to make it work
tend to `chmod -R www-data:www-data /home/{project_name}`, making their whole
source tree world-readable, because they're having trouble getting static files
to work.)
Nowadays it's more common to serve static files from a third-party system such
as CloudFront + S3 which doesn't require STATIC_ROOT or with a middleware like
whitenoise which doesn't suffer from this concern. Only in the latter case is
`STATIC_ROOT = os.path.join(ROOT_DIR, 'static')` a valid default.
Given this range of options, I still find it best for users to think about what
they're doing, read the docs, hopefully review security considerations, define
the settings they need and understand their deployment. I also believe that
unused settings can be confusing and make it more difficult to diagnose
deployment problems.
I'm sure there's a more extensive project template somewhere that will suit
your needs better.
Best regards,
--
Aymeric.
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/3D52B789-F9E1-497D-B5C1-C994D1581155%40polytechnique.org.
For more options, visit https://groups.google.com/d/optout.
Re: Getting Started with Open Source and Finding a mentor
You can use this mailing list: https://groups.google.com/forum/#!forum/django-core-mentorship It would be helpful to say what issue you're working on and the specifics of what help or advice you need. On Friday, June 23, 2017 at 10:35:58 PM UTC-4, Irindu Nugawela wrote: > > Hi, I am a computer engineering undergraduate with great skills in Java > and basic skills in Python and JavaScript and I am a beginner to the open > source world, I'd like to contribute to this project to get comfortable > with Python as well as the open source world. I am going through the > contribution guides but I would very much appreciate to get mentored by an > experienced developer(One of the reasons for selecting this particular > organization). If anyone is willing to help me please let me know :-) > > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/787d1fdc-1fdc-4ca5-9b60-2a55fdbf712d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Trimming in the settings file (Was: Re: Follow-up to #28307: Possible app_template improvements)
On Monday 26 June 2017 20:25:58 Curtis Maloney wrote: > On 26/06/17 20:21, Melvyn Sopacua wrote: > > On Thursday 15 June 2017 08:14:02 Aymeric Augustin wrote: > > > > I see the point for the number of useless files. But in every > > release, settings.py has been trimmed more and more to the point > > that it's next to useless. I'm wondering about the upside of that. > > Cause I'm seeing plenty of downsides for both new and veteran > > users. > > Can't say I agree it's useless... I find I need very little to modify > the start project template to get under way... especially now that > admin is in by default. Right. Sane defaults are a good thing. Doesn't address why trimming it down is a good thing. > > Not to mention the choice of what to remove. To keep STATIC_URL > > (which I rarely change) but remove STATIC_ROOT (which is different > > per project and sometimes even per install) is beyond me. > > Because STATIC_URL is useful always, whereas STATIC_ROOT typically > only makes sense when you deploy... But in doing so the educational part is removed. That there's a STATIC_URL and a STATIC_ROOT that need to be mapped by the webserver. The drawback of what is there now, is that it works and you have no clue why it doesn't once deployed, as you have had no reason to click the link. And since STATICFILES is suddenly one word, I've spent several minutes trying to find out why my static dir isn't picked up. Or why I can't connect to the database, because it's 'USER' not 'USERNAME'. Boiler plate is supposed to save you time in typing and looking up things and it's in shear contrast with this trimming fashion. -- Melvyn Sopacua -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/1702467.YTQEXA1zWP%40devstation. For more options, visit https://groups.google.com/d/optout.
Re: Trimming in the settings file (Was: Re: Follow-up to #28307: Possible app_template improvements)
On 26/06/17 20:21, Melvyn Sopacua wrote: On Thursday 15 June 2017 08:14:02 Aymeric Augustin wrote: I see the point for the number of useless files. But in every release, settings.py has been trimmed more and more to the point that it's next to useless. I'm wondering about the upside of that. Cause I'm seeing plenty of downsides for both new and veteran users. Can't say I agree it's useless... I find I need very little to modify the start project template to get under way... especially now that admin is in by default. Not to mention the choice of what to remove. To keep STATIC_URL (which I rarely change) but remove STATIC_ROOT (which is different per project and sometimes even per install) is beyond me. Because STATIC_URL is useful always, whereas STATIC_ROOT typically only makes sense when you deploy... -- Curtis -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/c46370db-c437-5b18-e5ab-bce8bec8a4e2%40tinbrain.net. For more options, visit https://groups.google.com/d/optout.
Trimming in the settings file (Was: Re: Follow-up to #28307: Possible app_template improvements)
On Thursday 15 June 2017 08:14:02 Aymeric Augustin wrote: > The more files get generated to startapp, the more empty useless files > accrue in many projets, because devs don't take the time to delete > those they don't use. ... > For this reason, I'm skeptical of attempts to extend the startapp > template. I'm more interested in trimming it down. I see the point for the number of useless files. But in every release, settings.py has been trimmed more and more to the point that it's next to useless. I'm wondering about the upside of that. Cause I'm seeing plenty of downsides for both new and veteran users. Not to mention the choice of what to remove. To keep STATIC_URL (which I rarely change) but remove STATIC_ROOT (which is different per project and sometimes even per install) is beyond me. -- Melvyn Sopacua -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/10801056.ZSdBa9gieM%40devstation. For more options, visit https://groups.google.com/d/optout.
