Re: 2020 Authentication Initiativ

[Robert Marsanyi]

Many of these auth systems are client/server, not going to be the simplest 
thing to configure the entire stack for simple projects/tutorials/testing 
environments and so on.  I can definitely see having.a pluggable alternative to 
the contrib.auth package that implements all the client-side stuff, though.  
When setting up or modifying a project, select the alternative package, and be 
as agnostic as possible about the auth server-side; a service like Auth0 or AWS 
Cognito if someone has access to it, a separate private domain auth server, 
Google/Facebook/OpenAuth.  A protocol like OpenID Connect has the virtue of 
working with lots of different auth services, so an OpenID Connect client might 
fit the bill.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/564f2e06-6b36-4797-8897-01a0c5a55251%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Support for CTAS statement with ORM API?

[Adam Johnson]

Hi Markus

CTAS can be useful in some cases, but I can't imagine how we'd fit it into
the Django ORM nicely. There wouldn't be a model for the correspondingly
created table. Have you got a suggestion for the way you'd like to see it
working?

Thanks,

Adam

On Wed, 24 Apr 2019 at 14:03, Markus Elfring  wrote:

> Hello,
>
> I contributed the feature request “Creating database tables from queries
> based on ORM API” .
> Today it was requested to continue the clarification for mentioned
> software aspects in this forum.
>
> Can the support for the SQL standard statement “CREATE TABLE AS SELECT”
> (CTAS) grow besides the application of materialized views (or snapshots)?
>
> By the way:
> This functionality is supported by the class library “SQLAlchemy 1.3.2”
>  (to
> some degree).
>
> Regards,
> Markus
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/ac948a00-2a5e-445a-bffd-80172210378e%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
Adam

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAMyDDM1pab%2BJJuQcohMVDNjOj5_QTLUQDX6Mzkc_LPUM6pOcbw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: 2020 Authentication Initiativ

[Johannes Hoppe]

Auth0 looks like a need solution! And yes, I am a bit YubiKey fan myself. Use 
it for 2FA and PGP, worth every penny.

--

On 25. Apr 2019, 17:38 +0200, Александр Овчинников , 
wrote:
>
> > IMHO Django should provide a secure and simple (for developers) out of the 
> > box solution.
>
> I can't but agree with you. Today long (at least >15 characters [Chrome 
> password manager], but > 20 is much better) passwords created and stored in 
> password managers (some modern browsers include them or as alternative you 
> can try 1Password etc.) are still good solution but looks a little bit 
> outdated (there is better login experience).
>
> > "Django - The web framework for perfectionists with deadlines."
>
> Today password-based auth is not for perfectionists. No longer. 
> Perfectionists votes for passwordless login experience. It's E-mail 
> authentication (if you think about sms-based authentication, then do not use 
> it without 2FA, hackers may read your sms), some SaaS'es may create it for 
> you (Auth0: https://auth0.com/blog/how-passwordless-authentication-works/) or 
> hardware keys (Yubico: something like 
> https://www.yubico.com/products/yubikey-5-overview/, also check about their 
> support: 
> https://www.yubico.com/2018/04/yubico-and-microsoft-introduce-passwordless-login/).
>
> So. We would like provide ability to use passwordless (hardware keys, 
> E-mail-based) with optional 2FA (via OTP app on smartphone), OpenID Connect 
> (which uses JWT tokens, OAuth etc.).
> --
> You received this message because you are subscribed to a topic in the Google 
> Groups "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/django-developers/d92P2V0YrbI/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to 
> django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-developers.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/django-developers/99cf381b-3c5e-4560-97c7-9b9e160a5500%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/f4cd1648-2df6-417d-8569-d695496f5ce8%40Spark.
For more options, visit https://groups.google.com/d/optout.

Re: 2020 Authentication Initiativ

[Александр Овчинников]

> IMHO Django should provide a secure and simple (for developers) out of the 
> box solution. 
>
 
I can't but agree with you. Today long (at least >15 characters [Chrome 
password manager], but > 20 is much better) passwords created and stored in 
password managers (some modern browsers include them or as alternative you 
can try 1Password etc.) are still good solution but looks a little bit 
outdated (there is better login experience).

"Django - The web framework for perfectionists with deadlines."
>
 
Today password-based auth is not for perfectionists. No longer. 
Perfectionists votes for passwordless login experience. It's E-mail 
authentication (if you think about sms-based authentication, then do not 
use it without 2FA, hackers may read your sms), some SaaS'es may create it 
for you (Auth0: 
https://auth0.com/blog/how-passwordless-authentication-works/) or hardware 
keys (Yubico: something like 
https://www.yubico.com/products/yubikey-5-overview/, also check about their 
support: 
https://www.yubico.com/2018/04/yubico-and-microsoft-introduce-passwordless-login/
).

So. We would like provide ability to use passwordless (hardware keys, 
E-mail-based) with optional 2FA (via OTP app on smartphone), OpenID Connect 
(which uses JWT tokens, OAuth etc.). 

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/99cf381b-3c5e-4560-97c7-9b9e160a5500%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Proposal to format Django using black

[Curtis Maloney]

On 4/25/19 8:14 PM, James Bennett wrote:

I like Django's style guide.

I like the *idea* of an autoformatter.

I dislike the particular mostly-unconfigurable style Black enforces, and 
I find that several of its rules negatively impact code readability.


So I would be -1 on applying it to Django.



I think this very clearly sums up what I was going to say on this topic, 
if I hadn't already.


I see the benefits [lower barrier to entry, time saving for the Fellows, 
etc], but I don't believe Black is the answer.


Specifically because in my own experience with it (as well as 
demonstrated in this list) there are cases where its style makes code 
significantly harder to read.


And IMHO, the sole purpose of a consistent style (and thus a style 
guide) is to reduce the cognitive load of humans parsing code.


--
Curtis

--
You received this message because you are subscribed to the Google Groups "Django 
developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/2e34fd6f-98c7-d34f-630c-b0945d621ec5%40tinbrain.net.
For more options, visit https://groups.google.com/d/optout.

Re: Proposal to format Django using black

[Josh Smeaton]

To answer the question about decision making...

Usually a decision is made if there’s reasonable consensus in the
discussion or after a vote. If no clear consensus can be reached with the
core team, then a decision can be escalated to the technical board for a
vote.

In the future, if the core team is dissolved in its primary capacity,
consensus in the discussion rather than consensus among the core team would
be the first step.

I figure all reasonable arguments have probably been made at this stage.
But there are really two questions we should be proposing.

1. Should Django adopt an autoformatter?
2. If it should, should that autoformatter be black or something else?

Considering the rather strong views in this thread, I’d probably recommend
that a DEP is drafted for each of the above, where opinions and comments
can be gathered more formally.

On Thu, 25 Apr 2019 at 20:15, James Bennett  wrote:

> I like Django's style guide.
>
> I like the *idea* of an autoformatter.
>
> I dislike the particular mostly-unconfigurable style Black enforces, and I
> find that several of its rules negatively impact code readability.
>
> So I would be -1 on applying it to Django.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/django-developers/wK2PzdGNOpQ/unsubscribe
> .
> To unsubscribe from this group and all its topics, send an email to
> django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAL13Cg-MJqE%2BxmxpBhymxaUz__6V_htE1XA-XRxZH5Uxa3WY_A%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAPbDM0f24%3D62%3DBXD-OxgonjGpiJ13W4koaHg%2BbnwPdefzM2Baw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Proposal to format Django using black

[James Bennett]

I like Django's style guide.

I like the *idea* of an autoformatter.

I dislike the particular mostly-unconfigurable style Black enforces, and I
find that several of its rules negatively impact code readability.

So I would be -1 on applying it to Django.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAL13Cg-MJqE%2BxmxpBhymxaUz__6V_htE1XA-XRxZH5Uxa3WY_A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Proposal to format Django using black

[Tom Forbes]

> so there is no way to know who is nodding along with which arguments.

That somewhat impedes the point of posting this to get consensus, and if you 
ascribe to that view then all mailing list discussions about project wide 
changes are somewhat useless, as there could be a silent majority completely 
against the idea being proposed?

There is a majority of people who have expressed opinions in this thread in 
favor of black, so he’s not necessarily trying to influence the discussion as 
much as pointing out a fact.

That’s not to say consensus has been reached though, judging by the number of 
replies here there are a lot of strong views either way.

Tom

> On 25 Apr 2019, at 09:59, Tobias Kunze  wrote:
> 
>> On 19-04-25 08:24:34, Herman S wrote:
>> From what I gather there is a clear majority favoring Black, […]
> 
> Please don't resort to influencing the discussion by way of presenting a
> majority opinion like that. People on django-dev are generally good at
> not repeating points that have been made already, or cluttering an
> ongoing discussion with a lot of "+1", so there is no way to know who is
> nodding along with which arguments.
> 
> Tobias
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django developers  (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-developers.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/django-developers/20190425085906.mol7ok72yw2u7f6p%40cordelia.localdomain.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/DFCA73FE-5D66-4C1D-B91F-690DD76B71F1%40tomforb.es.
For more options, visit https://groups.google.com/d/optout.

Re: Proposal to format Django using black

[Tobias Kunze]

On 19-04-25 08:24:34, Herman S wrote:
>From what I gather there is a clear majority favoring Black, […]

Please don't resort to influencing the discussion by way of presenting a
majority opinion like that. People on django-dev are generally good at
not repeating points that have been made already, or cluttering an
ongoing discussion with a lot of "+1", so there is no way to know who is
nodding along with which arguments.

Tobias

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/20190425085906.mol7ok72yw2u7f6p%40cordelia.localdomain.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

Re: Proposal to format Django using black

[Herman S]

On Fri, Apr 19, 2019 at 6:33 PM Mariusz Felisiak
 wrote:
> I don't think that our code style is any barrier for newcomers.

As a newcomer, I can tell you that it most definitely is a barrier, at
least it is for me – for the reasons laid out in my original email :)

*

>From what I can gather the following arguments have been raised against Black:

- I don't like the formatting style (double quotes, white-space, line
length, wrapping, ...)
- It produces one huge diff
- It, in some situations, produces weird formatting (lists with comments, ...)
- It doesn't solve an issue that we currently have

At the end of the day some of these arguments are just personal
opinions and comes down to preference. However a lot of
counter-arguments have been made and I'll just shortly summarize them
here:

* I don't like the formatting style
  We will never collectively agree on "the perfect" formatting and
many do not agree with the *current* formatting. The time spent having
these non value-adding discussions are not worth it, and Black would
eliminate them to
  to a large extent.

* It produces one huge diff
  There are tools to work around this (git-hyper-blame [0]), Github
has a great UI for browsing diffs and it looks like in the future it
will be possible to exclude certain commits from blame history [1].

* It, in some situations, produces weird formatting
  A lot of these can be remedied my using `--target-version=py37` as
the AST does not change in newer versions of Python. Other files (like
settings) can be either disabled from auto-formatting or we can
disable parts of the file with `# fmt: off`.

* It doesn't solve an issue that we currently have
  I, and a lot of people have expressed this too, feel like it
definitely solves a very real problem. Formatting of code delays PRs,
wastes time, makes it harder to contribute as a newcomer, is an extra
cognitive load for all of us, and produces
  loads of wasteful discussions.

I'm sure there are more arguments made too, I'm sorry if I missed
some, but these seem to be repeated most often.

*

I favor adopting the default configuration (88 width, double quotes)
in one go and just be done with it. It's not as scary as it seems and
it really just makes the day a tiny bit easier :-)

What has usually been the process of democratically deciding these
"controversial" topics in the past? From what I gather there is a
clear majority favoring Black, but I'm curious as to when and how we
decide to end the discussion either for or against.

Kind regards,

[0]: 
https://commondatastorage.googleapis.com/chrome-infra-docs/flat/depot_tools/docs/html/git-hyper-blame.html
[1]: https://public-inbox.org/git/20190410162409.117264-1-b...@google.com/

-- 
Herman Schistad

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAN%3DnMTywHoSuccTi4krcXwfKDNu67mg1HKfmqk0LR94vBLFa%3Dg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.