Re: Why does ModelForm do validation and not Model

2019-04-17 Thread Curtis Maloney
On 4/17/19 4:55 AM, Aymeric Augustin wrote: Hello Will, It's mostly for performance reasons, since validation can be expensive. Really? My memory was that it was (a) backward compatibility [model validation was added later], and (b) practicality [try catching everywhere in your code you

Re: Request to reconsider ticket #27910: using an Enum class in model Field choices

2019-04-14 Thread Curtis Maloney
On 4/13/19 10:22 PM, Markus Holtermann wrote: Thanks for the proposal, Shai. I quite like it. As discussed at the DCEU sprints I think I'd like to be able to omit the display form of an item and have it auto generated from an item's name, i.e. turning "FOO_BAR" into "Foo Bar"

Re: Add to QuerySet method `one` that acts as `first` but without ordering

2019-04-14 Thread Curtis Maloney
On 4/14/19 8:02 PM, Florian Apolloner wrote: Hi, while your arguments for adding `.one` are all good and well, I think adding yet another function will add quite some confusion and will make arguing harder imo. As a middleground I could imagine adding an `ordered=True/False` argument to

Re: Proposal to format Django using black

2019-04-14 Thread Curtis Maloney
So to summarise the discussion so far: 1. automated code formatting will be a great boon - reduce work, lower barrier for new committers, reduce work for the fellows, etc. 2. there are issues with git history in doing "the great commit". 3. there are issues with black's formatting choices.

Re: More standard template filters

2019-04-05 Thread Curtis Maloney
On 4/5/19 8:16 PM, Adam Johnson wrote: FYI Jinja2 allows (most) python expressions, so this would Just Work(TM): {{  myvar.startswith("x") }} Django Template Language has a lot of legacy that prevents this from happening, afaiu it would not be possible to move to it. For "legacy" read

Re: More standard template filters

2019-04-05 Thread Curtis Maloney
On 4/5/19 3:06 AM, Collin Anderson wrote: Hi All, I use django templates a lot and I always wished there was a myvar|startswith:"teststring", myvar|endswith:"teststring" and a myvar|contains:"teststring" filter. It's almost like we need a syntax for calling methods with an argument, just

Re: GSoC 2019 proposal - Easy Ethereum Blockchain integration

2019-03-14 Thread Curtis Maloney
On 3/15/19 6:42 AM, Diego Lima wrote: *Introduction* These days, every single living being has heard of Bitcoin. Some of those know that Bitcoin is a cryptocurrency (crypto for short) and, within those, a few know that it runs on top of a technology called Blockchain. Be aware that outside

Re: Password reset emails in combination with click tracking do not work with Intelligent Tracking Prevention on Safari for iOS 12 and macOS Mojave

2019-02-22 Thread Curtis Maloney
On 2/23/19 7:35 AM, Collin Anderson wrote: I wouldn't mind just rolling back the security fix (or maybe making a straightforward way to enable/disable the behavior). We could instead encourage people to use on any links (from the password rest page) to untrusted urls. I don't think it would

Re: Extend FAQ with "How do I get Django and my JS framework to work together?"

2019-02-04 Thread Curtis Maloney
On 2/5/19 1:09 PM, Cristiano Coelho wrote: Pointing to Django Rest Framework should be more than enough. Anyone starting a project with Django and a SPA/JS architecture, will pretty much end up with DRF. Correct me if I'm wrong. It's likely they'd end up with DRF, however there are

Re: Extend FAQ with "How do I get Django and my JS framework to work together?"

2019-02-04 Thread Curtis Maloney
On 2/5/19 11:52 AM, Maciek Olko wrote: I didn't find this topic being discussed before. I guess it wouldn't take much to say "Just like any other server-side framework that can parse and generate arbitrary content, Django can be used to support any Javascript or Mobile app that talks

Re: IRC Channel

2018-12-13 Thread Curtis Maloney
On 12/14/18 5:30 AM, Avi Garg wrote: Does Django have an IRC channel? I am unable to join it if so... There is #django on the Freenode network. To join it you will need to create an account on their network - see for more details. -- Curtis -- You received this

Re: A faster paginator for django

2018-12-05 Thread Curtis Maloney
On 12/5/18 8:30 PM, Saleem Jaffer wrote: Hi all, The default paginator that comes with Django is inefficient when dealing with large tables. This is because the final query for fetching pages uses "OFFSET" which is basically a linear scan till the last index of the current page. Does it make

Re: Consensus about visual diagrams in the docs.

2018-11-30 Thread Curtis Maloney
On 11/30/18 7:38 PM, guettli wrote: I do not care for the strategy, I care for the goal. How to find clear consensus now? There is a time honored practice in open source of spurring more spirited discussion by presenting a solution, however sub-optimal it may be. It may not be the accepted

Re: Question regarding a possible bug

2018-11-22 Thread Curtis Maloney
On 11/23/18 11:10 AM, bernie2004 wrote: I am pretty but not 100% sure i found a bug in 2.1.2. Would it be appropriate to post a description of what i think i found to this mailing-list before starting a ticket or is there a better place for posting things like that? Opening a ticket

Re: QuerySet.iterator together with prefetch_related because of chunk_size

2018-10-11 Thread Curtis Maloney
On 10/12/18 10:51 AM, charettes wrote: Hello Tobias, From my understanding the introduction of chunk_size doest't help here. The fundamental reason why iterator() cannot be used with prefetch_related() is that the latter requires a set of model instance to be materialized to work

Re: Question (potential feature request) on dropping database column in migration

2018-10-01 Thread Curtis Maloney
On 10/02/2018 09:42 AM, martin_x wrote: Hi there, Thanks for making Django a great framework for starters :D Recently my team have run into problems when trying to remove a database column from the model without stopping our Django server, below is the timeline: There have been processes

Re: RFC732 (a.k.a. brotli) support

2018-09-14 Thread Curtis Maloney
On 09/14/2018 08:24 PM, Aymeric Augustin wrote: Hello, I would like to be sure that Brotli is actually faster. In my experience, while decompression is fast, compression can be extremely slow. It's primarily tuned for

Re: Not Creating test DBs with PG backend

2018-08-28 Thread Curtis Maloney
On 08/28/2018 08:33 PM, Tim Graham wrote: Why is a new option needed? Why can't --keepdb be used for this use case? Because that would be different behavior. If you can convince me that using --keepdb is a solution, then I will use your argument to say that --keepdb should be on always.

Not Creating test DBs with PG backend

2018-08-28 Thread Curtis Maloney
Greetings, one problem that turns up more and more frequently, it seems, is that someone is trying to run tests but can't because of the following scenario: 1. The user they connect to the DB using a role that does NOT have permission to create a DB 2. Django's PG adapter, when keepdb is

Re: A Django Async Roadmap

2018-08-20 Thread Curtis Maloney
In general this sounds like a tremendously useful tool... I'm caused to wonder, however... what, if any, are the performance impacts? -- Curtis On 08/21/2018 08:10 AM, charettes wrote: Regarding the lazy loading of deferred fields and foreign keys I wanted to mention I've been working on a

Re: HTML5 and XHTML5 documents

2018-08-17 Thread Curtis Maloney
On 08/17/2018 06:50 PM, Nils Fredrik Gjerull wrote: think, however, that it is more clear if we give it a value. By the way, the syntax is not new it is the old syntax from HTML4. I have spent quite some time cleaning up ill-formed HTML4. One of the more significant differences between the

Re: Django and Cython

2018-08-03 Thread Curtis Maloney
On 08/02/2018 07:02 AM, Daniel Anechitoaie wrote: I'm looking at frameworks like that make use of Cython to greatly improve the performance and I'm just wondering if something like this would work with Django? Was there any discussion (taken into consideration) about using

Re: A Django Async Roadmap

2018-06-04 Thread Curtis Maloney
On 06/05/2018 07:54 AM, Tom Forbes wrote: Are the proposed modifications to how Django runs sensible? I had a few random thoughts while reading your proposal: I think getting rid of the related field references could be a big issue here and cause a lot of headaches for existing

Re: Spaces between argument separator and argument in template filter generate error

2018-06-01 Thread Curtis Maloney
On 05/31/2018 06:39 PM, wrote: Are there any reasons that not allow spaces between separator and arg? My first thought would be that it starts making the syntax looser, meaning more things that are currently error cases would be accepted as valid. Which means mistakes

Re: A more useful list of common passwords?

2018-03-30 Thread Curtis Maloney
On 03/30/2018 07:05 PM, Adam Johnson wrote: This new file sounds good to me. Whilst you're at it, what is the new file size? I downloaded the gist, took only column 3 (the actual passwords) and gzipped it, it came to 81K over the existing 3.8K. Uncompressed that's 163K over 7.1K.

Re: A more useful list of common passwords?

2018-03-29 Thread Curtis Maloney
By which I mean... hi Brenton! Great to see you being active again :) It's great you've taken the time to do this, and the benefits are very clear [improved security], but what are the costs? Whilst you're at it, what is the new file size? -- Curtis On 03/30/2018 04:26 PM, Curtis Maloney

Re: A more useful list of common passwords?

2018-03-29 Thread Curtis Maloney
What sort of performance impact is this having over the existing list? What's the additional memory load, if any? -- Curtis On 03/30/2018 04:24 PM, Brenton Cleeland wrote: Three years ago Django introduced the CommonPasswordValidator and included a list of 1,000 passwords considered to be

Re: Django ORM Handling of Reverse Relationships and Multi-Value Relationships

2018-03-29 Thread Curtis Maloney
On 03/30/2018 08:57 AM, Ryan Hiebert wrote: It's a subtle difference between how a single filter works and two filters work together over to-many relationships. Here's a writeup that I found helpful: It's also addressed in

Re: GSoC 2018

2018-03-17 Thread Curtis Maloney
On 03/17/2018 08:18 PM, Manasvi Saxena wrote: Hello Sir, On Saturday, March 17, 2018 at 2:23:45 PM UTC+5:30, Curtis Maloney wrote: On 03/17/2018 07:37 PM, Dmitriy Sintsov wrote: > Hi! > > Template languages are my favorite topic in programming. Having writ

Re: GSoC 2018

2018-03-17 Thread Curtis Maloney
On 03/17/2018 07:37 PM, Dmitriy Sintsov wrote: Hi! Template languages are my favorite topic in programming. Having written a few template engines myself... I guess it's high on my list too :) If you implement html library yourself, it is much better to define tags not as functions but as

Re: Cache backends and thread locals

2018-03-07 Thread Curtis Maloney
I believe I'm (at least partly) responsible for this change, and the short answer is basically "historically memcache client libs have been awful with threading". This may have improved, but in order to avoid a whole slew of potential problems (with memcache and other backbends) I copied the

Re: “Abusing BinaryField” warning about binary files in DB

2018-02-25 Thread Curtis Maloney
On 02/26/2018 08:30 AM, Antoine Pietri wrote: Can I suggest replacing the warning by something like this?: Although you might think about storing files in the database, consider that it might be a bad design choice. This field is not a replacement for proper static files handling. That said,

Re: Thoughts on diff-based migrations with django?

2018-02-20 Thread Curtis Maloney
Hi, I must say your idea intrigues me... and I'd certainly like to discuss it further. The first thought that comes to mind is how would such a system handle data migrations? Being able to leap from one schema state to another is great, buy typically in the life-cycle of a reusable app

Re: Google Summer of Code 2018

2018-02-13 Thread Curtis Maloney
On 02/13/2018 09:23 PM, wrote: Hello ! What is the policy regarding NoSQL datastores being used as backends ? I think adding support for something like MongoDB might be good idea. Could you elaborate on why you think it would be a good idea? I believe every other time

RFC : Migration Adapters

2018-02-03 Thread Curtis Maloney
Hey, I've recently written an app that implements a closure tree using views... and in order to make the migrations work as needed you must manually add an entry to the migrations. Another friend of mine, a recent django convert, was wanting a way to add to the migration script generated

Re: Don't assume that missing fields from POST data are equal to an empty string value.

2018-01-22 Thread Curtis Maloney
On 01/22/2018 06:03 PM, Anupam Jain wrote: Wow - I just realised that we have been losing data for sometime on our web platform since there were some fields in the ModelForm that were hidden and not being sent. They were all being overwritten as blank values. Thank God, we use django-reversion


2017-12-30 Thread Curtis Maloney
So, I've taken a different approach, following Markus' idea, and added "app_label" to Permission. I probably still need to add a check to ensure you don't set app_label _and_ content_type, but that can wait for now. You can now define new app-level permissions on the app's


2017-12-30 Thread Curtis Maloney
On 12/31/2017 11:51 AM, Josh Smeaton wrote: - I dislike the seetings approach of GLOBAL_PERMS and would rather see   users writing explicit data migrations. I don't favour either setting or migration based perms, but if you're going to go with migration based, then please also


2017-12-30 Thread Curtis Maloney
On 12/31/2017 12:50 AM, Markus Holtermann wrote: Thanks Curtis, I had a quick look. Some thoughts (in no particular order): - IMO a nice idea. I've attached all model independent permissions to  the user model in the past to work around the limitation. Certainly a good one I'll remember to


2017-12-30 Thread Curtis Maloney
So, after a discussion with a new user on #django today I decided to make "permissions not bound to models" a first-class feature. So I've written a simple patch that is in Basically: 1. Allow

Re: about ticket 28588- has_perm hide non-existent permissions

2017-09-26 Thread Curtis Maloney
On 09/25/2017 08:56 PM, Dan Watson wrote: Seems like maybe it would be more helpful if has_perm logged a note about the permission not existing (probably only in debug), rather than just returning False. In fact, I'd argue it should still return True -- if the permission did exist, the

Re: Automatic prefetching in querysets

2017-08-15 Thread Curtis Maloney
The 2 goals of a famework: - protect you from the tedious things - protect you from the dangerous things N+1 queries would be in the 'dangerous' category, IMHO, and 'detecting causes of N+1 queries' is in the 'tedious'. If we can at least add some DEBUG flagged machinery to detect and warn

Re: Django 2.0 Python version support (Python 3.6+ only?)

2017-08-08 Thread Curtis Maloney
Is there any list of things we gain from dropping / adding any particular version? The older discussion mentions a tracking ticket, but it is empty. -- C On 8 August 2017 9:45:54 AM AEST, Tim Graham wrote: >With a little more than a month to go until the Django 2.0 alpha

Re: Trimming in the settings file (Was: Re: Follow-up to #28307: Possible app_template improvements)

2017-06-26 Thread Curtis Maloney
On 26/06/17 20:21, Melvyn Sopacua wrote: On Thursday 15 June 2017 08:14:02 Aymeric Augustin wrote: I see the point for the number of useless files. But in every release, has been trimmed more and more to the point that it's next to useless. I'm wondering about the upside of that.

Re: Follow-up to #28307: Possible app_template improvements

2017-06-15 Thread Curtis Maloney
On 15/06/17 16:14, Aymeric Augustin wrote: Hello, The more files get generated to startapp, the more empty useless files accrue in many projets, because devs don't take the time to delete those they don't use. Beat me to the punch... I agree the default template should be as light as

Admin browser support policy

2017-06-14 Thread Curtis Maloney
This topic seems to appear frequently over the years, but I've yet to see a clear decision. Without a clear Browser Support Policy for admin, it can be very unclear what cleanups, optimisations, and improvements can be made. Collin Anderson suggested supporting IE11+ ("as that's the latest

Re: Default to BigAutoField

2017-06-10 Thread Curtis Maloney
On 10/06/17 22:21, Claude Paroz wrote: Le samedi 10 juin 2017 11:40:42 UTC+2, Curtis Maloney a écrit : Right, hence my point of having a global setting to say "the default auto-field is ..." I see, but this conforms to the pattern "use the same id field type for a

Re: Default to BigAutoField

2017-06-10 Thread Curtis Maloney
f) let MySQL users opt for PositiveBigAutoField if they want... On 10/06/17 19:40, Curtis Maloney wrote: Right, hence my point of having a global setting to say "the default auto-field is ..." This would: a) let people continue to use AutoField b) let people opt for BigAutoField

Re: Default to BigAutoField

2017-06-10 Thread Curtis Maloney
Right, hence my point of having a global setting to say "the default auto-field is ..." This would: a) let people continue to use AutoField b) let people opt for BigAutoField c) let 3rd party projects be agnostic d) let people use UUIDField(default=uuid.uuid4) e) possibly make it feasible to

Re: Default to BigAutoField

2017-06-09 Thread Curtis Maloney
ing the auto-generated primary key "swappable", including >foreign keys that point to it. This sounds like a headache. > >I haven't thought of a possible solution since Kenneth floated this >idea in >#django-dev yesterday. > >On Friday, June 9, 2017 at 7:11:05 PM UTC-4

Re: Default to BigAutoField

2017-06-09 Thread Curtis Maloney
I know people hate settings, but what about one for auto id field type? It would let you handle backwards compatibility, uuid, and bigint... -- C On 10 June 2017 5:42:42 AM AEST, Jacob Kaplan-Moss wrote: >I think this would be a good improvement, and I'd like to see it.

Re: Exceptions in model._meta._property_names with some 3rd-pty libraries

2017-06-02 Thread Curtis Maloney
What about using inspect.getmembers ? In other code I've also used inspect.classify_class_attrs but it seems to be undocumented :/ If nothing else, it could be used as a guide on how to do this. -- Curtis On 03/06/17 08:52,

Re: Cython usage within Django

2017-05-21 Thread Curtis Maloney
On 22/05/17 09:30, Tom Forbes wrote: Hey Karl and Russell, Thank you for your quick replies! Russell: You are of course right about the speed of the Python code itself being a bottleneck and the usual suspects like the database are more important to optimize. However I don't think it's

Re: Proposal: provide postgresql powered full-text search in

2017-05-12 Thread Curtis Maloney
Dogfooding is a fairly strong argument, IMHO. Especially when there's a volunteer to do the work. -- C On 7 May 2017 6:53:13 PM AEST, Paolo Melchiorre wrote: >On Sun, May 7, 2017 at 9:16 AM, Florian Apolloner > wrote: >> On Sunday, May 7, 2017 at

Re: Admin and CSS Custom Properties

2017-04-28 Thread Curtis Maloney
I recently discovered that the stated "policy" on browser support in Admin is... well... not clear at all. It claims to support full function for "YUI's A-Grade" browsers, but the link it

Re: Django versioning and breaking changes policy

2017-04-04 Thread Curtis Maloney
See? This is exactly what I told you you could expect ... to be shown the new release process details :) [For those playing at home, Bernhard raised this concern on IRC first, and I recommended bringing it here. He expressed concern about being roasted, and I predicted someone would

Re: Changing {% include %} to strip a trailing newline

2017-01-04 Thread Curtis Maloney
On 05/01/17 10:09, Adam Johnson wrote: Whitespace control in templates is an exercise in frustration. In my experience more flexible tools such as {%-, {%+, -%}, and +%} in Jinja2 increase the frustration. I really enjoy the {%- etc. operators in Jinja 2 in the context of

Re: No 'Content-Type' header in response

2016-12-26 Thread Curtis Maloney
>From what I can see in the rfc, it is permitted but not required. Only a body in a 204 response is proscribed. Any metadata (I.e. headers) are about the resource just accessed... So a Content-Type would, IMHO, be acceptable but not essential. On 26 December 2016 9:47:02 PM AEDT, roboslone

Re: Feature idea

2016-11-17 Thread Curtis Maloney
My solution to the "initial password problem" is to send a password reset token first... And Django has this built in, handily :) It would be very easy to use the same approach for an "invite" registration pattern.

Re: drop compatibility with Python < 2.7.8?

2016-11-14 Thread Curtis Maloney
Well, I certainly agree with the intent... especially, as you say, for LTS users who effectively cement themselves to a version for the long haul. Might as well remind them there are security updates in things other than OpenSSL, Java, and Django :) -- C On 15/11/16 09:49, Tim Graham

Re: Fellow Report - October 15, 2016

2016-10-15 Thread Curtis Maloney
Ummm... On 16/10/16 11:45, Tim Graham wrote: File uploads could rename temporary files rather than copying them (duplicate) File uploads could rename temporary files rather than copying them (accepted)

Re: Please put as default in next django version

2016-10-14 Thread Curtis Maloney
On 15/10/16 08:16, Ricardo Prado wrote: Thanks "Folks" in special Aymeric Let's go, let me explain about this "". When users deploy django app in production, the changes in any python script need be "reloaded" for apply changes, in this you have two options to do this: 1 - restart

Re: Should the Django session-id be hashed?

2016-09-22 Thread Curtis Maloney
On 22/09/16 18:52, Rigel wrote: Hello! The Django session framework stores session-ids in the database as plain-text. Unless I'm missing something, these ids could be vulnerable to SQL injection attacks, if any are discovered or if developers misuse features like extra(). Firstly, extra()

Re: Challenge teaching Django to beginners:

2016-09-16 Thread Curtis Maloney
On 15/09/16 16:37, Curtis Maloney wrote: Somewhere I have code to provide a "parse" based URL router. Will dig it up now 1.10 has has shipped Ah, found it... So, here is a gist of a sample of using parse ( instead of regex.

Re: Challenge teaching Django to beginners:

2016-09-15 Thread Curtis Maloney
Somewhere I have code to provide a "parse" based URL router. Will dig it up now 1.10 has has shipped On 14 September 2016 6:38:20 PM AEST, Florian Apolloner wrote: >Hi Emil, > >On Tuesday, September 13, 2016 at 9:50:22 PM UTC+2, Emil Stenström >wrote: >> >> and more

Re: Sonar for the Django rpoject

2016-09-03 Thread Curtis Maloney
If there will be sweeping commits to remove six and other py2 concessions, can the cleaning be included then? On 4 September 2016 9:38:05 AM AEST, Sergei Maertens wrote: >I kind of like these reports, since they can take away some of the >early >review work. I would

Re: Any inerest in Zlib pre-compressed HTML generator responses?

2016-08-16 Thread Curtis Maloney
On 16/08/16 09:10, Bobby Mozumder wrote: Hi, I also use generators for my views, and I use Django’s streaming views with my generators to stream responses, so that the web browser receives early responses and start rendering immediately before the view is completely processed. The web browser

Re: Extend support for long surnames in Django Auth

2016-07-31 Thread Curtis Maloney
As I watch this discussion I am reminded of a talk I saw a few years ago at PyConAU: -- Curtis On 01/08/16 09:34, James Pic wrote: On Sat, Jul 30, 2016 at 8:08 AM, Josh Smeaton wrote:

Re: Middleware error framework, high level logging for database queries

2016-07-22 Thread Curtis Maloney
On 19/07/16 05:16, Rishi Gupta wrote: Hi django-developers, (1) Middleware error framework. Zulip has some exception middleware to allow 40x errors to be returned to the user from anywhere within the view code via raising a special exception, which we’ve found to be a really nice, convenient

Problem with caching template loader

2016-07-07 Thread Curtis Maloney
Hey, a client of mine was having a strange bug with the caching template loader, which we've yet to identify, but as I was looking at the code, I saw the following: def load_template(self, template_name, template_dirs=None): key = self.cache_key(template_name, template_dirs)

Re: Template-based widget rendering

2016-05-15 Thread Curtis Maloney
On 16/05/16 15:10, Carl Meyer wrote: On 05/15/2016 11:01 PM, Curtis Maloney wrote: So this seems to leave us only part way to removing rendering decisions from the form code -- your widgets can be templated, but your form code still needs to decide which widgets... Yep, one step at a time

Re: Template-based widget rendering

2016-05-15 Thread Curtis Maloney
On 12/05/16 01:04, Preston Timmons wrote: Hey Curtis, I think you're asking how this patch will help with form and field layouts? If so, not that much. It only addresses moving the widget HTML that currently is hardcoded in Python into templates. No... was all to do with widget rendering...

Re: Template-based widget rendering

2016-05-10 Thread Curtis Maloney
Sorry for the late entry to the discussion, but I was looking over the code and wondered about something. In projects where I've used my django-sniplates for form rendering, it's been helpful that I can have several different form widget sets within the one project -- for instance, for

Re: Table Locks and bulk creating inherited models

2016-05-02 Thread Curtis Maloney
On 03/05/16 14:08, Gavin Wahl wrote: > with MyModel.objects.lock(): > ... do stuff ... This is misleading as it implies the lock is released when the context manager exists, but in postgres at least the lock will be held until the end of the transaction. Hah! Shows how much I

Re: Table Locks and bulk creating inherited models

2016-05-02 Thread Curtis Maloney
On 03/05/16 09:47, Russell Keith-Magee wrote: Hi Geoffrey Have you given any thought to what the API for a table lock would look like? Since it's a table-wide action, having it on the Manager makes some sense... though it would be, I suspect, implemented via _meta. I can see something

Re: Making Django more PaaS-friendly

2016-04-15 Thread Curtis Maloney
On 14/04/16 05:57, Carl Meyer wrote: Hi James et al, In general, I like the idea of adding a helper to Django to read settings from the environment. I think this helper should be kept as simple and non-magical as is reasonable. Thus: - I'm in favor of a flexible helper function that can be

Re: Making Django more PaaS-friendly

2016-04-11 Thread Curtis Maloney
On 12/04/16 04:26, Aymeric Augustin wrote: On 11 Apr 2016, at 19:39, Curtis Maloney <> wrote: 1. All env vars can have a fallback value (the method in my case) 2. You can mark an env var as not having a fallback value, and it will raise an error at start up if n

Re: Making Django more PaaS-friendly

2016-04-11 Thread Curtis Maloney
Just want to throw my 3c in here... Firstly, for reference, I wrote django-classy-settings to help with various settings related problems, one of which being env-based setting. As my env decorators are written to be class properties, they

Re: Add documentation to address OWASP Top 10?

2016-04-06 Thread Curtis Maloney
On 06/04/16 11:35, Josh Smeaton wrote: I like the idea of addressing the OWASP top 10. Further, I think the advice of obscuring keys is wrong. The problem is actually addressed in the OWASP Top 10[0] *4 Insecure Direct Object References:* A direct object reference occurs when a developer

Re: MySQL data loss possibility with concurrent ManyToManyField saves

2016-03-20 Thread Curtis Maloney
+1 for me, too... this aligns with "safe/secure by default". -- C On 21/03/16 09:13, Aymeric Augustin wrote: I agree with Karen. -- Aymeric. On 18 Mar 2016, at 22:15, Karen Tracey > wrote: This is the 2nd major issue I can recall caused by

Re: [ GSOC 2016 ] providing standard interface for NoSQL databases

2016-03-15 Thread Curtis Maloney
It sounds like by "NoSQL DBS" you mean specifically "Document store DBMS". Is this correct? (I'm sure most people know my rant about how "NoSQL" is a misnomer, and it's really "Non-relational" that people mean - it's not SQL per se they're avoiding, it's the relational model) The

Re: Django startproject template enhancement proposal

2016-03-14 Thread Curtis Maloney
Well, you could use: mkdir my_client_name django-admin startproject project my_client_name/ So it will create my_client_name/project/, and leave the namespace clear for you to create my_client_name/my_client_name/ as your app... -- Curtis On 15/03/16 10:51, Ramez Ashraf wrote:

Re: Revisiting multiline tags

2016-03-11 Thread Curtis Maloney
On 12/03/16 11:47, Nathan Cox wrote: I don't understand why this conversation has had to go on for this long. The original post was in February of 2012, and it is now March of 2016. That's four years of discussion that basically boils down to a couple of purists insisting that their coding

Re: Admin hstore widget

2016-03-08 Thread Curtis Maloney
On 08/03/16 20:47, Marc Tamlyn wrote: Doing something better with the admin hstore is definitely something I'd like to see land. 1. I'd like more input on the features people feel are essential. Something that allows you to add/change/delete keys is all you need to start with. Features like

Re: Admin hstore widget

2016-03-07 Thread Curtis Maloney
On 08/03/16 02:43, Tim Graham wrote: 1. Merging something minimal always help to get feature requests. :-) 2. Could you be more specific about what you're looking for? All the existing documentation for style related stuff is at

Re: Proposal: Refactor Form class

2016-03-04 Thread Curtis Maloney
Hi, On 04/03/16 07:00, 'Moritz Sichert' via Django developers (Contributions to Django itself) wrote: Hello, I want to propose a refactor of the Form class to make it easier to customize and subclass. I've recently had thoughts in this direction, so seeing your post intrigued me...

Re: Should tutorial start with minimal Django?

2016-03-01 Thread Curtis Maloney
When we were teaching MelbDjango, I did start by writing views in the root this avoided students having to create a bunch of files and apps and references and imports and... For some of the students transitioning from PHP, it was much easier to deal with only learning one thing

Re: Add warning or prohibit module level queries?

2016-02-25 Thread Curtis Maloney
+1 At the very least we need to provide better feedback or errors to help isolate _where_ this is happening. I've helped quite a number of people on IRC with this problem... firstly, people aren't understanding _what_ the problem is, but also discerning where it's happening is often quite

Re: thinking about the admin's scope and its description in the docs

2016-02-11 Thread Curtis Maloney
On 11/02/16 20:11, Andy Baker wrote: > As customisable as it can be, I find the problem to be it is a data-centric view of your system, closely tied to the database models. You're correct that a truly 'task-centric' UI would be a lot of effort - but really - how common are such interfaces in

Re: Django & django-polymorphic

2016-02-10 Thread Curtis Maloney
On 11/02/16 15:05, 'Hugo Osvaldo Barrera' via Django developers (Contributions to Django itself) wrote: > There was some research by Sebastian Vetter on "single-child > auto-resolve" solutions for MTI and how they scaled (from memory, > model-utils' InheritanceManager, polymorphic, and

Re: thinking about the admin's scope and its description in the docs

2016-02-10 Thread Curtis Maloney
On 11/02/16 00:55, Andy Baker wrote: I can't help but feel that the "admin is very rudimentary and hard to customize" is perpetually overplayed by many in the community. Maybe I'm suffering Stockholm Syndrome but I'd like to raise a dissenting voice. I must admit I'm a large proponent of

Re: Django & django-polymorphic

2016-02-10 Thread Curtis Maloney
On 11/02/16 09:22, 'Hugo Osvaldo Barrera' via Django developers (Contributions to Django itself) wrote: Hi there, I'd love to see some (most?) of the features from django-polymorphic on django itself. I'm very much be willing to work on this myself. Of course, there's several details that

Admin hstore widget

2016-02-07 Thread Curtis Maloney
So, I've been working on I have it as part of my own project, with a view to contributing to core once it's polished. Currently it has basic functionality - a JS widget that fires on load, hides the textarea, and produces a table of (name, value,

Re: remove support for unsalted password hashers?

2016-02-06 Thread Curtis Maloney
I kept meaning to weigh in on this... but all my points have been made. It sounds like the middle ground is to: 1) remove them from the default list 2) keep them in the codebase 3) make them noisy (raise warnings) 4) provide docs/tools on how to upgrade Then we get "secure by default" (1), as

Re: Deprecate Cache.has_key()?

2016-01-29 Thread Curtis Maloney
Isn't this so it complies with the dict interface? True, it's discouraged now, but it's still there. On 30 January 2016 10:42:12 am LHDT, Tim Graham wrote: >Also the template BaseContext class has an undocumented has_key() >method. I >wonder if that can be removed

Re: delegating our static file serving

2016-01-17 Thread Curtis Maloney
I should probably finish off my toy working on the same lines... but introducing my earlier comments about per-source paths and permissions mixins... Very much a WIP, but I'm sure you'll see the idea: -- C On 18/01/16 09:58, Gordon

Re: Vote on Jira as bugtracker

2016-01-08 Thread Curtis Maloney
On 09/01/16 13:08, Hugo Osvaldo Barrera wrote: Not an actual django developer (I'm a user lurking here really), but I'd still like to chime in: Doesn't make your input any less valid... in fact, perhaps makes it more valuable :) * Jira is too complex. Devs may end up understanding it,

group-by promotion

2016-01-08 Thread Curtis Maloney
Hey all, I'm trying to write a PR for adding Postgres9.4's "FILTER" syntax for aggregates, but I've hit a bug I can't figure how to fix [and nobody's awake on IRC :)] Basically, for the query: qset = FilterAggParentModel.objects.annotate(

Re: re-thinking middleware

2016-01-08 Thread Curtis Maloney
In general, I love it. It's MUCH simpler for people to write and comprehend... requires no classes [but IMHO the callable class is "cleaner"] and allows for configurable middlewares easily... I do wonder, though... how the anti-import-strings factions will react... I'm sure it can, at

Re: delegating our static file serving

2016-01-01 Thread Curtis Maloney
On 01/01/16 15:49, Fabio Caritas Barrionuevo da Luz wrote: A question: are there any plans to also improve MEDIA files (user uploaded files) in any foreseeable future? Perhaps this is outside the scope of Django, but I believe Django could provide by default, any option to get a little more

  1   2   3   >