David -
All of your points are accurate. A usable ORM will probably never be
perfectly safe, and none of the Django workarounds are particularly
difficult. But requiring extra steps to get the save level of data safety
as other ORMs will, just by nature of human nature and scale, make Django a
I'm glad you brought up tests, because automated tests for these issues are
quite difficult and require tribal knowledge. A first-hand example from a
while back: The application had over 90% test coverage, including all of
the validation rules in the DRF serializer. One of those rules was that
I'm not really interested in debating whether the ORM validates or not but
I thought it might be worth pointing out a few things that haven't been
touched on yet:
> It's not right.
Design decisions are often neither outright right nor wrong but more
tradeoffs of varying values.
> The data store
> Among the dozen of Django applications I have worked on, at 3 companies,
not a single one was actually running any kind of validation. It has always
been a mistake, 100% of the time, *never* the desired behavior.
Besides not taking time to understand how Django works, it seems they
weren't