Re: GitHub migration planning

2012-04-18 Thread Dalton Barreto
Em 18 de abril de 2012 21:13, Luke Granger-Brown escreveu: > > On Wed, Apr 18, 2012 at 11:55 PM, Dalton Barreto > wrote: >> >> Em 18 de abril de 2012 19:46, Dalton Barreto >> escreveu: >> > Em 18 de abril de 2012 18:44, philipn

Re: GitHub migration planning

2012-04-18 Thread Donald Stufft
Github issues do not have the ability for anyone to close, tag, or create milestones. You have to be the creator of the ticket or someone with commit access. Django's track instance allows anyone to participate in this way and is one of the major reasons to my knowledge that Django will keep it's

Re: GitHub migration planning

2012-04-18 Thread Luke Granger-Brown
On Wed, Apr 18, 2012 at 11:55 PM, Dalton Barreto wrote: > Em 18 de abril de 2012 19:46, Dalton Barreto > escreveu: > > Em 18 de abril de 2012 18:44, philipn escreveu: > > Hmm, this would probably disable pull requests too. Not a

Re: GitHub migration planning

2012-04-18 Thread Karen Tracey
On Wed, Apr 18, 2012 at 6:55 PM, Dalton Barreto wrote: >> Maybe the best way to avoid that people create issues on github is to >> disable it for the >> official repository. This is possible through the Github's Admin interface. >> > > Hmm, this would probably disable pull

Re: GitHub migration planning

2012-04-18 Thread Ɓukasz Rekucki
On 19 April 2012 00:55, Donald Stufft wrote: > Github Issues are not flexible enough for Django. > That's rather a vague statement. Github issues are actually more *flexible* then Trac as you can define any set of tags for an issue. What Django could possibly want to

Re: GitHub migration planning

2012-04-18 Thread Dalton Barreto
Em 18 de abril de 2012 19:46, Dalton Barreto escreveu: > Em 18 de abril de 2012 18:44, philipn escreveu: >> Hey folks! >> >> I started a wiki page to help plan a migration to GitHub: >> >> https://code.djangoproject.com/wiki/GitHub%20Migration >> >> I

Re: GitHub migration planning

2012-04-18 Thread Donald Stufft
Github Issues are not flexible enough for Django. On Wednesday, April 18, 2012 at 6:53 PM, Alex Ogier wrote: > On Wed, Apr 18, 2012 at 6:46 PM, Dalton Barreto (mailto:daltonma...@gmail.com)> wrote: > > Em 18 de abril de 2012 18:44, philipn >

Re: GitHub migration planning

2012-04-18 Thread Alex Ogier
On Wed, Apr 18, 2012 at 6:46 PM, Dalton Barreto wrote: > Em 18 de abril de 2012 18:44, philipn escreveu: >> Hey folks! >> >> I started a wiki page to help plan a migration to GitHub: >> >> https://code.djangoproject.com/wiki/GitHub%20Migration >> >> I

Re: GSoC 2012: Security Enhancements

2012-04-18 Thread Luke Plant
On 18/04/12 20:05, Paul McMillan wrote: > My suggestion here is to include optional support for the Origin > header as follows: > - if present and null, fail the CSRF check > - if present and not null, use in alongside the Referer header > - if absent, keep current behavior > > As a general

Re: GitHub migration planning

2012-04-18 Thread Dalton Barreto
Em 18 de abril de 2012 18:44, philipn escreveu: > Hey folks! > > I started a wiki page to help plan a migration to GitHub: > > https://code.djangoproject.com/wiki/GitHub%20Migration > > I don't know what I'm doing, but I do know that the current Trac setup > (attaching patches,

GitHub migration planning

2012-04-18 Thread philipn
Hey folks! I started a wiki page to help plan a migration to GitHub: https://code.djangoproject.com/wiki/GitHub%20Migration I don't know what I'm doing, but I do know that the current Trac setup (attaching patches, etc) is less accessible to non-core contributors than GitHub and I'd love to

Proposal: Stop supporting MySQL < 5.0 in Django 1.5

2012-04-18 Thread Ramiro Morales
Hi all, I've opened ticket [1]#18116 to track this cleanup change. This change would allow to close a handful of tickets about half-backed compatibility with deprecated MySQL 4.x. More specifically the commit would make Django trunk require MySQL 5.0.3 or newer. This will allow avoid a

Re: GSoC 2012: Security Enhancements

2012-04-18 Thread Paul McMillan
There seems to be some confusion about CORS (a hairy draft spec that is not fully implemented in any browser, and not appropriate for inclusion in Django at this time) and the "Origin" header (aka Web Origin, rfc6454). http://tools.ietf.org/html/rfc6454 https://wiki.mozilla.org/Security/Origin

Re: GSoC 2012: Security Enhancements

2012-04-18 Thread Luke Plant
Sorry to reply twice, a comment on a different part: On 15/04/12 05:23, Rohan Jain wrote: > On 22:50 +0100 / 13 Apr, Luke Plant wrote: >> .. At the moment, it seems that few browsers send the >> 'Origin' header for normal HTML requests. (Recent versions of Chrome, >> Firefox and Opera do not, I

Re: GSoC 2012: Security Enhancements

2012-04-18 Thread Luke Plant
On 15/04/12 05:23, Rohan Jain wrote: > On 22:50 +0100 / 13 Apr, Luke Plant wrote: >> The reason for the strict referer checking under HTTPS is set out here: >> >> https://code.djangoproject.com/wiki/CsrfProtection >> >> Particularly, it is to fix the 'CSRF + MITM' attack that is possible >> under