Re: Django security releases issued: 5.1.1, 5.0.9, and 4.2.16

[אורי]

Hi,

I noticed that Django 4.2.16 release notes (and the other versions released
today) are not updated:
https://docs.djangoproject.com/en/5.1/releases/4.2.16/

This happens usually every time after a new release. Is it possible to fix
it?

Thanks,
Uri Rodberg, Speedy Net.
אורי
u...@speedy.net


On Tue, Sep 3, 2024 at 5:30 PM Natalia Bidart <
nataliabid...@djangoproject.com> wrote:

> Details are available on the Django project weblog:
> https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAJVoTUvYcMhWofu2TGjbDViqr6%2BvQLDGHARqkVyYEda2KTFnSQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAJVoTUvYcMhWofu2TGjbDViqr6%2BvQLDGHARqkVyYEda2KTFnSQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFKE3so3Zpi%2B%3Dc-OPcdwntw3%3DWN27kSSJH0OVxofeVivg%40mail.gmail.com.

Re: Cookies with Django

[אורי]

Thank you.


אורי
u...@speedy.net


On Fri, Aug 9, 2024 at 9:08 AM Jacob Rief  wrote:

> Hi Uri,
> we are running a large Django site in Austria. As cookies we use
> session-ids, csrf-tokens and the preferred language. By our legal team,
> they all are considered as strictly necessary and hence we do not have to
> ask for consent from our users. This btw. only applies to assets served by
> our own servers. If you add IFrames, embed YouTube videos or even OSM
> tiles, you should ask for consent, because then you might expose your users
> to 3rd party cookies.
> – Jacob
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/412c505a-0304-4885-92e9-e3d182f3438dn%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/412c505a-0304-4885-92e9-e3d182f3438dn%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGa0-u__28EZ3BLuTLYF0g7x4zuSn8td8YtqgzJEOG2Ag%40mail.gmail.com.

Re: Cookies with Django

[אורי]

Thank you.

אורי
u...@speedy.net


On Fri, Aug 9, 2024 at 5:40 AM Curtis Maloney  wrote:

> {I am not a lawyer. None of this is legal advice, of course.}
>
> Django itself does nothing to tell your users authentication uses cookies.
>
> If and how you choose to do that is up to you; also, there are some 3rd
> party apps to try to make this easier.
>
> However, I find this paragraph from https://gdpr.eu/cookies/ quite
> informative:
>
>
>- Strictly necessary cookies — These cookies are essential for you to
>browse the website and use its features, such as accessing secure areas of
>the site. Cookies that allow web shops to hold your items in your cart
>while you are shopping online are an example of strictly necessary cookies.
>These cookies will generally be first-party session cookies. While it is
>not required to obtain consent for these cookies, what they do and why they
>are necessary should be explained to the user.
>
>
> So in short, it's recommended you let users know you will be using a
> cookie, and why, but the GDPR does not mandate it for this type of cookie.
>
> --
> Curtis
>
>
> On Fri, 9 Aug 2024, at 12:35, אורי wrote:
>
> Hi,
>
> Django uses cookies at least for authentication / login. How does Django
> handle the European Union legal requirements related to using cookies? For
> example, does the user have to agree before cookies are used?
>
> Thanks,
> Uri.
> אורי
> u...@speedy.net
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CABD5YeH6_R2YyhHaB0BOzW%2BOFvWY4N8eU2pA4CvF1gt1VoPepQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CABD5YeH6_R2YyhHaB0BOzW%2BOFvWY4N8eU2pA4CvF1gt1VoPepQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/3f17f472-d1ac-46e6-97c9-caf8e1fd5f39%40app.fastmail.com
> <https://groups.google.com/d/msgid/django-developers/3f17f472-d1ac-46e6-97c9-caf8e1fd5f39%40app.fastmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeERTM8N1WrVuvGT0QurXLk_LnbO%2BCoqCiL2Hs1nZsEAUA%40mail.gmail.com.

Re: Django 5.1 - LoginRequiredMiddleware

[אורי]

Hi,

I read the updated Django 5.1 release notes and I think now it's more clear
that LoginRequiredMiddleware is only enabled if we enable it, and is not
enabled by default.

Thanks,
Uri.
אורי
u...@speedy.net


On Wed, Aug 7, 2024 at 9:29 AM Adam Johnson  wrote:

> I’ve opened a PR for a small docs tweak that may help clarify the release
> note: https://github.com/django/django/pull/18455 .
>
> On Wed, 7 Aug 2024, at 01:29, אורי wrote:
>
>
> אורי
> u...@speedy.net
>
>
> On Wed, Aug 7, 2024 at 3:17 AM James Bennett 
> wrote:
>
> On Tue, Aug 6, 2024 at 4:37 PM אורי  wrote:
>
> No. I didn't see in the documentation of LoginRequiredMiddleware
> any MIDDLEWARE setting.
>
>
> https://docs.djangoproject.com/en/5.1/ref/middleware/#django.contrib.auth.middleware.LoginRequiredMiddleware
>
>
> https://docs.djangoproject.com/en/5.1/releases/5.1/#middleware-to-require-authentication-by-default
>
> I thought that LoginRequiredMiddleware is always enabled in Django 5.1.
>
>
> The set of middlewares which will be turned on by default when generating
> a new project is documented:
>
>
> https://docs.djangoproject.com/en/5.1/topics/http/middleware/#activating-middleware
>
> Any middleware not listed there needs to be explicitly added to your
> project's MIDDLEWARE setting before it will have any effect.
>
> I don't see anything in the documentation of LoginRequiredMiddleware which
> implies that it is enabled by default or will be turned on automatically by
> upgrading Django. And I think it's highly unlikely the
> LoginRequiredMiddleware would ever become a default-enabled middleware,
> since people would probably be upset about suddenly having their sites
> login-walled by a Django upgrade.
>
>
> OK, I understand. Thank you. I read the documentation but I misunderstood
> and thought that LoginRequiredMiddleware is enabled by default.
>
> Uri.
>
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAL13Cg_wEWKBOkjnCzqiMH_n5jyycpgCnBQst84b8twq0Jc7DA%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAL13Cg_wEWKBOkjnCzqiMH_n5jyycpgCnBQst84b8twq0Jc7DA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CABD5YeFcD15GAQuFge5wW5-oqTvtcYN-gh%2B%2BcheMfkmpytz%2B%2BA%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CABD5YeFcD15GAQuFge5wW5-oqTvtcYN-gh%2B%2BcheMfkmpytz%2B%2BA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGCuOtZnQJC9V6MXpJVtDSUnZ9fY71gV1Q0LSixGkO6sA%40mail.gmail.com.

Cookies with Django

[אורי]

Hi,

Django uses cookies at least for authentication / login. How does Django
handle the European Union legal requirements related to using cookies? For
example, does the user have to agree before cookies are used?

Thanks,
Uri.
אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeH6_R2YyhHaB0BOzW%2BOFvWY4N8eU2pA4CvF1gt1VoPepQ%40mail.gmail.com.

Re: Django 5.1 - LoginRequiredMiddleware

[אורי]

Thank you.
אורי
u...@speedy.net


On Wed, Aug 7, 2024 at 10:29 AM Adam Johnson  wrote:

> I’ve opened a PR for a small docs tweak that may help clarify the release
> note: https://github.com/django/django/pull/18455 .
>
> On Wed, 7 Aug 2024, at 01:29, אורי wrote:
>
>
> אורי
> u...@speedy.net
>
>
> On Wed, Aug 7, 2024 at 3:17 AM James Bennett 
> wrote:
>
> On Tue, Aug 6, 2024 at 4:37 PM אורי  wrote:
>
> No. I didn't see in the documentation of LoginRequiredMiddleware
> any MIDDLEWARE setting.
>
>
> https://docs.djangoproject.com/en/5.1/ref/middleware/#django.contrib.auth.middleware.LoginRequiredMiddleware
>
>
> https://docs.djangoproject.com/en/5.1/releases/5.1/#middleware-to-require-authentication-by-default
>
> I thought that LoginRequiredMiddleware is always enabled in Django 5.1.
>
>
> The set of middlewares which will be turned on by default when generating
> a new project is documented:
>
>
> https://docs.djangoproject.com/en/5.1/topics/http/middleware/#activating-middleware
>
> Any middleware not listed there needs to be explicitly added to your
> project's MIDDLEWARE setting before it will have any effect.
>
> I don't see anything in the documentation of LoginRequiredMiddleware which
> implies that it is enabled by default or will be turned on automatically by
> upgrading Django. And I think it's highly unlikely the
> LoginRequiredMiddleware would ever become a default-enabled middleware,
> since people would probably be upset about suddenly having their sites
> login-walled by a Django upgrade.
>
>
> OK, I understand. Thank you. I read the documentation but I misunderstood
> and thought that LoginRequiredMiddleware is enabled by default.
>
> Uri.
>
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAL13Cg_wEWKBOkjnCzqiMH_n5jyycpgCnBQst84b8twq0Jc7DA%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAL13Cg_wEWKBOkjnCzqiMH_n5jyycpgCnBQst84b8twq0Jc7DA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CABD5YeFcD15GAQuFge5wW5-oqTvtcYN-gh%2B%2BcheMfkmpytz%2B%2BA%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CABD5YeFcD15GAQuFge5wW5-oqTvtcYN-gh%2B%2BcheMfkmpytz%2B%2BA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeHvff8B8hLL2sCUUHrOm%2BBoiqjOOtSRR4Jgt30PgiresA%40mail.gmail.com.

Re: Django 5.1 - LoginRequiredMiddleware

[אורי]

אורי
u...@speedy.net


On Wed, Aug 7, 2024 at 3:17 AM James Bennett  wrote:

> On Tue, Aug 6, 2024 at 4:37 PM אורי  wrote:
>
>> No. I didn't see in the documentation of LoginRequiredMiddleware
>> any MIDDLEWARE setting.
>>
>>
>> https://docs.djangoproject.com/en/5.1/ref/middleware/#django.contrib.auth.middleware.LoginRequiredMiddleware
>>
>>
>> https://docs.djangoproject.com/en/5.1/releases/5.1/#middleware-to-require-authentication-by-default
>>
>> I thought that LoginRequiredMiddleware is always enabled in Django 5.1.
>>
>
> The set of middlewares which will be turned on by default when generating
> a new project is documented:
>
>
> https://docs.djangoproject.com/en/5.1/topics/http/middleware/#activating-middleware
>
> Any middleware not listed there needs to be explicitly added to your
> project's MIDDLEWARE setting before it will have any effect.
>
> I don't see anything in the documentation of LoginRequiredMiddleware which
> implies that it is enabled by default or will be turned on automatically by
> upgrading Django. And I think it's highly unlikely the
> LoginRequiredMiddleware would ever become a default-enabled middleware,
> since people would probably be upset about suddenly having their sites
> login-walled by a Django upgrade.
>

OK, I understand. Thank you. I read the documentation but I misunderstood
and thought that LoginRequiredMiddleware is enabled by default.

Uri.


>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAL13Cg_wEWKBOkjnCzqiMH_n5jyycpgCnBQst84b8twq0Jc7DA%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAL13Cg_wEWKBOkjnCzqiMH_n5jyycpgCnBQst84b8twq0Jc7DA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFcD15GAQuFge5wW5-oqTvtcYN-gh%2B%2BcheMfkmpytz%2B%2BA%40mail.gmail.com.

Re: Django 5.1 - LoginRequiredMiddleware

[אורי]

אורי
u...@speedy.net


On Tue, Aug 6, 2024 at 8:37 PM 'Adam Johnson' via Django developers
(Contributions to Django itself)  wrote:

> Did you add the middleware to the MIDDLEWARE setting?
>

No. I didn't see in the documentation of LoginRequiredMiddleware
any MIDDLEWARE setting.

https://docs.djangoproject.com/en/5.1/ref/middleware/#django.contrib.auth.middleware.LoginRequiredMiddleware

https://docs.djangoproject.com/en/5.1/releases/5.1/#middleware-to-require-authentication-by-default

I thought that LoginRequiredMiddleware is always enabled in Django 5.1.


>
> On Tue, 6 Aug 2024, at 17:19, אורי wrote:
>
> Hi,
>
> I read about LoginRequiredMiddleware in Django 5.1 release notes, where
> it's written "The new LoginRequiredMiddleware redirects all unauthenticated
> requests to a login page."
>
> I wanted to check so I installed django-5.1rc1 and I checked static pages
> without login locally, and they work without change - I'm not redirected to
> login urls. What am I missing? Is this the expected behavior?
>
> Thanks,
> Uri.
> אורי
> u...@speedy.net
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CABD5YeG2i59m-P%3DB-qBW%3DiVyKNJG71cDE7WKoqz%2BBazHt2dRMw%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CABD5YeG2i59m-P%3DB-qBW%3DiVyKNJG71cDE7WKoqz%2BBazHt2dRMw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/c77d5930-8d5b-4fae-85d6-28fd167b72d3%40app.fastmail.com
> <https://groups.google.com/d/msgid/django-developers/c77d5930-8d5b-4fae-85d6-28fd167b72d3%40app.fastmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGvjy8Ud2Ju0KkpYNGMc%2BktXnauT1kzUNdy2Q2uPMTB-A%40mail.gmail.com.

Django 5.1 - LoginRequiredMiddleware

[אורי]

Hi,

I read about LoginRequiredMiddleware in Django 5.1 release notes, where
it's written "The new LoginRequiredMiddleware redirects all unauthenticated
requests to a login page."

I wanted to check so I installed django-5.1rc1 and I checked static pages
without login locally, and they work without change - I'm not redirected to
login urls. What am I missing? Is this the expected behavior?

Thanks,
Uri.
אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeG2i59m-P%3DB-qBW%3DiVyKNJG71cDE7WKoqz%2BBazHt2dRMw%40mail.gmail.com.

Re: New feature request - Run only a random subset of tests.

[אורי]

Hi,

Also, sometimes I just want to see how many tests are in a specific module,
without running them. So I can just run
`./tests_manage_all_sites_with_all_warnings.sh test speedy.net --test-only
0 --test-all-languages` which gives me the number of tests in speedy.net,
or any module I need. There is no way to count them from code, because many
of them are tested more than once so the only way to know how many tests
are in a specific module is to run them.

Thanks,
Uri.


אורי
u...@speedy.net


On Mon, Feb 12, 2024 at 3:36 PM Jörg Breitbart 
wrote:

> @Uri
>
> May I ask, whats the idea behind running a random subset of tests only?
> Wouldn't a Monte Carlo approach be highly unreliable, e.g. lure ppl into
> thinking everything is ok, but in reality the random test selection did
> not catch affected code paths? I mean for tests - its all about
> reliability, isn't it? And 200 out of 6k tests sounds like running often
> into false positive test results, esp. if your test base is skewed
> towards features not being affected by current changes.
>
> I think this could still work with a better reliability / changed code
> coverage, if the abstraction is a bit more complicated, e.g.:
> - introduce grouping flags on tests - on module, class or even single
> method scope
> - on test run, declare what flags should be tested (runs all test with
> given flags)
> - alternatively use appropriate flags reflecting your code changes +
> your test counter on top, but now it selects from the flagged tests with
> higher probability to run affected tests
>
> Ah well, just some quick thoughts on that...
>
> Cheers,
> Jörg
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers  (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/0138232b-4b8f-4a7a-99b0-67c0702f9ce8%40netzkolchose.de
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeEQ3hBNEZBhR68iiHCRkFRqr9B9jNg%3DtgsN4OwC3%3D9rLg%40mail.gmail.com.

Re: New feature request - Run only a random subset of tests.

[אורי]

Hi Jörg,

All our tests are tested anyway with GitHub Actions. The idea is to run a
subset of tests locally to catch 90% of the problems before I commit and
wait 40 minutes for all the tests to run. It works most of the time. Of
course the whole tests should be run before deploying to production, but
running a subset of tests improves productivity in locating errors without
having to wait for the full test suit to run.

(by the way, running all our tests take 90 minutes, but we skip many tests
and run them in random anyway - we have 11 languages and we always test 3
specific languages + another language selected by random. This is how we
reduce the time from 90 minutes to 40 minutes. And if we make changes in
languages, we can wait 90 minutes and run all the tests)

I also can run specific tests if I work on a specific module. For example
if I work on a specific view - I can run only tests of this view. But
again, of course we run all the tests before we deploy to production.

Thanks,
Uri.
אורי
u...@speedy.net


On Mon, Feb 12, 2024 at 3:36 PM Jörg Breitbart 
wrote:

> @Uri
>
> May I ask, whats the idea behind running a random subset of tests only?
> Wouldn't a Monte Carlo approach be highly unreliable, e.g. lure ppl into
> thinking everything is ok, but in reality the random test selection did
> not catch affected code paths? I mean for tests - its all about
> reliability, isn't it? And 200 out of 6k tests sounds like running often
> into false positive test results, esp. if your test base is skewed
> towards features not being affected by current changes.
>
> I think this could still work with a better reliability / changed code
> coverage, if the abstraction is a bit more complicated, e.g.:
> - introduce grouping flags on tests - on module, class or even single
> method scope
> - on test run, declare what flags should be tested (runs all test with
> given flags)
> - alternatively use appropriate flags reflecting your code changes +
> your test counter on top, but now it selects from the flagged tests with
> higher probability to run affected tests
>
> Ah well, just some quick thoughts on that...
>
> Cheers,
> Jörg
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers  (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/0138232b-4b8f-4a7a-99b0-67c0702f9ce8%40netzkolchose.de
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFeq_Y66GgjUD-OXP0%3D_v5LZLzC2bg4h6qaASzri0zSyA%40mail.gmail.com.

New feature request - Run only a random subset of tests.

[אורי]

Django developers,

I created https://code.djangoproject.com/ticket/35183 and was asked
to start a discussion on the DevelopersMailingList. I'm requesting a
new feature request - Run only a random subset of tests.

tests - add a new argument "--test-only" (int, >=0) and If run with this
argument, run only this number of tests.
Sometimes there are thousands of tests, for example 6,000 tests, and I want
to run only a random subset of them, for example 200 tests. It should be
possible with Django.

More details can be found on https://code.djangoproject.com/ticket/35183

Another feature request I asked is
https://code.djangoproject.com/ticket/35184 -tests - use wildcards in
labels. More details can be found on this link. But this may be more
complicated to implement.

Thanks,
Uri Rodberg, Speedy Net.
www.speedy.net
אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeHG5tpwzMgAOLOTkUo_tU9XRBGTKXZ_0a4rab-CYR3Atw%40mail.gmail.com.

Re: Pertaining the 4.2.6 release's "recreate indexes" footnote

[אורי]

Hi,

I also think a more specific documentation as to how to fix this issue is
required.

I usually upgrade Django about 6 months after the initial major release,
which is this month. But because of this issue I decided to wait 2 more
months.

Thanks,
Uri.
אורי
u...@speedy.net


On Wed, Oct 11, 2023 at 12:32 AM Michael  wrote:

> The release notes on https://docs.djangoproject.com/en/dev/releases/4.2.6/
> contain:
>
> > You may need to recreate indexes propagated to the database with Django
> 4.2 - 4.2.5 as they contain unnecessary ::text casting that is avoided as
> of this release.
>
> This doesn't give much context or give any guidance on how best to handle
> this, whether Django could help, etc.
>
> It also doesn't clarify why this is a "may need to" situation. Were Django
> versions 4.2-4.2.5 randomly doing this from time to time, or is this
> actually "you definitely do need to" situation; or is only relevant in
> specific scenarios?
>
> My immediate thought is that any indexes on non-text fields, created with
> these versions, will be useless in ORM-based queries. If that's the case,
> this seems like a much bigger deal than the footnote would imply.
>
> Thoughts on this?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/e686415b-0c4b-4643-8d0f-707aa859992bn%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/e686415b-0c4b-4643-8d0f-707aa859992bn%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGKoznt-svAZkc8kCXnJLQXT8qdUh5KxNpKrVMChDozwA%40mail.gmail.com.

Re: Django in Portuguese

[אורי]

Hi,

I created the following issue: https://code.djangoproject.com/ticket/34854

Thanks,
Uri.
אורי
u...@speedy.net


‪On Tue, Sep 19, 2023 at 9:57 PM ‫אורי‬‎  wrote:‬

> Django Developers,
>
> I need to translate my website (Django) to Portuguese (Europe/Portugal
> version). I translated the site and I was surprised to see that a specific
> error message was in English (from FileExtensionValidator). I checked and
> found out that there are many untranslated strings in language code pt,
> although they are translated in pt_BR. What's the difference and isn't it
> better to copy all the missing translations from pt_BR to pt, rather than
> display them in English to the visitors of sites such as mine? I mean they
> might understand English, but the site is meant to be in Portuguese. I
> think the minimum is to show them pt_BR translations if pt translations are
> missing.
>
> I checked other po files such as de, es, it and nl and there are no
> missing translations there.
>
> Thanks,
> Uri Rodberg, Speedy Net.
> אורי
> u...@speedy.net
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeHazYY6X4xAr0XjppS2e3bWzVrdsmQvftJjzdC_AfCZcg%40mail.gmail.com.

Django in Portuguese

[אורי]

Django Developers,

I need to translate my website (Django) to Portuguese (Europe/Portugal
version). I translated the site and I was surprised to see that a specific
error message was in English (from FileExtensionValidator). I checked and
found out that there are many untranslated strings in language code pt,
although they are translated in pt_BR. What's the difference and isn't it
better to copy all the missing translations from pt_BR to pt, rather than
display them in English to the visitors of sites such as mine? I mean they
might understand English, but the site is meant to be in Portuguese. I
think the minimum is to show them pt_BR translations if pt translations are
missing.

I checked other po files such as de, es, it and nl and there are no missing
translations there.

Thanks,
Uri Rodberg, Speedy Net.
אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFSj4cTdZ%3DJadAS4chg%3DJOVxJGOO%3Dv0JoE0hDedCO8DKg%40mail.gmail.com.

Re: Feature request: making gettext more robust

[אורי]

Hi,

There is a command to check which texts are not translated. If my code is
under directory speedy, I can run this command to see all the texts which
are not translated, not including English (because English can use the
default):

for k in speedy/*/locale/*/LC_MESSAGES/django.po; do echo $(msgattrib
--untranslated $k | fgrep msgstr | wc -l) $k; done | grep -v '^0 ' | fgrep
-v "/locale/en/LC_MESSAGES/django.po" | sort -nr

And this is with English included:
for k in speedy/*/locale/*/LC_MESSAGES/django.po; do echo $(msgattrib
--untranslated $k | fgrep msgstr | wc -l) $k; done | grep -v '^0 ' | sort
-nr

Thanks,
Uri.
אורי
u...@speedy.net


On Fri, Jun 16, 2023 at 3:55 PM Matthew Pava  wrote:

> I personally like the current behavior. If I don't have a translation
> prepared for a certain text, I want it to fall back on the default text.
> Saying that, how about Django incorporate a management command of some sort
> that can be used to examine the translation files and return the texts that
> are not translated?
>
> -Original Message-
> From: django-developers@googlegroups.com <
> django-developers@googlegroups.com> On Behalf Of Michiel Beijen
> Sent: Friday, June 16, 2023 1:44 AM
> To: django-developers@googlegroups.com
> Subject: Re: Feature request: making gettext more robust
>
> > On 15 Jun 2023, at 16:15, Tobias Kunze  wrote:
> >
> > On 23-06-15 04:29:59, Gergely Kalmár wrote:
> >> It seems that gettext is currently quite permissive – it falls back
> >> to the default language whenever a translation file is missing or if
> >> the requested message ID is missing from the translation file. This
> >> can lead to errors slipping through easily.
> >>
> >> I think it would be great if there was a way to make gettext raise an
> >> error when the translation file is missing or when the msgid is missing.
> >
> > Agreed that this is annoying behaviour, but as far as I can tell,
> > there's not much that Django can do. IIRC we only wrap Python's gettext
> module¹.
> >
> > The relevant method, GNUTranslations.gettext, returns the original
> > message if no translation has been found, and it does so without
> > indicating that this is a fallback response².
> >
> > AIUI this behaviour is rooted in GNU's gettext, which (just like the
> > Python
> > version) allows you to set a priority list of languages to fall back to³.
>
> In ‘runtime’ indeed it is difficult to get a warning for an untranslated
> string; the best way to go about it is to generate the translation file and
> check for untranslated string in your translation file via some automated
> check such as a Github Action.
>
> The added benefit this has is that if there is a translation string hiding
> in a lesser used part of your app such as the password reset form or so, it
> will still be spotted by the translation file generation, whereas you might
> otherwise miss this if you’re just clicking around in the app.
>
> —
> Michiel
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers  (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/4FE0664B-5E88-460C-826F-F0A85FC09D5B%40x14.nl
> .
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers  (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/DS7PR15MB59105F07249DA9F12BC11F098258A%40DS7PR15MB5910.namprd15.prod.outlook.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGSHmg%2B5O4ZSNkmyNschH9Ba52GHa2bs4oY8mG_%2ByiAHw%40mail.gmail.com.

Re: Issue in admin and sites

[אורי]

Can you link to the ticket?
אורי
u...@speedy.net


On Tue, May 2, 2023 at 5:28 PM Mohamed El-Kalioby 
wrote:

> Hello everyone,
>
>
> I’ve opened this issue on the issue tracker, and was asked to post here
> for the sake of discussion.
>
> In SaaS product, we have set of organizations (customers), each
> organization is working under its own subdomain under the SaaS domain, and
> each is completely independent. Each organization will have a super user
> who shall have access to the Django admin to edit their organization
> objects. Currently, Django admin only shows the objects which belong to the
> SITE_ID even with setting the default_manager to the current_site manager
> and enabling the sites middleware.
>
> I think this behavior is misleading and Django admin shall support sites
> app, so what do you think?
>
> Best regards
> Mohamed ElKalioby
>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAFJxxNcteC-sA5%3Db1JCjMg4bAOgNsd%3DHrzwb152SjOhnZQRC4g%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAFJxxNcteC-sA5%3Db1JCjMg4bAOgNsd%3DHrzwb152SjOhnZQRC4g%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeH34ivmtsf0Lm4WLkGcsRnL6GNDAKXZEJBMYhwdc-UudA%40mail.gmail.com.

Re: Model-level validation

[אורי]

אורי
u...@speedy.net


On Fri, Oct 7, 2022 at 10:01 AM Carlton Gibson 
wrote:

> > ... the duplication I was referring to is having both Forms and
> Serializers do validation.
>
> That's a separate issue.
>
> Can we merge various aspects of DRF into Django, so that it better handles
> building JSON APIs? Yes, clearly. One step of that is better content type
> handling, another is serializers. (There are others).
> On the serializer front, it would be a question of making django.forms
> better able to handle list-like (possibly do-able with FormSet) and nested
> data, and so on.
> Not a small project, but with things like django-readers, and
> Pydantic (and django-ninja), and attrs/cattrs showing new ideas,
> re-thinking about serialization in Django is about due.
>
> But the issue is here:
>
> > ... I also don't relish the thought of needing to use a Form or
> Serializer every time I alter a Model's data.
>
> I'm like literally, "¿Qué? 😳" - Every single time you get data from an
> untrusted source you simply **must** validate it before use. ("Filter
> input, escape output", I was drilled.) That applies exactly the same to a
> CSV file as it does to HTTP request data. (That your CSV is malformed is
> axiomatic no? :)
>
> If you want to enforce validation, with a single call, write a method (on
> a manager likely) that encapsulates your update logic (and runs the
> validation before save). Then always use that in your code. (That's long
> been a recommended pattern
> <https://www.dabapps.com/blog/django-models-and-encapsulation/>.) But
> don't skip the validation layer on your incoming data.
>
> I would be -1 to `validate` kwarg to `save()` — that's every user ever
> wondering *should I use it? *every time. (Same for a setting.)
> Rather — is this a docs issue? — we should re-emphasise the importance of
> the validation layer.
> Then if folks want a convenience API to do both tasks, they're free to
> write that for their models. (This is what Uri has done for Speedy Net.
> It's not a bad pattern.)
>

Thank you! 🍑

You might want to include such a solution in the docs, in case Django users
want to validate models.

My solution is taken from https://gist.github.com/glarrain/5448253

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeH%2B-9SeTqLvLZHjDZSRg_xPBcyLyggwi8LGtR2orNmHGA%40mail.gmail.com.

Re: Model-level validation

[אורי]

אורי
u...@speedy.net


On Thu, Oct 6, 2022 at 6:11 AM Aaron Smith  wrote:

> It sounds like there is little support for this being the default. But I'd
> like to propose something that might satisfy the different concerns:
>
> 1) A `validate` kwarg for `save()`, defaulted to `False`. This maintains
> backwards compatibility and also moves the validation behavior users coming
> to Django from other frameworks likely expect, in a more user friendly way
> than overriding save to call `full_clean()`.
>
> And/or...
>
> 2) An optional Django setting (`VALIDATE_MODELS_DEFAULT`?) to change the
> default behavior to `True`. The `validate` kwarg above would override this
> per call, allowing unvalidated saves when necessary.
>
> These changes would be simple, backwards compatible, and give individual
> projects the choice to make Django behave like other ORMs with regard to
> validation. This being the Django developers mailing list I should not be
> surprised that most people here support the status quo, but in my personal
> experience, having had this conversation with dozens of coworkers over the
> years - 100% of them expressed a strong desire for Django to do this
> differently.
>

+1

I would suggest having a setting "VALIDATE_MODELS_BY_DEFAULT", which is
true or false (true by default), whether to call full_clean() on save(),
with an option to call it with "validate=True" or "validate=False" to
override this default. Maybe also allow changing the default for specific
models.

This is similar to forms that have `def save(self, commit=True):`, and you
can call them with "commit=True" or "commit=False" to save or not save the
results to the database. I also suggest that VALIDATE_MODELS_BY_DEFAULT
will be true by default from some specific future version of Django, so
that if users don't want it, they will have to manually set it to false.

We should still remember that there are bulk actions such as bulk_create()
or update(), that bypass save() completely, so we have to decide how to
handle them if we want our data to be always validated.

Uri Rodberg, Speedy Net.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGHLfzA%3DV%3DosAFM1wnitJ6R20sqc5ddVCCWarBv%2Bk1j3A%40mail.gmail.com.

Re: Suggestion: Limit activated languages to settings.LANGUAGES

[אורי]

Hi Shai,

Actually, I think this issue is very similar to what I wrote in the thread
of "Model-level validation". I have been using Django for 6 years, and I
was not aware that one can call translation.activate() with a language not
in django_settings.LANGUAGES. I was thinking this would raise an exception,
which it should in my opinion. If the language is not
in django_settings.LANGUAGES, so there are probably no .po files to
translate it, so all its strings will remain untranslated. I checked and we
have a few tests in Speedy Net, where we check if we can
call user.speedy_match_profile._set_active_languages with an unsupported
language, and it does raise an exception when saving the model. The field
is defined in a way that it has only specific valid choices. You can see
for example the following tests:

https://github.com/speedy-net/speedy-net/blob/master/speedy/match/accounts/tests/test_models.py#L767-L786

Another thing - we don't call translation.activate() with a language code
received from the user. Instead, we check our own language codes and
call translation.activate() if one of them matches the URL. Otherwise we
redirect to the default URL. I think one should never call
translation.activate() with a language code received from the user.

 for language_code, language_name in django_settings.LANGUAGES:
if (domain ==
"{language_code}.{domain}".format(language_code=language_code,
domain=site.domain)):
translation.activate(language=language_code)
request.LANGUAGE_CODE = translation.get_language()
return self.get_response(request=request)

Or, alternatively, you can check if the language_code is
in django_settings.LANGUAGES, and only then activate it.

Thanks,
Uri Rodberg, Speedy Net.
אורי
u...@speedy.net


On Tue, Oct 4, 2022 at 5:05 PM Shai Berger  wrote:

> Hello Djangonauts,
>
> This suggestion is following from discussions of the security issue
> which was resolved in today's release. In essence, the issue is that
> language codes are optionally used as prefixes in URLs, and for this
> use they also become part of regular expressions used by the URL
> resolution mechanisms. So, if an attacker manages to convince the
> server to use a "language code" which encodes a pathologically complex
> regex, the server can be DOS'd. The solution was to modify the
> regex-inclusion part to regex-escape the language code -- ensuring
> that language codes are never interpreted, in this role, as anything
> other than a simple chain of single characters. This is the proper
> security fix: Prevents the problem where it could manifest, with
> minimal effects elsewhere.
>
> But looking forward, I think we should reconsider the fact that
> django.utils.translation.activate() will just activate whatever
> language code it is given. We do have a setting, LANGUAGES, which
> defines a list of the languages (and codes) supported by our site. Why
> should activate() accept anything that is not in this list?
>
> Two points have been raised in support of the current behavior: The
> existence of custom languages, and of fallback language codes (that is,
> e.g where the user asks for zh-hk and gets, instead, zh-hant). But in
> my opinion, they do not justify it:
>
> - A custom language should be included in settings.LANGUAGES if it is
>   to be supported; otherwise, e.g. makemessages will not even handle
>   its translation file.
>
> - When a language with a fallback is requested, the site should really
>   activate the fallback language, not pretend to activate the requested
>   one while actually using the fallback. As an example, if "en-us" is
>   used as a fallback for "en-gb", and the URL has "en-gb" in it, then a
>   British user would rightly be offended by all the American spelling
>   they would see. The site should be honest enough to say "yes, you
>   asked for en-gb, but we fell back to en-us; sorry, that's the best we
>   have for you".
>
> Note that there are all sorts of functions that check if a language
> code is valid. For example, django.views.i18n.set_language() checks if
> a translation for the languages exists in the project or its apps (but
> not, AFAICT, the setting). d.u.translation.get_language_from_request()
> and get_language_from_path() do check the LANGUAGES setting. It is
> likely that including the check in activate() will do some double work.
> And yet, we found ourselves introducing the security fix.
>
> (I should note that this suggestion was also, independently, raised by
> Benjamin who reported the vulnerability)
>
> Opinions, suggestions, and explanations of the value I miss in allowing
> activate() to take random language codes welcome.
>
> Thanks,
> Shai.
>

Re: Model-level validation

[אורי]

אורי
u...@speedy.net


On Thu, Sep 29, 2022 at 11:04 AM Carlton Gibson 
wrote:

>
> On Thursday, 29 September 2022 at 06:29:30 UTC+2 aa...@aaronsmith.co
> wrote:
>
>> Why doesn't Django validate Models on save()?
>>
>> I am aware that full_clean() is called when using ModelForms. But most
>> web app development these days, and every django app I've ever worked with,
>> are headless APIs. The default behavior is dangerous for the naive
>> developer.
>>
>> Bringing View-level concepts such as forms or serializers down into
>> celery tasks and management commands breaks separation of concerns, and
>> having multiple validation implementations at different layers in the app
>> is fraught with divergence and unexpected behavior.
>>
>> It's not right. The data store layer should protect the validity of the
>> data.
>>
>
I haven't received the original message but only the reply from Carlton
Gibson.

In Speedy Net, all the models inherit from a BaseModel which inherits
from ValidateModelMixin which runs self.full_clean() on save().
https://github.com/speedy-net/speedy-net/blob/master/speedy/core/base/models.py#L7-L16

I was surprised that this is not a default in Django and I think it should
be - models should validate their values before saving to the database.

I also disabled bulk actions such as bulk_create() to avoid saving to the
database without calling save().

Personally, I think this is a must in Django - calling save() for each
instance and calling self.full_clean() to validate data in save().

Uri Rodberg, Speedy Net.



> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/566b4706-4075-485b-9122-eca24d3b67fcn%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/566b4706-4075-485b-9122-eca24d3b67fcn%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeH3jb_7soEcMKM5qdHyvqWxXDCA3%3D%3DZ%2BPBC47YMtTAggg%40mail.gmail.com.

Re: add option to specify HELO name/identity in SMTP client

[אורי]

Hi David,

Does and should Django connect directly to a remote SMTP server? Isn't it
better to use the local mail server which will receive the email and then
send it to a remote SMTP server? In my opinion, it's always better to send
emails via a local mail server on the same machine. Do you have other
experiences?

Thanks,
Uri Rodberg, Speedy Net.
אורי
u...@speedy.net


On Wed, Sep 7, 2022 at 5:21 PM David Miguel Susano Pinto <
carandr...@gmail.com> wrote:

> After connecting to a SMTP server, a client identifies themselves with
> a HELO/EHLO command, like so:
>
> HELO my-domain.example
>
> While typically this is the client FQDN, that's not actually required
> and in some setups the client needs to use some other name (it just
> so happens that I'm in that situation).
>
> Django's SMTP client defaults to `socket.getfqdn()`.
>
> https://github.com/django/django/blob/main/django/core/mail/
> backends/smtp.py#L69
> https://github.com/django/django/blob/main/django/core/mail/
> utils.py#L16
>
> This is a very good default but there is no option to set it to
> something else.  I would propose a new option for it.  Some possible
> names are:
>
> - `MAIL_LOCAL_HOSTNAME`: because `local_hostname` is the name of the
>   argument used by `smtplib` for this.
>
> - `MAIL_HELO_DATA`: a clearer name, `helo_data` is used in the exim
>   configuration.
>
> - `MAIL_HELO_NAME`: even more clear, `helo_name` is used in the
>   postfix configuration.
>
> A workaround for this is to setup a SMTP server locally, such as Exim
> or Postfix, that simply forwards the emails from Django.
>
> Best wishes
> David
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/eaa81e50-cfd0-4cbd-ac75-3ad36fc50c51n%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/eaa81e50-cfd0-4cbd-ac75-3ad36fc50c51n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGWKjHYGtzRwpZFkLWvAXJpnQmYjHBa_2inYXpx4f6C5A%40mail.gmail.com.

Re: More user friendly delete confirmation template

[אורי]

אורי
u...@speedy.net


On Tue, Aug 16, 2022 at 3:55 PM 'Adam Johnson' via Django developers
(Contributions to Django itself)  wrote:

> Collapsing the list of to-be-deleted objects could also lead to cases of
> accidental removal of related objects. I think it's better to err on the
> side of overwhelming than hiding information.
>

When I delete a user in the admin, I see the objects that would be deleted
too. This is very important and I don't want to collapse this list. There
are usually about 5 objects to be deleted, and I want to see them all in
the HTML. The current interface is perfect and I don't want to change it.

Uri Rodberg, Speedy Net.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGRseHj%2BMq9tWNSVMGXkp3QUUixZG688HhKWCLmcbQF5Q%40mail.gmail.com.

Re: timesince and timeuntil - should we use python-dateutil?

[אורי]

Hi,

I created my own utility function:



*from dateutil.relativedelta import relativedelta*

*from django.utils.timesince import TIME_STRINGS as
timesince_time_strings**from
django.utils.html import avoid_wrapping*
*from django.utils.translation import gettext, get_language*



















*def timesince(d, now):delta = relativedelta(now, d)years =
delta.yearsmonths = delta.monthsweeks = delta.days // 7days =
delta.days - weeks * 7timesince_counts = [(years, "year"), (months,
"month")]if (years == 0):timesince_counts.append((weeks,
"week"))if (months == 0):timesince_counts.append((days,
"day"))result = []for (count, name) in timesince_counts:if
(count > 0):
result.append(avoid_wrapping(value=timesince_time_strings[name] % {"num":
count}))return gettext(", ").join(result)*

I don't need depth>2, I don't need hours and minutes and by definition my
function returns "" if both dates are the same. now must be bigger than d
or else I don't know what will happen... I think you just get "" otherwise.

https://github.com/speedy-net/speedy-net/blob/master/speedy/core/base/utils.py


אורי
u...@speedy.net


On Tue, Aug 2, 2022 at 10:54 AM Carlton Gibson 
wrote:

> Hey Uri.
>
> Historically, taking on extra dependencies isn't something we've done
> lightly.
> The packaging situation is a lot better these days than it was in
> earlier years, but with the concerns about supply chain security I think
> maintaining that position is worthwhile.
> If we were to take on python-dateutil as a required dependency there would
> be folks needing to go through an additional security audit in order to get
> permission to upgrade Django. I wouldn't think two template tags justifies
> that.
>
> So then, it would need to be optional.
> But then it could just live in a third-party package.
> (I don't think we really document it, but one could shadow/override the
> built-in tags with the improved versions if your app was installed, I
> guess...)
>
> Or that would be my initial thought. 🤔
>
> Kind Regards,
>
> Carlton
>
>
> ‪On Tue, 2 Aug 2022 at 03:27, ‫אורי‬‎  wrote:‬
>
>> Hi,
>>
>> Lately I discovered some inaccuracy bugs in timesince (and timeuntil),
>> and I created a ticket (#33879
>> <https://code.djangoproject.com/ticket/33879>). In short, the problems
>> are when calculating a year minus one week, 2 weeks, one day etc. and also
>> 2 years minus one or 2 days. In all such cases, Django's implementation
>> of timesince is inaccurate, in some cases resulting in "1 year, 12
>> months" (for 2 years minus one or 2 days) or adding a week (for a year
>> minus one or 2 weeks). I read the code of Django's timesince implementation
>> and it's quite long, and I searched and found that python-dateutil already
>> have such methods, which is possible to calculate exactly the number of
>> days between two dates like this:
>>
>>
>>
>>
>>
>>
>>
>>
>> *from dateutil.relativedelta import relativedeltadiff =
>> relativedelta(date2, date1)years = diff.yearsmonths = diff.monthsweeks =
>> diff.days // 7days = diff.days - weeks * 7 # ("**diff.days % 7" will
>> also work here)*
>>
>> This calculates exactly the number of years, months, weeks and days and
>> not an approximation like Django's implementation. And python-dateutil is
>> stable and I think exists even before Django. I recently started using
>> Django's timesince function in my own website, and I like the way it's
>> translated (currently only to English and Hebrew). Do you think it's worth
>> using python-dateutil in the Django implementation of timesince and
>> timeuntil?
>>
>> Of course, I can also implement my own version of timesince which
>> uses python-dateutil and doesn't use Django. But since timesince and
>> timeuntil are built-in tags in Django, I guess many websites are using
>> them. Isn't it better to use a more precise implementation and avoid
>> something like "1 year, 12 months"?
>>
>> Thanks,
>> Uri Rodberg, Speedy Net
>> אורי
>> u...@speedy.net
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-developers+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google

Re: timesince and timeuntil - should we use python-dateutil?

[אורי]

Hi Carlton,

I understand, thank you.

Uri Rodberg, Speedy Net

אורי
u...@speedy.net


On Tue, Aug 2, 2022 at 10:54 AM Carlton Gibson 
wrote:

> Hey Uri.
>
> Historically, taking on extra dependencies isn't something we've done
> lightly.
> The packaging situation is a lot better these days than it was in
> earlier years, but with the concerns about supply chain security I think
> maintaining that position is worthwhile.
> If we were to take on python-dateutil as a required dependency there would
> be folks needing to go through an additional security audit in order to get
> permission to upgrade Django. I wouldn't think two template tags justifies
> that.
>
> So then, it would need to be optional.
> But then it could just live in a third-party package.
> (I don't think we really document it, but one could shadow/override the
> built-in tags with the improved versions if your app was installed, I
> guess...)
>
> Or that would be my initial thought. 🤔
>
> Kind Regards,
>
> Carlton
>
>
> ‪On Tue, 2 Aug 2022 at 03:27, ‫אורי‬‎  wrote:‬
>
>> Hi,
>>
>> Lately I discovered some inaccuracy bugs in timesince (and timeuntil),
>> and I created a ticket (#33879
>> <https://code.djangoproject.com/ticket/33879>). In short, the problems
>> are when calculating a year minus one week, 2 weeks, one day etc. and also
>> 2 years minus one or 2 days. In all such cases, Django's implementation
>> of timesince is inaccurate, in some cases resulting in "1 year, 12
>> months" (for 2 years minus one or 2 days) or adding a week (for a year
>> minus one or 2 weeks). I read the code of Django's timesince implementation
>> and it's quite long, and I searched and found that python-dateutil already
>> have such methods, which is possible to calculate exactly the number of
>> days between two dates like this:
>>
>>
>>
>>
>>
>>
>>
>>
>> *from dateutil.relativedelta import relativedeltadiff =
>> relativedelta(date2, date1)years = diff.yearsmonths = diff.monthsweeks =
>> diff.days // 7days = diff.days - weeks * 7 # ("**diff.days % 7" will
>> also work here)*
>>
>> This calculates exactly the number of years, months, weeks and days and
>> not an approximation like Django's implementation. And python-dateutil is
>> stable and I think exists even before Django. I recently started using
>> Django's timesince function in my own website, and I like the way it's
>> translated (currently only to English and Hebrew). Do you think it's worth
>> using python-dateutil in the Django implementation of timesince and
>> timeuntil?
>>
>> Of course, I can also implement my own version of timesince which
>> uses python-dateutil and doesn't use Django. But since timesince and
>> timeuntil are built-in tags in Django, I guess many websites are using
>> them. Isn't it better to use a more precise implementation and avoid
>> something like "1 year, 12 months"?
>>
>> Thanks,
>> Uri Rodberg, Speedy Net
>> אורי
>> u...@speedy.net
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-developers+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-developers/CABD5YeEC_o%2BwQVF8pj3Kat57MXfX071LT0rZAq2XipFFCK%3DFBQ%40mail.gmail.com
>> <https://groups.google.com/d/msgid/django-developers/CABD5YeEC_o%2BwQVF8pj3Kat57MXfX071LT0rZAq2XipFFCK%3DFBQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAJwKpyTwuAQvq%2BwB3Pv_HfSBHiZLf2gq3nCPmYGVrvyCY2GfmA%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAJwKpyTwuAQvq%2BwB3Pv_HfSBHiZLf2gq3nCPmYGVrvyCY2GfmA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGpeLJW3rggstfm%3DYhumSGymFGm3FGXyX%3DCD4T6uedjHQ%40mail.gmail.com.

timesince and timeuntil - should we use python-dateutil?

[אורי]

Hi,

Lately I discovered some inaccuracy bugs in timesince (and timeuntil), and
I created a ticket (#33879 <https://code.djangoproject.com/ticket/33879>).
In short, the problems are when calculating a year minus one week, 2 weeks,
one day etc. and also 2 years minus one or 2 days. In all such cases,
Django's implementation of timesince is inaccurate, in some cases resulting
in "1 year, 12 months" (for 2 years minus one or 2 days) or adding a week
(for a year minus one or 2 weeks). I read the code of Django's timesince
implementation and it's quite long, and I searched and found
that python-dateutil already have such methods, which is possible to
calculate exactly the number of days between two dates like this:








*from dateutil.relativedelta import relativedeltadiff =
relativedelta(date2, date1)years = diff.yearsmonths = diff.monthsweeks =
diff.days // 7days = diff.days - weeks * 7 # ("**diff.days % 7" will also
work here)*

This calculates exactly the number of years, months, weeks and days and not
an approximation like Django's implementation. And python-dateutil is
stable and I think exists even before Django. I recently started using
Django's timesince function in my own website, and I like the way it's
translated (currently only to English and Hebrew). Do you think it's worth
using python-dateutil in the Django implementation of timesince and
timeuntil?

Of course, I can also implement my own version of timesince which
uses python-dateutil and doesn't use Django. But since timesince and
timeuntil are built-in tags in Django, I guess many websites are using
them. Isn't it better to use a more precise implementation and avoid
something like "1 year, 12 months"?

Thanks,
Uri Rodberg, Speedy Net
אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeEC_o%2BwQVF8pj3Kat57MXfX071LT0rZAq2XipFFCK%3DFBQ%40mail.gmail.com.

Re: Features deprecated in 4.1 / Log out via GET

[אורי]

Hi Adam,

Just for the record, if anyone is seeing this thread - what works for me is
running tests with "python -W error" (and not "python -W all") so that all
the warnings are converted to exceptions - then the tests fail. If I run
them with "python -W all" I can see the warnings but the tests pass.

I'm in the process of converting the logout links on my websites to forms
with POST.

Thanks,
אורי
u...@speedy.net


On Thu, May 19, 2022 at 10:52 PM 'Adam Johnson' via Django developers
(Contributions to Django itself)  wrote:

> Hi Uri,
>
> The view raises a RemovedInDjango50Warning, which on Django 4.1 inherits
> from PendingDeprecationWarning:
> https://github.com/django/django/blob/ac6410ec071f53893914c82e820a2320866681df/django/utils/deprecation.py#L12
>
> You'll need to run with "python -W all" or similar to see it (consider 
> development
> mode <https://docs.python.org/3.10/library/devmode.html>). Python's
> default warning filters will only show DeprecationWarning, which is "the
> next level up", and what Django 4.2 will use for RemovedInDjango50Warning.
>
> ‪On Thu, May 19, 2022 at 8:28 PM ‫אורי‬‎  wrote:‬
>
>> Hi,
>>
>> I installed Django 4.1 alpha and ran the tests with deprecation warnings
>> enabled, but I didn't get any deprecation warnings for logging out with
>> get. I have this test:
>>
>> def test_user_can_logout(self):
>> r = self.client.get(path='/logout/')
>> self.assertEqual(first=r.status_code, second=200)
>> r = self.client.get(path='/')
>> self.assertIs(expr1=r.context['user'].is_authenticated,
>> expr2=False)
>>
>> And I ran it with the command
>> `./tests_manage_all_sites_with_deprecation_warnings.sh test
>> speedy.core.accounts.tests.test_views.LogoutViewTestCase`, and the test is
>> passing without any deprecation warnings. Is it a problem with Django 4.1
>> or in the way I ran the test?
>>
>> Do you want me to file a new ticket?
>>
>> Thanks,
>> Uri.
>> אורי
>> u...@speedy.net
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-developers+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-developers/CABD5YeFEdxPt3Yxbv3Ws3EFxmnswmXb9qhsLk1NH-%2BaLucwyxQ%40mail.gmail.com
>> <https://groups.google.com/d/msgid/django-developers/CABD5YeFEdxPt3Yxbv3Ws3EFxmnswmXb9qhsLk1NH-%2BaLucwyxQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAMyDDM3m9pHb23%2BJN9Efc%2BvN%3DMDz8Penk0FOM_xBLECOR833bw%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAMyDDM3m9pHb23%2BJN9Efc%2BvN%3DMDz8Penk0FOM_xBLECOR833bw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeEbQ4JmWwHiPP8Jx32L_z663uTxS67haLmEAbsJwPrGvg%40mail.gmail.com.

Re: Django security releases issued: 4.0.6 and 3.2.14.

[אורי]

Hi,

Bugfixes are empty on https://docs.djangoproject.com/en/4.0/releases/4.0.6/


אורי
u...@speedy.net


On Mon, Jul 4, 2022 at 11:00 AM Mariusz Felisiak 
wrote:

> Details are available on the Django project weblog:
>
> https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/698e7b10-6073-9636-56a6-48863d8bdf22%40gmail.com
> <https://groups.google.com/d/msgid/django-developers/698e7b10-6073-9636-56a6-48863d8bdf22%40gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFwJoOb66hsiHK6iLx50zwn33og1j6JB2WC8auCx0EyYw%40mail.gmail.com.

Re: Idea: Add .checked(/) to QuerySet as alternative to .filter() w/ .first()

[אורי]

I don't like get() and catching exceptions. What I usually do is something
like this:

foo_list = Foo.objects.filter(x=x)
if (len(foo_list) == 1):
foo = foo_list[0]

And if I need else, I can assign None or whatever. The advantage in this
way is that you don't get an exception, and you deal with all numbers of
elements except 1, not only 0 (it can be 2 or 3 for example). And you don't
have to catch exceptions for multiple and does-not-exist. Many times I
don't need else, I just don't do anything if the number of elements
received is not 1.

Uri.
אורי
u...@speedy.net


On Tue, Jun 21, 2022 at 10:50 AM Adrian Torres Justo 
wrote:

> A common idiom is also
>
> ```
> try:
> foo = Foo.objects.get(x="foo")
> except Foo.DoesNotExist:
> foo = None
> ```
>
> which is pretty pythonic IMO, but I wouldn't be opposed to a keyword-only
> argument on `get` that returns `None` if not found
>
> ```
> foo = Foo.objects.get(x="foo", strict=False)
> # or
> foo = Foo.objects.get(x="foo", raises=False)
> ```
>
> As it stands your current proposal isn't much different from filter() then
> first(), IMO, the method names change but the amount of chaining is the
> same.
> On Monday, June 20, 2022 at 9:34:08 PM UTC+2 stev...@gmail.com wrote:
>
>> It is a common idiom to use `.filter(<...>).first()` as a
>> replacement for `.get(<...>)` when `None` is wanted instead of an exception
>> when no match is found. That works, but wouldn't the intention be more
>> clear if that could be written as something like
>>
>> .checked(False).get(<...>)
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/eb6a2bc2-b72f-49ff-9e90-12913ad876c9n%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/eb6a2bc2-b72f-49ff-9e90-12913ad876c9n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGH7eZqECsCbnC8ifG%2BgOfFW_SY5ug2P-DqYmti4hpmTA%40mail.gmail.com.

Re: Features deprecated in 4.1 / Log out via GET

[אורי]

Hi Adam,

I understand, and with `python -W all` I can see this warning (it was with
`python -W error::DeprecationWarning` that I didn't see the warning).

Thanks,
Uri.
אורי
u...@speedy.net


On Thu, May 19, 2022 at 10:52 PM 'Adam Johnson' via Django developers
(Contributions to Django itself)  wrote:

> Hi Uri,
>
> The view raises a RemovedInDjango50Warning, which on Django 4.1 inherits
> from PendingDeprecationWarning:
> https://github.com/django/django/blob/ac6410ec071f53893914c82e820a2320866681df/django/utils/deprecation.py#L12
>
> You'll need to run with "python -W all" or similar to see it (consider 
> development
> mode <https://docs.python.org/3.10/library/devmode.html>). Python's
> default warning filters will only show DeprecationWarning, which is "the
> next level up", and what Django 4.2 will use for RemovedInDjango50Warning.
>
> ‪On Thu, May 19, 2022 at 8:28 PM ‫אורי‬‎  wrote:‬
>
>> Hi,
>>
>> I installed Django 4.1 alpha and ran the tests with deprecation warnings
>> enabled, but I didn't get any deprecation warnings for logging out with
>> get. I have this test:
>>
>> def test_user_can_logout(self):
>> r = self.client.get(path='/logout/')
>> self.assertEqual(first=r.status_code, second=200)
>> r = self.client.get(path='/')
>> self.assertIs(expr1=r.context['user'].is_authenticated,
>> expr2=False)
>>
>> And I ran it with the command
>> `./tests_manage_all_sites_with_deprecation_warnings.sh test
>> speedy.core.accounts.tests.test_views.LogoutViewTestCase`, and the test is
>> passing without any deprecation warnings. Is it a problem with Django 4.1
>> or in the way I ran the test?
>>
>> Do you want me to file a new ticket?
>>
>> Thanks,
>> Uri.
>> אורי
>> u...@speedy.net
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-developers+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-developers/CABD5YeFEdxPt3Yxbv3Ws3EFxmnswmXb9qhsLk1NH-%2BaLucwyxQ%40mail.gmail.com
>> <https://groups.google.com/d/msgid/django-developers/CABD5YeFEdxPt3Yxbv3Ws3EFxmnswmXb9qhsLk1NH-%2BaLucwyxQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAMyDDM3m9pHb23%2BJN9Efc%2BvN%3DMDz8Penk0FOM_xBLECOR833bw%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAMyDDM3m9pHb23%2BJN9Efc%2BvN%3DMDz8Penk0FOM_xBLECOR833bw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeG4Z7nKs%2BxGRWGdFbxNGAi9tsm2W53fxt%2B4MuKyiOfdgw%40mail.gmail.com.

Features deprecated in 4.1 / Log out via GET

[אורי]

Hi,

I installed Django 4.1 alpha and ran the tests with deprecation warnings
enabled, but I didn't get any deprecation warnings for logging out with
get. I have this test:

def test_user_can_logout(self):
r = self.client.get(path='/logout/')
self.assertEqual(first=r.status_code, second=200)
r = self.client.get(path='/')
self.assertIs(expr1=r.context['user'].is_authenticated,
expr2=False)

And I ran it with the command
`./tests_manage_all_sites_with_deprecation_warnings.sh test
speedy.core.accounts.tests.test_views.LogoutViewTestCase`, and the test is
passing without any deprecation warnings. Is it a problem with Django 4.1
or in the way I ran the test?

Do you want me to file a new ticket?

Thanks,
Uri.
אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFEdxPt3Yxbv3Ws3EFxmnswmXb9qhsLk1NH-%2BaLucwyxQ%40mail.gmail.com.

Re: Django 4.1 alpha 1 released

[אורי]

Hi Carlton,

Thanks for your reply. I created a ticket:
https://code.djangoproject.com/ticket/33724

I'm not sure how to create a test. Maybe you should just contain the
following code (in a model):

def clean_fields(self, exclude=None):
if (exclude is None):
exclude = []

exclude += ['username', 'slug']

return super().clean_fields(exclude=exclude)

Or if you want to check for a set then change it to sets.

Thanks,
Uri.

אורי
u...@speedy.net


On Thu, May 19, 2022 at 10:20 AM Carlton Gibson 
wrote:

> Hi Uri,
>
> Good spot. The docs have `The optional exclude argument lets you provide a
> list of field names to exclude from validation.` for `clean_fields()` so
> expecting a list seems reasonable. 🤔
>
> This was changed in
> https://github.com/django/django/commit/1ea7e3157d1f9b4db71e768d75ea57e47dbd49f9
> — it looks like your use-case isn't covered by the existing tests.
> Can I ask you to open a ticket on Trac, with a minimal test and we can
> have a look?
>
> Thanks! 👍
>
> Kind Regards,
>
> Carlton
>
> ‪On Thu, 19 May 2022 at 05:50, ‫אורי‬‎  wrote:‬
>
>> Hi,
>>
>> In my code there is clean_fields with exclude as an optional argument:
>>
>> def clean_fields(self, exclude=None):
>> """
>> Allows to have different slug and username validators for Entity
>> and User.
>> """
>> if (exclude is None):
>> exclude = []
>>
>> Is it still optional and should I define it as a set if it's None? Or is
>> it not optional any more?
>>
>> I see in Django 4.1 alpha this is the code now:
>> def clean_fields(self, exclude=None):
>> """
>> Clean all fields and raise a ValidationError containing a dict
>> of all validation errors if any occur.
>> """
>> if exclude is None:
>> exclude = set()
>>
>>
>>
>> אורי
>> u...@speedy.net
>>
>>
>> On Wed, May 18, 2022 at 9:09 AM Carlton Gibson 
>> wrote:
>>
>>> Details are available on the Django project weblog:
>>>
>>>
>>> https://www.djangoproject.com/weblog/2022/may/18/django-41-alpha-1-released/
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django developers (Contributions to Django itself)" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django-developers+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/django-developers/CAJwKpyQmCB6q__p167GcmaH8dBT%3D-jSbtr2LLb_E63E9QRQUXQ%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/django-developers/CAJwKpyQmCB6q__p167GcmaH8dBT%3D-jSbtr2LLb_E63E9QRQUXQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-developers+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-developers/CABD5YeG9RYV2%2BqKN1_XT%2Bn0%3DJ6W2G0t-OWFBB-pLWQQFvEVJDQ%40mail.gmail.com
>> <https://groups.google.com/d/msgid/django-developers/CABD5YeG9RYV2%2BqKN1_XT%2Bn0%3DJ6W2G0t-OWFBB-pLWQQFvEVJDQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAJwKpyTTsPFQWBcnJJTgYzdGTk4Qxt5ef%3Dw%3DdRr%3DQD8Dhnjb%3Dg%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAJwKpyTTsPFQWBcnJJTgYzdGTk4Qxt5ef%3Dw%3DdRr%3DQD8Dhnjb%3Dg%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFHY1Z8SRW1T2SiO%3Dv5g9XQNz2drWZAy-ur9BeA4SEhGA%40mail.gmail.com.

Re: Django 4.1 alpha 1 released

[אורי]

Hi,

In my code there is clean_fields with exclude as an optional argument:

def clean_fields(self, exclude=None):
"""
Allows to have different slug and username validators for Entity
and User.
"""
if (exclude is None):
exclude = []

Is it still optional and should I define it as a set if it's None? Or is it
not optional any more?

I see in Django 4.1 alpha this is the code now:
def clean_fields(self, exclude=None):
"""
Clean all fields and raise a ValidationError containing a dict
of all validation errors if any occur.
"""
if exclude is None:
exclude = set()



אורי
u...@speedy.net


On Wed, May 18, 2022 at 9:09 AM Carlton Gibson 
wrote:

> Details are available on the Django project weblog:
>
>
> https://www.djangoproject.com/weblog/2022/may/18/django-41-alpha-1-released/
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAJwKpyQmCB6q__p167GcmaH8dBT%3D-jSbtr2LLb_E63E9QRQUXQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAJwKpyQmCB6q__p167GcmaH8dBT%3D-jSbtr2LLb_E63E9QRQUXQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeG9RYV2%2BqKN1_XT%2Bn0%3DJ6W2G0t-OWFBB-pLWQQFvEVJDQ%40mail.gmail.com.

Re: Django 4.1 alpha 1 released

[אורי]

Hi,

Django 4.0 had this code:

errors = {}
if exclude is None:
exclude = []
else:
exclude = list(exclude)

try:
self.clean_fields(exclude=exclude)
except ValidationError as e:
errors = e.update_error_dict(errors)

In Django 4.1 alpha it looks like this:

errors = {}
if exclude is None:
exclude = set()
else:
exclude = set(exclude)

try:
self.clean_fields(exclude=exclude)
except ValidationError as e:
errors = e.update_error_dict(errors)

My model tests fail:
==
ERROR: test_username_too_long_exception_4
(speedy.core.accounts.tests.test_models.ReservedUsernameHebrewTestCase)
--
Traceback (most recent call last):
  File
"D:\Uri\Speedy_Net\Git\speedy-net-public\speedy\core\accounts\tests\test_models.py",
line 395, in test_username_too_long_exception_4
reserved_username.save()
  File
"D:\Uri\Speedy_Net\Git\speedy-net-public\speedy\core\base\models.py", line
21, in save
return super().save(*args, **kwargs)
  File
"D:\Uri\Speedy_Net\Git\speedy-net-public\speedy\core\base\models.py", line
12, in save
self.full_clean()
  File
"D:\Uri\Speedy_Net\Git\speedy-net-public\.venv_3.9\lib\site-packages\django\db\models\base.py",
line 1464, in full_clean
self.clean_fields(exclude=exclude)
  File
"D:\Uri\Speedy_Net\Git\speedy-net-public\speedy\core\accounts\models.py",
line 182, in clean_fields
exclude += ['username', 'slug']
TypeError: unsupported operand type(s) for +=: 'set' and 'list'

--

Is `exclude` a set now (instead of a list) and where is it documented? If
it's not documented, please document it. I didn't find it documented on
https://docs.djangoproject.com/en/dev/releases/4.1/.

What is the best written code to change the line `exclude += ['username',
'slug']` in my code? Is it `exclude |= set(['username', 'slug'])` or
`exclude |= {'username', 'slug'}`? Or should I convert to list and then
back to set?

What is the reason `exclude` was changed to a set?

Thanks,
Uri.

אורי
u...@speedy.net


On Wed, May 18, 2022 at 9:09 AM Carlton Gibson 
wrote:

> Details are available on the Django project weblog:
>
>
> https://www.djangoproject.com/weblog/2022/may/18/django-41-alpha-1-released/
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAJwKpyQmCB6q__p167GcmaH8dBT%3D-jSbtr2LLb_E63E9QRQUXQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAJwKpyQmCB6q__p167GcmaH8dBT%3D-jSbtr2LLb_E63E9QRQUXQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFuepUy_Mr6fqvPU6GX-0su-8SXpW8W2P4%3DjfWbxwTgPQ%40mail.gmail.com.

Re: Django security releases issued: 4.0.4, 3.2.13, and 2.2.28

[אורי]

Hi,

Even if you decide to use only LTS releases, it's about time you upgrade to
3.2. There may be possibly another security patch of Django 2.2 released
before the end of the month (April 30), but from my experience even
security patches are applied not more than once a month, and therefore it's
not expected to release another security patch this month (April). You can
still use Django 2.2 at least until April 30, or even later, but if you
want to use a supported version then it's time to upgrade. The next time a
security patch is released, and it's not released to 2.2, then it will
definitely be the time to upgrade to at least Django 3.2.

Uri Rodberg, Speedy Net.
אורי
u...@speedy.net


On Mon, Apr 11, 2022 at 12:09 PM Wim Feijen  wrote:

> Hi,
>
> Thanks for the release!
>
> This has not directly to do with the security release, but I have a
> question about this remark: "Django 2.2 has reached the end of extended
> support. The final security release (2.2.28) was issued today. "
>
> As I understood it, Django 2.2 will be supported until the end of April,
> meaning the 30th of April will be the last day of support. Because the
> Django release cycle is once every eight months, and years are divided into
> four parts, so the support windows runs up to 1 May. Am I correct in this?
> Our internal update policies are based on this assumption, so it matters a
> lot to us.
>
> Thanks for your clarification,
>
> Wim
>
> Op maandag 11 april 2022 om 09:57:16 UTC+2 schreef Mariusz Felisiak:
>
>> Details are available on the Django project weblog:
>>
>> https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/1e932359-0072-4ba0-96ae-a76bbbc25245n%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/1e932359-0072-4ba0-96ae-a76bbbc25245n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGZhYkfKpsbxX8yMo6MhrHFsrNEqJc3FO3TZONPS%3DxO1A%40mail.gmail.com.

Re: Revisiting MSSQL and Azure SQL Support in Django

[אורי]

Hi All,

After reading your comments, I think Django should keep supporting only
open source databases, as well as other staff (operating systems, packages)
and drop support for the closed source databases, operating systems etc. It
seems to me that some of you think supporting Oracle was a mistake. I also
think that it's better for an open source package (Django) to support other
open source software and operating systems, and keep the closed source
support for the providers. Nobody's stopping them from providing their own
support for their closed source databases and packages, but I don't think
Django should make an effort to support them in its core.

Thanks,
Uri Rodberg, Speedy Net.
אורי
u...@speedy.net


On Thu, Mar 31, 2022 at 7:30 PM Warren Chu  wrote:

> Hi All,
>
> There is increasing interest within Microsoft to have stronger ties
> between Microsoft SQL Server and Django. As you may be aware, Microsoft and
> their connectivity teams have been managing the 3rd party backend for
> "mssql-django" for over a year now at:
> https://github.com/microsoft/mssql-django
>
> Inclusion of SQL Server as a 1st party backend is viewed as a potential
> big milestone in that regard.
>
> @adamjohnson mentioned a year ago that ideally the community would like to
> see multiple years of ongoing Microsoft support before considering merging
> as a 1st party backend.
>
> We'd love to hear thoughts and feedback around the possibility of moving
> forward with a DEP enhancement proposal, with a commitment from Microsoft
> to providing continued dedicated support for the 1st party backend through
> the Django project itself (rather than the 3rd party repo).
>
> Cheers,
> Team Microsoft
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/0c6ca059-d50e-4c84-bef6-ab0742fc4fa9n%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/0c6ca059-d50e-4c84-bef6-ab0742fc4fa9n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFvK%3DroAqxcZTq12W68RgLERn%3D6%2BcDAKcY0YzUOJ%3D_mEQ%40mail.gmail.com.

Separate between words in Django commands and methods

[אורי]

Hi,

Please check this new ticket I created today:
https://code.djangoproject.com/ticket/33387

I think Django commands should separate words by underscores, like function
names and variables names in Python, according to PEP 8.

This is also relevant to *TestCase* methods such as *setUp* and
*tearDownClass*. Although there I assume Django inherits them from Python
the language, and maybe the changes should be done also there.

By the way, I already defined a few such commands in Speedy Net since 2019:
https://github.com/speedy-net/speedy-net/tree/master/speedy/core/base/management/commands

Thanks,
Uri.
אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeE_FPpcxJaHN2VuztqywgO4DEGjairetf7p24TLqmrf2g%40mail.gmail.com.

Re: Case Sensitive Usernames

[אורי]

Hi,

As far as I know, Google, which runs mail servers for about 85% of users
worldwide (Gmail + Workspace users), email addresses and usernames are case
insensitive. So if you send me for example an email to u...@speedy.net, I
will receive it. Although according to the RFC it should have been bounced
(actually I'm not sure, maybe it's up to the domain manager (speedy.net /
gmail.com) to decide if to bounce it or not). This is a de-facto standard -
I know companies that always send me mail to my email address in uppercase,
and I think they do it to all of their customers. I don't think they have
delivery problems with customers.

אורי
u...@speedy.net


On Mon, Dec 13, 2021 at 6:39 AM Benny  wrote:

> That’s a matter of perspective - RFC 5321 documents it pretty well. While
> I agree that, speculatively, the majority of servers may normalize emails
> to lower-case, it’s not officially recognized. I’m a fan of exhaustive
> documentation, but this is a standard set by an arguably higher authority.
>
> Benny
>
> On Dec 12, 2021, at 10:15 PM, Arthur Pemberton  wrote:
>
> The current behaviour is an undocumented gotcha. It should at least be
> mentioned in the documentation. Very few major login based platforms are
> case sensitive, so it should be at least mentioned in the documentation
> that by default applications built with Django would be different in that
> regard.
>
> Arthur
>
> On Sun, 12 Dec 2021 at 23:01, Benny  wrote:
>
>> IMO this treads dangerously close to what I call a “Django Gotcha” -
>> There exist some implementations, where if you’re not paying attention,
>> it’ll come back to bite you in the keister. One example would be the test
>> runner coercing DEBUG=False in an effort for tests to more accurately
>> reflect a production environment.
>>
>> Normalization is a nightmare all on its own without having to implicitly
>> introduce it.
>>
>> Benny
>>
>> On Dec 12, 2021, at 9:40 PM, Kye Russell  wrote:
>>
>> Strong -1 on overriding user intent on capitalisation, especially for
>> email addresses as the RFC stipulates that *the local part of an email
>> address is case sensitive*, this is just rarely practiced. There are
>> much better solutions out there (CI[Text|Char]FIeld in Postgres, etc) that
>> enforce case-insensitivity purely for comparison operations which is where
>> you really want it, but without overriding user intent wrt what case the
>> user wants to use in their email or username.
>>
>> Django could maybe do with easing the process of implementation for
>> case-insensitive fields outside of Postgres. I’m not familiar enough with
>> the other RDBMSs to know how workable that is. But the answer is certainly
>> not discarding user intent.
>>
>> Kye
>> On 13 Dec 2021, 11:32 AM +0800, Arthur Pemberton ,
>> wrote:
>>
>> A setting to convert all usernames to lowercase would be good too --
>> that's my preference overall in general. However I haven't yet seen how
>> best that could/would be accomplished.
>>
>> For simpler uses case where I'm just sub-classing AbstractUser and not
>> customizing the auth backend, I've taken to
>> overriding UserManager.get_by_natural_key to allow for case-insensitive
>> logins. Though really, I probably should add a signal handler to force
>> username to lowercase.
>>
>> Arthur
>>
>> On Sunday, December 12, 2021 at 11:21:32 AM UTC-5 Uri wrote:
>>
>>> Hi Arthur,
>>>
>>> I would recommend users of Django to use only lowercase usernames. And
>>> if they insist that the username is an email address, also convert it to
>>> lowercase. Otherwise you can have 3 separate users uri, Uri, and uRI, or 3
>>> separate users with email addresses u...@example.com, u...@example.com,
>>> and u...@example.com (or even u...@example.com <http://example.com/>).
>>> Maybe it's better to add an optional setting to enforce usernames to be
>>> lowercase. And by the way also alphanumeric. You don't want "!@#" to be a
>>> username on your system (or the user's name in Chinese or Hebrew).
>>>
>>> It's interesting that this ticket is 15 years old and still not
>>> completely resolved.
>>>
>>> By the way, when people type their email address, some programs
>>> (including browsers) convert the first letter to uppercase, and I have
>>> received email addresses from people with the first letter in uppercase,
>>> although their true address is lowercase. I don't think you want this
>>> uppercase letter to appear on your databas

Re: Case Sensitive Usernames

[אורי]

Hi Arthur,

I would recommend users of Django to use only lowercase usernames. And if
they insist that the username is an email address, also convert it to
lowercase. Otherwise you can have 3 separate users uri, Uri, and uRI, or 3
separate users with email addresses u...@example.com, u...@example.com, and
u...@example.com (or even u...@example.com). Maybe it's better to add an
optional setting to enforce usernames to be lowercase. And by the way also
alphanumeric. You don't want "!@#" to be a username on your system (or the
user's name in Chinese or Hebrew).

It's interesting that this ticket is 15 years old and still not completely
resolved.

By the way, when people type their email address, some programs (including
browsers) convert the first letter to uppercase, and I have received email
addresses from people with the first letter in uppercase, although their
true address is lowercase. I don't think you want this uppercase letter to
appear on your database in the email field.

אורי
(Uri)

u...@speedy.net


On Sun, Dec 12, 2021 at 6:02 PM Arthur Pemberton  wrote:

> Especially with the ability to set USERNAME_FIELD to "email", it would be
> really useful to at least have a well documented warning that usernames are
> case-sensitive in Django.
>
> I've been using Django for years, and even I forget that fact some times.
> Until I start Googling and come across [1].
>
> Ideally, it would be great to have a setting (or model field) that would
> allow easy switching to case insensitive usernames.
>
> Arthur Pemberton
>
> 
>
> [1] https://code.djangoproject.com/ticket/2273
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/9a5e1df3-778d-4993-8c32-57870fafd8f9n%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/9a5e1df3-778d-4993-8c32-57870fafd8f9n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeHyBPNvwk-nVonZDYg%3DSeR53uAT2-GZQWpBGDyMRf1W2Q%40mail.gmail.com.

Re: DEFAULT_AUTO_FIELD

[אורי]

Thank you.


> In a future Django release the default value of DEFAULT_AUTO_FIELD
>> 
>> will be changed to BigAutoField
>> 
>> .
>>
>
When do you expect this to happen?

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeEPftdb_YRkbE1HK%2B%2BO34q%3DrvGr3wkuP6%3DR8Puuh%2B4sVA%40mail.gmail.com.

DEFAULT_AUTO_FIELD

[אורי]

Hi,

Are there any intentions to make DEFAULT_AUTO_FIELD
and django.db.models.AutoField a 64-bit integers in future versions of
Django?

If not, why not?

Thanks,
אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGT-O0XMkZjC%3Dh%3DMWcJFEBo%3D%2BzXWpuBFfUsO5vJ3ZLH7g%40mail.gmail.com.

Re: (Circa end of 2021) Localization issues with input type=date?

[אורי]

Hi,

I'm using a JS datepicker on https://en.speedy.net/ since 2017 and it
works fine. It works both in English and Hebrew (which is RTL). I never
found a need to use anything native to Django or browsers since the JS
datepicker I'm using is great. I can customize the visible date format in
each language and the names of the months. In the background it uses a
hidden input in -MM-DD format.


אורי
u...@speedy.net


On Tue, Sep 28, 2021 at 12:16 PM Carlton Gibson 
wrote:

> Hi all.
>
> There's a PR to add examples using `` for
> `forms.DateInput`.
> https://github.com/django/django/pull/14905
>
> Support for HTML5 input types was added a long time back now in #16630
> <https://code.djangoproject.com/ticket/16630>.
> Back then there were various issues with localisation when **not** using
> type=text.
> See https://code.djangoproject.com/ticket/16630#comment:11 and following
> discussion.
> The original mailing list thread is here
> <https://groups.google.com/g/django-developers/c/DENf3jq1F_w/m/LJvTMpbwoVQJ>
> .
>
> The goal is to say something succinct but accurate that covers both sides
> of "Why the default is type=text" and "What you need to consider using
> type=date".
>
> Can we solicit some input (🥁) on what issues folks hit? — specifically
> for DateInput the concern was the required date format (I think).
>
> It may well be that things have changed since 2012? (If so we might
> revisit #21470 <https://code.djangoproject.com/ticket/21470>.)
>
> Thanks.
> Carlton
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/16d05604-4068-4423-9ac4-f8f520d44a42n%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/16d05604-4068-4423-9ac4-f8f520d44a42n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeE%3Du-43CHakj-tskbVZztrfbmLti4vEn5kmp639SdF4BA%40mail.gmail.com.

Re: Developer wanted

[אורי]

Hi,

I'm also a Django developer available for freelance work.
https://www.linkedin.com/in/uri-rodberg/

Uri.
אורי
u...@speedy.net


On Mon, Sep 6, 2021 at 12:51 AM 'la...@larrylobert.com' via Django
developers (Contributions to Django itself) <
django-developers@googlegroups.com> wrote:

> I would like to connect with an experienced Django developer to continue
> with some work that was started and nearly completed and to take the
> project to new levels.  Any advice or help in finding someone is
> appreciated.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/8ee7485e-b41b-4e80-8542-f18199e9e495n%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/8ee7485e-b41b-4e80-8542-f18199e9e495n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeEUMLM_hkrWN5eNXTZ5Kr8eBe9uw0SmJrneWAZA7WKRSg%40mail.gmail.com.

Re: makemessages management command should not touch POT-Creation-Date

[אורי]

I also find it annoying that one line changes always even if there are no
changes in translations. I prefer the file not to change at all if nothing
has changed.

אורי
u...@speedy.net


On Tue, Aug 31, 2021 at 11:03 AM 'Adam Johnson' via Django developers
(Contributions to Django itself)  wrote:

> I'm in favour of the change. Leaving the file as-is when no actual data
> changed just makes sense to me.
>
> The original discussion didn't touch upon the --update flag, so maybe it
> didn't exist then, or the participants didn't know about it. Its existence
> really weakens the argument that “we shouldn't redefine the meaning of
> gettext's header fields”.
>
> On Mon, 30 Aug 2021 at 23:55, Daniyal Abbasi 
> wrote:
>
>> Hi
>>
>> I was recently working on some git hooks with the makemessages command
>> and I noticed that the "POT-Creation-Date" was always updated even if no
>> strings were added, removed or relocated.
>>
>> I created a ticket (#33056 <https://code.djangoproject.com/ticket/33056>)
>> and was redirected to #6106 <https://code.djangoproject.com/ticket/6106> 
>> which
>> is the original ticket which was closed over 11 years ago. However, I'd
>> like to bring this into discussion and hoping to open this issue once
>> again.
>>
>> If the po file exists, the makemessages command uses `msgmerge` in the
>> `write_po_file` method to get the contents of the po file. (Refer this
>> <https://github.com/django/django/blob/3219dd3388c437b4bd869b76ddd43c9cdad05090/django/core/management/commands/makemessages.py#L605-L634>).
>> However, msgmerge is not ran in the update mode using the `--update` flag
>> <https://www.gnu.org/software/gettext/manual/html_node/msgmerge-Invocation.html>
>> .
>>
>> I propose on added this flag and making other suitable modifications as
>> this causes a lot of issues with source control and git hooks. I've created
>> a sample PR <https://github.com/django/django/pull/14800> for the same.
>>
>> Looking forward to hear what everyone thinks about this!
>>
>> Thanks and regards,
>> Daniyal Abbasi
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-developers+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-developers/32440770-55aa-4feb-b164-6940ca07838fn%40googlegroups.com
>> <https://groups.google.com/d/msgid/django-developers/32440770-55aa-4feb-b164-6940ca07838fn%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAMyDDM0QLFy3hE%2BPwk6%3DLbRP2-OqjaCYounLa6fzU4Q14xSBRw%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAMyDDM0QLFy3hE%2BPwk6%3DLbRP2-OqjaCYounLa6fzU4Q14xSBRw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeHiFmigGLpgSvs_ZtxQ63k3iswe%2B07BHdECmzBNC-nk-Q%40mail.gmail.com.

Re: Removal of USE_L10N setting

[אורי]

In my project USE_L10N = True and USE_I18N = True since the
beginning (2016).
אורי
u...@speedy.net


On Fri, Aug 13, 2021 at 4:47 PM Claude Paroz  wrote:

> I don't think I've ever set USE_L10N to True, and I've been using
>> Django in production since 0.96.
>>
>
> What would be most interesting to know is whether setting USE_L10N to True
> would cause issues in your projects.
>
> Claude
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/7da3ed2b-8d31-4c9e-9423-c8eac33f93cfn%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/7da3ed2b-8d31-4c9e-9423-c8eac33f93cfn%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeEbno%2BhWnmip92qLD-KLuz9GG61aGO0cWvDBtzba-vGCA%40mail.gmail.com.

Re: queryset .all() behavior change in 3.2

[אורי]

Hi Riccardo,

It looks to me that *obj.relatedobj_set.all()* has to be evaluated before
setting *obj.pk <http://obj.pk> = None*. *for* and *list()* causes it to be
evaluated. So it's better programming to evaluate it on the lines above
setting *obj.pk <http://obj.pk> = None*. I'm not sure how it is related to
Django versions, though.

Uri.
אורי
u...@speedy.net


On Tue, Jul 13, 2021 at 5:36 PM Riccardo Magliocchetti <
riccardo.magliocche...@gmail.com> wrote:

> Hello,
>
> when porting a django application from 3.1.13 to 3.2.5 I found a behavior
> change
> I don't see documented in the release notes.
>
> The code is cloning a an object and all its related objects by settings
> the pk
> to None. Previously storing a queryset of related objects was enough to
> being
> able to iterate on that even if the original object was cloned, now we
> have to
> make it concrete by calling list() on it.
>
> Code was something like the following:
>
> def clone_object(obj):
>  related_objs = obj.relatedobj_set.all()
>  obj.pk = None
>  obj.save()
>  for related in related_objs:
>  related.pk = None
>  related.object = obj
>  related.save()
>
> And now the related_object line is as:
>
>  related_objs = list(obj.relatedobj_set.all())
>
> Is it something that should be documented in the release notes?
>
> Thanks
>
> --
> Riccardo Magliocchetti
> @rmistaken
>
> http://menodizero.it
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers  (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/2472148f-0503-65de-c3cd-8a0ad4903011%40gmail.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeHSHm8n%3D1xJ81r9R-Dq%2BEhXdbmxctaP5CAhiWxJv6-qQw%40mail.gmail.com.

Re: The certificate for code.djangoproject.com expired on 7/4/2021.

[אורי]

I think there was a downtime for about a few hours when the certificate was
not valid.
אורי
u...@speedy.net


On Sun, Jul 4, 2021 at 4:08 PM Jason Johns  wrote:

> FWIW, a user at pyslackers said they got a 503 about the same time about
> 50 minutes after Asif's initial message.  Then about two hours later (about
> an hour before Adam's reply), someone else responded that they weren't able
> to replicate.  Maybe there was a delay in applying the cert rotation?  I'm
> not able to easily see when the cert was generated.
>
> On Sunday, July 4, 2021 at 5:38:01 AM UTC-4 Adam Johnson wrote:
>
>> Hi Asif
>>
>> I'm not seeing a problem - the certificate I get expires in October.
>>
>> [image: Screenshot 2021-07-04 at 10.36.15.png]
>>
>> Thanks,
>>
>> Adam
>>
>> On Sun, 4 Jul 2021 at 06:34, Asif Saif Uddin  wrote:
>>
>>>
>>> Websites prove their identity via certificates, which are valid for a
>>> set time period. The certificate for code.djangoproject.com expired on
>>> 7/4/2021.
>>>
>>> Error code: SEC_ERROR_EXPIRED_CERTIFICATE
>>>
>>> View Certificate
>>>
>>> https://code.djangoproject.com/wiki/SummerOfCode2021
>>>
>>> Asif
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django developers (Contributions to Django itself)" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django-develop...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/django-developers/539fc003-f4de-4dae-8ace-d5103c19f44en%40googlegroups.com
>>> <https://groups.google.com/d/msgid/django-developers/539fc003-f4de-4dae-8ace-d5103c19f44en%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/722377bc-1d6f-491e-bf19-ab25871dbb2dn%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/722377bc-1d6f-491e-bf19-ab25871dbb2dn%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeH3iAmHQmCUf-bUOL%2Bwf_O6pbLmbzLuihnqaO2Jgs9mHA%40mail.gmail.com.

Re: Can't translate strings properly to Hebrew and Arabic (#31937)

[אורי]

OK, here is a draft PR: https://github.com/django/django/pull/14226
אורי
u...@speedy.net


On Tue, Apr 6, 2021 at 4:53 PM Carlton Gibson 
wrote:

> Hey Uri.
>
> Yes, I know Claude is busy at the moment (as I think is everyone this last
> year) but we’ll certainly need his input.
>
> For me, a small set of changes just showing what’s needed (in one place) —
> with any relevant links and “Do X, then Y, then Z” steps — helps to focus
> the discussion, and we can think about tests and so on.
>
> So, yes, a minimal draft PR, again as a proof-of-concept before you put
> too many hours in, would be very helpful. (Bottom-line is you’re probably
> the world expert here on this topic as it stands, so we need to catch up
> with you — any help you can give us in doing that goes a long way 😀)
>
> Kind Regards,
>
> Carlton
>
>
>
>
> On 6 Apr 2021, at 15:48, ⁨אורי⁩ <⁨u...@speedy.net⁩> wrote:
>
> Hi Carlton,
>
> Thanks for the feedback. Do you want me to create the draft PR? I would
> also like to receive feedback from Claude (cc), to see if we are in the
> right direction. Maybe it's possible to update things automatically via
> Transifex?
>
> Thanks,
> Uri.
> אורי
> u...@speedy.net
>
>
> On Tue, Apr 6, 2021 at 4:32 PM Carlton Gibson 
> wrote:
>
>> Hey Uri.
>>
>> Thanks for bumping this up — Yes, it looks like the plan is to make the
>> adjustments that you suggested on the ticket.
>>
>> I guess I’d just suggest doing a little bit as a proof-of-concept and
>> opening a Draft PR so we can have a look, and confer with Claude to approve
>> the general approach, before you put in hours updating every string. (Once
>> a PR is open, it’s always possible to collaborate too.)
>>
>> It seemed the idea was fairly clear — were there specific doubts
>> unresolved?
>>
>> Kind regards, Carlton
>>
>> On Tue, 6 Apr 2021 at 13:47, אורי  wrote:
>>
>>> Hi Adam,
>>>
>>> What will a PR require? Does it require to change all the translations
>>> in all the languages, as well as the translation keys? And how do we intend
>>> to update it with the current translations in Transifex? Do you want me to
>>> handle such a PR?
>>>
>>> Thanks,
>>> Uri.
>>> אורי
>>> u...@speedy.net
>>>
>>>
>>> On Tue, Apr 6, 2021 at 1:34 PM 'Adam Johnson' via Django developers
>>> (Contributions to Django itself) 
>>> wrote:
>>>
>>>> Hi Uri
>>>>
>>>> It depends on someone making the change. It looks like Ryan Cheley
>>>> assigned it to themselves but hasn't made a PR. Perhaps you could?
>>>>
>>>> Thanks,
>>>>
>>>> Adam
>>>>
>>>> ‪On Tue, 6 Apr 2021 at 11:17, ‫אורי‬‎  wrote:‬
>>>>
>>>>> Hi,
>>>>>
>>>>> https://code.djangoproject.com/ticket/31937
>>>>>
>>>>> Any chance this will be fixed before the next major release? (4.0).
>>>>>
>>>>> Remember it will also take time to fix the relevant translations - I
>>>>> estimate it will take ~2 months to fix them before they are released to
>>>>> production.
>>>>>
>>>>> In English too, I suggest using the "one" word instead of "1", for
>>>>> example "one week" instead of "1 week". But it's more a mistake in Hebrew
>>>>> (and Arabic), where there is a word for two weeks (שבועיים), and writing 
>>>>> "2
>>>>> weeks" (2 שבועות) is incorrect.
>>>>>
>>>>> Thanks,
>>>>> Uri.
>>>>>
>>>>>
>>>>> אורי
>>>>> u...@speedy.net
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Django developers (Contributions to Django itself)" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to django-developers+unsubscr...@googlegroups.com.
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/django-developers/CABD5YeH8ciWq-f6Myb-jnkm1pK4%2Brrd%2B6sQes2z64U8qON23vQ%40mail.gmail.com
>>>>> <https://groups.google.com/d/msgid/django-developers/CABD5YeH8ciWq-f6Myb-jnkm1pK4%2Brrd%2B6sQes2z64U8qON23vQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>> .

Re: Can't translate strings properly to Hebrew and Arabic (#31937)

[אורי]

Hi Carlton,

Thanks for the feedback. Do you want me to create the draft PR? I would
also like to receive feedback from Claude (cc), to see if we are in the
right direction. Maybe it's possible to update things automatically via
Transifex?

Thanks,
Uri.
אורי
u...@speedy.net


On Tue, Apr 6, 2021 at 4:32 PM Carlton Gibson 
wrote:

> Hey Uri.
>
> Thanks for bumping this up — Yes, it looks like the plan is to make the
> adjustments that you suggested on the ticket.
>
> I guess I’d just suggest doing a little bit as a proof-of-concept and
> opening a Draft PR so we can have a look, and confer with Claude to approve
> the general approach, before you put in hours updating every string. (Once
> a PR is open, it’s always possible to collaborate too.)
>
> It seemed the idea was fairly clear — were there specific doubts
> unresolved?
>
> Kind regards, Carlton
>
> On Tue, 6 Apr 2021 at 13:47, אורי  wrote:
>
>> Hi Adam,
>>
>> What will a PR require? Does it require to change all the translations in
>> all the languages, as well as the translation keys? And how do we intend to
>> update it with the current translations in Transifex? Do you want me to
>> handle such a PR?
>>
>> Thanks,
>> Uri.
>> אורי
>> u...@speedy.net
>>
>>
>> On Tue, Apr 6, 2021 at 1:34 PM 'Adam Johnson' via Django developers
>> (Contributions to Django itself) 
>> wrote:
>>
>>> Hi Uri
>>>
>>> It depends on someone making the change. It looks like Ryan Cheley
>>> assigned it to themselves but hasn't made a PR. Perhaps you could?
>>>
>>> Thanks,
>>>
>>> Adam
>>>
>>> ‪On Tue, 6 Apr 2021 at 11:17, ‫אורי‬‎  wrote:‬
>>>
>>>> Hi,
>>>>
>>>> https://code.djangoproject.com/ticket/31937
>>>>
>>>> Any chance this will be fixed before the next major release? (4.0).
>>>>
>>>> Remember it will also take time to fix the relevant translations - I
>>>> estimate it will take ~2 months to fix them before they are released to
>>>> production.
>>>>
>>>> In English too, I suggest using the "one" word instead of "1", for
>>>> example "one week" instead of "1 week". But it's more a mistake in Hebrew
>>>> (and Arabic), where there is a word for two weeks (שבועיים), and writing "2
>>>> weeks" (2 שבועות) is incorrect.
>>>>
>>>> Thanks,
>>>> Uri.
>>>>
>>>>
>>>> אורי
>>>> u...@speedy.net
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Django developers (Contributions to Django itself)" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to django-developers+unsubscr...@googlegroups.com.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/django-developers/CABD5YeH8ciWq-f6Myb-jnkm1pK4%2Brrd%2B6sQes2z64U8qON23vQ%40mail.gmail.com
>>>> <https://groups.google.com/d/msgid/django-developers/CABD5YeH8ciWq-f6Myb-jnkm1pK4%2Brrd%2B6sQes2z64U8qON23vQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>
>>>
>>> --
>>> Adam
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django developers (Contributions to Django itself)" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django-developers+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/django-developers/CAMyDDM2%3Di0HHqMEuoiJTZB_fkJeta61pE6yT0OqgfE9x4TYZpA%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/django-developers/CAMyDDM2%3Di0HHqMEuoiJTZB_fkJeta61pE6yT0OqgfE9x4TYZpA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-developers+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-developers/CABD5YeGA%3D9EATOwvop50FovOVfmKG1SZeV5nc3O_xGPO73wS5A%40mail.gmail.com
>> <https://groups

Re: Adding ability to choose AutoField type (signed vs unsigned)

[אורי]

Hi,

I think any primary key field which is an integer should be 64 bits
unsigned. 32 bits integers belong to the history, and there is no need for
negative primary keys. It's like when they defined IPv4, they defined it
with 32 bits and now we are stuck forever with 32 bits IP addresses. You
can never know when a model will require more than 2**31 records and I
don't see any use in using 32 bits in 2021.

By the way, if we use 64 bits - it doesn't matter that much if the integer
is signed or unsigned - I don't think we need the 64th bit anyway.

Uri.
אורי
u...@speedy.net


On Tue, Apr 6, 2021 at 3:12 PM Caio Ariede  wrote:

> Hello folks,
>
> Now that we’ve completed these:
>
> https://code.djangoproject.com/ticket/31007
> https://code.djangoproject.com/ticket/30987
>
> I’m wondering if https://code.djangoproject.com/ticket/56 is still
> something we want to solve.
>
> I feel like the workaround would be to explicitly define ``id =
> models.PositiveBigIntegerField(primary_key=True)``
>
> In the other hand, we could also add ``PositiveBigAutoField`` to make
> things easier now that we have the ability to define the
> ``default_auto_field`` per app.
>
> Thoughts?
>
> — Caio
> On 12 Apr 2020 15:01 -0300, Jure Erznožnik ,
> wrote:
>
> I would like to try again:
> I believe having a general setting for autofields could cause all
> sorts of issues. As illustrated, I immediately thought that some
> people might want to use that for migrating to UUID fields for that (I
> read about using them somewhere about when I started using Django 5
> years ago). The point is that an option like that immediately sparks
> imagination.
>
> However, the problem being attempted at here is only migrating from
> signed to unsigned integer. A very minor change most deployments would
> not even be affected by.
>
> That one could be handled less aggressively by:
>
> OTOH, JUST FOR the unsigned vs signed integer PK, it should be relatively
> easy to modify makemigrations code detect existing migrations for the
> model, detect that the only difference is IntegerField vs
> PositiveIntegerField and in this case skip generating the migration (for
> migrating the field to an unsigned one). There could also be a flag to the
> management command specifying to force generating said migrations.
>
>
> I believe this would be unintrusive enough allowing everyone to
> migrate their models at will. Since most of users won't even notice
> the difference, a solution like this could be preferable even if it
> introduces one additional special case in the code.
> OTOH, the proposed setting DOES provide more flexibility (to introduce
> more varied options for the PK field), but a necessity for a
> biginteger or guid or anything else, for that matter, is already
> catered for in the API - by specifying the super-special pk manually
> for the affected table.
>
> I sure hope I'm not just derailing the discussion with my uninformed
> ideas, but perhaps the minor change could be handled in a simpler
> manner like proposed above.
>
> LP,
> Jure
>
> On Sat, Apr 11, 2020 at 12:21 AM Caio Ariede 
> wrote:
>
>
> I believe that it is already possible to trigger new migrations in a
> third-party app by changing its AppConfig.label, for example. Please
> correct me if I’m wrong.
>
> From that perspective, it think it wouldn’t be wrong if a migration is
> created after someone changes its AppConfig’s default_auto_field. The extra
> migrations could be handled manually using MIGRATION_MODULES.
>
> I feel like adding such option to AppConfig would give a pretty good
> flexibility, but I’m not sure it dismisses the use of
> settings.DEFAULT_AUTO_FIELD. Specially if one desires to keep an old
> default behavior.
>
> --
> Caio
>
>
>
> On Apr 10, 2020, at 04:29, Nick Pope  wrote:
>
> People can also choose to set this for a third-party app by subclassing
> the AppConfig, but as you say, they'd then be forced to handle migrations
> manually - is this even avoidable? I'm not sure how this would look for
> moving to a new default though.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/3FE8A93E-1A7F-436D-87CC-3D87A6C16801%40gmail.com
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group

Re: Can't translate strings properly to Hebrew and Arabic (#31937)

[אורי]

Hi Adam,

What will a PR require? Does it require to change all the translations in
all the languages, as well as the translation keys? And how do we intend to
update it with the current translations in Transifex? Do you want me to
handle such a PR?

Thanks,
Uri.
אורי
u...@speedy.net


On Tue, Apr 6, 2021 at 1:34 PM 'Adam Johnson' via Django developers
(Contributions to Django itself)  wrote:

> Hi Uri
>
> It depends on someone making the change. It looks like Ryan Cheley
> assigned it to themselves but hasn't made a PR. Perhaps you could?
>
> Thanks,
>
> Adam
>
> ‪On Tue, 6 Apr 2021 at 11:17, ‫אורי‬‎  wrote:‬
>
>> Hi,
>>
>> https://code.djangoproject.com/ticket/31937
>>
>> Any chance this will be fixed before the next major release? (4.0).
>>
>> Remember it will also take time to fix the relevant translations - I
>> estimate it will take ~2 months to fix them before they are released to
>> production.
>>
>> In English too, I suggest using the "one" word instead of "1", for
>> example "one week" instead of "1 week". But it's more a mistake in Hebrew
>> (and Arabic), where there is a word for two weeks (שבועיים), and writing "2
>> weeks" (2 שבועות) is incorrect.
>>
>> Thanks,
>> Uri.
>>
>>
>> אורי
>> u...@speedy.net
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-developers+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-developers/CABD5YeH8ciWq-f6Myb-jnkm1pK4%2Brrd%2B6sQes2z64U8qON23vQ%40mail.gmail.com
>> <https://groups.google.com/d/msgid/django-developers/CABD5YeH8ciWq-f6Myb-jnkm1pK4%2Brrd%2B6sQes2z64U8qON23vQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>
>
> --
> Adam
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAMyDDM2%3Di0HHqMEuoiJTZB_fkJeta61pE6yT0OqgfE9x4TYZpA%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAMyDDM2%3Di0HHqMEuoiJTZB_fkJeta61pE6yT0OqgfE9x4TYZpA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGA%3D9EATOwvop50FovOVfmKG1SZeV5nc3O_xGPO73wS5A%40mail.gmail.com.

Can't translate strings properly to Hebrew and Arabic (#31937)

[אורי]

Hi,

https://code.djangoproject.com/ticket/31937

Any chance this will be fixed before the next major release? (4.0).

Remember it will also take time to fix the relevant translations - I
estimate it will take ~2 months to fix them before they are released to
production.

In English too, I suggest using the "one" word instead of "1", for example
"one week" instead of "1 week". But it's more a mistake in Hebrew (and
Arabic), where there is a word for two weeks (שבועיים), and writing "2
weeks" (2 שבועות) is incorrect.

Thanks,
Uri.


אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeH8ciWq-f6Myb-jnkm1pK4%2Brrd%2B6sQes2z64U8qON23vQ%40mail.gmail.com.

Re: Bug with order_by and reverse on a __in exclusion query

[אורי]

Did you open a ticket?

https://code.djangoproject.com/


אורי
u...@speedy.net


On Mon, Mar 29, 2021 at 11:18 PM Nathaniel Brown  wrote:

> Basically when I try to exclude all members that have cancelled standing
> from all the poems it breaks and includes all Poems no matter if the member
> was cancelled.
>
> You can remove the order_by and reverse clauses on the poems_created and
> the list shows fine, yet when I add a order_by it has no effect. And when I
> add the reverse it does as previously explained, shows all poems no matter
> if the member was cancelled.
>
> Member has lets say two fields, a User pk and a standing; a Poem has
> created by and a Title with a submitter relating to the User pk.
>
> Here is the sample code:
>
> members_cancelled =
> Member.objects.exclude(standing=settings.MEMBER_STANDING_CANCELLED).values_list('pk',
> flat=True)
> poems_created =
> Poem.objects.exclude(submitter__in=list(members_cancelled),
> hidden=True).order_by('created').reverse()
>
> Thanks in advance in you've got this far.
>
> Nate
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/c76e2a29-e036-495b-8b03-397b943217b9n%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/c76e2a29-e036-495b-8b03-397b943217b9n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeEGp6Y1vEFvUmBhHTn3SWMBoqKdBeXp%3DBgqAXbOQSfvDA%40mail.gmail.com.

Re: Deprecating django.utils.functional.cached_property() ?

[אורי]

Is there any difference in the implementation between the two
*cached_property*?
אורי
u...@speedy.net


On Thu, Feb 4, 2021 at 12:57 PM Carlton Gibson 
wrote:

> functools.cached_property is available from Python 3.8.
>
> https://docs.python.org/3.9/library/functools.html#functools.cached_property
>
> Is there any benefit to maintaining our own version, or should we
> deprecate django.utils.functional.cached_property() with Django 4.0?
>
> Thanks.
> Carlton
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/dff05f70-4204-487d-a918-d4918d9b3f0en%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/dff05f70-4204-487d-a918-d4918d9b3f0en%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGG5RbbQrk4wSkCZ7CN_8Rr6nSJO54sUOQHgs6DOP-RKg%40mail.gmail.com.

Re: final_catch_all_view

[אורי]

Hi Adam,

I think it's better not to rely on the number of "catch all" urlpatterns to
be 1. I suggest it's better to separate *AdminSite.get_urls* into 3
functions - one returning all urls like before (without the "catch all"
urlpattern), one returning a list containing only the "catch all"
urlpattern, and one calling both functions and concatenating the lists.
This way I will be able to define the first function in my own AdminSite
class, add my own urlpatterns and return the list, and Django will do
everything else for me. Instead of using *urls[:-1]* and *urls[-1]*, there
should be functions returning these lists, which I will be able to override
and add my own urlpatterns. I think this approach is better than relying on
the number of "catch all" urlpatterns to be 1.

Also, this feature will break all Django admin sites, unless the name of
the function *AdminSite.get_urls* will remain the same and this function
will not change, but the 2 other functions will be new functions and Django
will call the third function (with all urls) instead of calling
*AdminSite.get_urls*.

אורי
u...@speedy.net


On Tue, Jan 19, 2021 at 6:55 PM Adam Johnson  wrote:

> I don't see the need for any change - you can insert your custom URL's
> before the catch-all view with a subclass of AdminSite like so:
>
> class MyAdminSite(AdminSite):
> def get_urls(self):
> urls = super().get_urls()
> return urls[:-1] + [
> # custom urls
> ...
> ] + urls[-1]
>
> ‪On Tue, 19 Jan 2021 at 16:06, ‫אורי‬‎  wrote:‬
>
>> Hi,
>>
>> I installed Django 3.2 alpha and found out the change related to
>> *final_catch_all_view*. I use *AdminSite* in my websites and I added
>> some urlpatterns to the default urlpatterns. However, I want my urlpatterns
>> to be after Django core's urlpatterns and not before them, so if a Django
>> core urlpatterns matches a URL, it should be applied before my
>> own urlpatterns. I read that it's not recommended to set
>> *AdminSite.final_catch_all_view* to false, and I think it should be
>> better that the "catch all" urlpattern will be applied after all
>> urlpatterns, including those I defined in my website. Is it possible to add
>> the "catch all" urlpattern as the very last urlpattern, after the website's
>> defined urlpatterns? I think this makes more sense.
>>
>> Thanks,
>> אורי
>> u...@speedy.net
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-developers+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-developers/CABD5YeF_ezAHFSwj-X8oT%3DT3%2B%3D1x%3DsC4ZH%3D7QyPshWra9__H2A%40mail.gmail.com
>> <https://groups.google.com/d/msgid/django-developers/CABD5YeF_ezAHFSwj-X8oT%3DT3%2B%3D1x%3DsC4ZH%3D7QyPshWra9__H2A%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>
>
> --
> Adam
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAMyDDM18v4qHBem%3D8HphoJWXZJ03bwSe8r_xpRVSnd3no8W9bg%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAMyDDM18v4qHBem%3D8HphoJWXZJ03bwSe8r_xpRVSnd3no8W9bg%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeEHrLnKQ9jLu3jcx-9cnj3RzZyo9sw5oUcxJD06LGWpvw%40mail.gmail.com.

final_catch_all_view

[אורי]

Hi,

I installed Django 3.2 alpha and found out the change related to
*final_catch_all_view*. I use *AdminSite* in my websites and I added
some urlpatterns to the default urlpatterns. However, I want my urlpatterns
to be after Django core's urlpatterns and not before them, so if a Django
core urlpatterns matches a URL, it should be applied before my
own urlpatterns. I read that it's not recommended to set
*AdminSite.final_catch_all_view* to false, and I think it should be better
that the "catch all" urlpattern will be applied after all urlpatterns,
including those I defined in my website. Is it possible to add the "catch
all" urlpattern as the very last urlpattern, after the website's defined
urlpatterns? I think this makes more sense.

Thanks,
אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeF_ezAHFSwj-X8oT%3DT3%2B%3D1x%3DsC4ZH%3D7QyPshWra9__H2A%40mail.gmail.com.

Re: Technical Board Decision Needed: Admin append_slash behaviour.

[אורי]

Hi,

For security reasons, I would recommend protecting any url which starts
with /admin/ (or the website's admin url prefix) with an HTTPS password
from the web server directly (such as Nginx or Apache), so that even the
login to the admin will be protected. You may consider adding this
suggestion to Django's documentation. For example, if you enter
https://en.speedy.net/admin/accounts/user/ you will be asked for an HTTPS
authentication password. Only if you know the password, then you will be
redirected to the login page, and only after you login you will be able to
view the admin views. This increases security, as you will have to login
twice. In my opinion you can consider adding this suggestion to Django's
documentation.

Thanks,
Uri Rodberg
Speedy Net
אורי
u...@speedy.net


On Wed, Jan 6, 2021 at 11:43 AM Carlton Gibson 
wrote:

> Hi all,
>
> I need to ask for a Technical Board decision on the resolution of Ticket
> #31747.
>
> Ticket #31747: Avoid potential admin model enumeration
> https://code.djangoproject.com/ticket/31747
>
> PR #13134: Fixed #31747 -- Fixed model enumeration via admin URLs.
> https://github.com/django/django/pull/13134
>
>
> ## Summary
>
> The initial issue is that there is a difference in HTTP response code for
> admin
> URLs depending on whether a URL routes to an existing model or not:
>
>​http://127.0.0.1:8000/admin/auth/user/ -> 302 to login
>​http://127.0.0.1:8000/admin/auth/group/ -> 302 to login
>​http://127.0.0.1:8000/admin/auth/foo/ -> 404
>
> In principle an attacker could use this to leak information about the app's
> models, which could be part of a further attack.
>
> This was originally reported to the Django Security Team, who declined to
> take
> it as a security issue, but recommended adding a final catch-all view to
> the
> admin, which would redirect all unauthenticated requests to login, thus
> masking
> the private model info.
>
> Jon Dufresne picked this issue up, and submitted a PR, but in so-doing
> noticed
> that a very similar (the same?) issue occurred with APPEND_SLASH behaviour
> in
> the admin too. (Try URLs without the slash, looking for a redirect to the
> correct URL **before** being redirected to login.)
>
> The initial thought was that we might need to remove APPEND_SLASH URL
> normalisation for the admin. We were able to avoid that by restricting the
> append_slash-style URL normalisation for the admin to authenticated staff
> users. This addresses the main force of the original report (which is
> unauthenticated users remotely probing the site) but Jon noted that it
> still
> allows a staff-user to potentially discover the existence of model for
> which
> they don't have permissions in this way.
>
> In order to avoid this last threat Jon felt that we still needed to disable
> append slash URL normalisation for the admin.
>
> In contrast, I felt the threat of a staff user discovering models in this
> way
> would apply to only a tiny fraction of all installations, and that the
> utility
> of URL normalisation vastly outweighs that on balance.
>
> We have a trade-off between balancing privacy and usability here.
>
> After much discussion and thought, Jon and I came to agree (I think 🙂)
> that an
> `AdminSite.append_slash` toggle was needed to control the behaviour here.
> If
> privacy is paramount, you can set that to `False` to disable the URL
> normalisation in the admin. If you don't need to keep models secret from
> staff
> users you can have it `True` and still get the benefits of append slash
> behaviour.
>
> We felt this was something that everyone could live with. Wherever you are
> on
> the spectrum, for the simplest case, where you're just using the default
> admin
> site, you toggle the behaviour with a single line in your URL conf:
>
> from django.contrib import admin
>
> admin.site.append_slash = ...set True/False as you want here...
>
> (On the way, we also found a way of opting-out for a single ModelAdmin, but
> let's not talk about that here.)
>
> All good, except...
>
> ## Decision needed
>
> Jon and I still don't agree on the correct default value for
> `AdminSite.append_slash`.
>
> Our disagreement is a difference in weighting, which is hard to argue
> about,
> and we don't want to fall out over it either. So we'd like to ask the
> Technical
> Board to decide.
>
>
> ### Option 1 - default `True`
>
> As the PR stands:
> https://github.com/django/django/pull/13134
>
> * `AdminSite.append_slash` defaults to `True`.
> * This is consistent with the past behaviour for authenticated staff
> users.
>
>
> ### Option 2 - defaul

Re: Primary Key AutoField -> UUID Field

[אורי]

Hi Brian,

In Speedy Net we use a randomly generated string of digits, either 15
digits or 20 digits, as a primary key in all our models. We never
use auto-incrementing integers as primary keys. You can take a look at our
implementation, especially class *BaseModel* which is the base class for
all our models, and class *TimeStampedModel *(most of our models inherit
from *TimeStampedModel*):

https://github.com/speedy-net/speedy-net/blob/master/speedy/core/base/models.py

We also defined managers with querysets in which *bulk_create()* and
*delete()* are disabled.

Uri Rodberg, Speedy Net.
אורי
u...@speedy.net


On Sat, Nov 14, 2020 at 6:32 PM Brian Carter 
wrote:

> Feature Request:
>
> I like to use the UUIDField as the primary key in my models, and I think
> it would be nice to have django expose a setting in the settings.py to
> override the default primary key on models.
>
> Currently, if I don’t specify a field as the primary key, Django
> automatically uses an AutoField (auto-incrementing integer). I’d like to be
> able to automatically use a UUID field, but then still be overridden in a
> specific model if I specify a different primary key.
>
> Brian Carter
> brianrcarte...@gmail.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers  (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/EAF4690E-C862-4C68-A7DD-C2979F19BC3C%40gmail.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFqeRfd6%2BMuMdzsagvjKdNu-iEDND-omuePX9TEw9TGTw%40mail.gmail.com.

Re: Ticket update ending up in gmail spam

[אורי]

Hi,

Mail I received from djangoproject.com in 2019 had SPF pass (by best guess
record). Mail I received from djangoproject.com in 2020 had SPF neutral.
Maybe you should update the SPF records for djangoproject.com.

Uri.
אורי
u...@speedy.net


On Thu, Oct 22, 2020 at 6:21 PM Peter Inglesby 
wrote:

> Hi folks,
>
> An email with an update on ticket that I'm subscribed to has ended up in
> my gmail spam folder:
>
> [image: image.png]
>
> I'm not sure what to suggest!
>
> Peter.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAENJrP%3DkH29Yq%3D3AsMpmyYSavD884pZ%3D%2B_MCVxnn7DLv4MhnVw%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAENJrP%3DkH29Yq%3D3AsMpmyYSavD884pZ%3D%2B_MCVxnn7DLv4MhnVw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFg9-MNhpgDhE%2BBtheGLe9%3DNAL7CaUZfzTAj_00W%2BPR%3DA%40mail.gmail.com.

Re: What the purpose of having function that is not working correctly?

[אורי]

On Thu, Sep 10, 2020 at 12:17 PM Alexander Lyabah 
wrote:

>
> Also, want to say it again, English is not my first language, and some
> words may sound not polite at all. It is not my intention, I respect all
> the work you have done with Django, and very thankful for continue working
> on it.
>

+1

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFT5emMQ%2B9h%2B9U8t%2B_cHVDcLWwyL84QNEw11p75tZV66Q%40mail.gmail.com.

Re: command for stopping server

[אורי]

I think the server run by "python manage.py runserver" is just a debugging
server, it is not suitable for production. For production you run a web
server such as Nginx or Apache which you configure to execute Django.
אורי
u...@speedy.net


On Mon, Sep 7, 2020 at 4:37 PM Antonín Drdácký  wrote:

> Hello there,
>
> This question on StackOverflow is a workaround for stopping the server
>
> https://stackoverflow.com/questions/27066366/django-development-server-how-to-stop-it-when-it-run-in-background
>
> Basically I would like to run the server and stop it by a program, it is
> hard, when the default way is literally "pressing ctrl+C",
> killing the process is different on different OS'es.
> When searching the web (StackOverflow) users replies to individual answers
> were "This worked for me." or "This didn't work for me.",
> this showcases that different conditions make it hard to get to actually
> stopping the server.
>
> A unified solution would be very nice. If we want to keep "python
> manage.py runserver" together with "press ctrl+C to quit",
> then I would suggest a new command, let's call it "startserver", that
> would be non-blocking, running subprocess, or something,
> once the user is done he simply calls "stopserver" to stop it.
> "startserver" vs "runserver" might be similar for some, suggest different
> command name if you like.
>
> It is only my suggestion, I don't care if it will be more complicated as
> long as it will "just work" on all OS'es and will be clear to use.
>
> Thanks for your time and consideration
> Antonín Drdácký
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CALALaaN-e-qQ%3DBLuGb4QVAx%2BpEDxWaiRAWFoPnDGoPkNv_Of-w%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CALALaaN-e-qQ%3DBLuGb4QVAx%2BpEDxWaiRAWFoPnDGoPkNv_Of-w%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeE2howmrCruPmbALRV7UKACCjrSCJ0_%3D9rRmpFXhpKVYQ%40mail.gmail.com.

Re: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

[אורי]

On Thu, Sep 3, 2020 at 11:57 AM Tom Forbes  wrote:

> You might have a point regarding the frequency of bumping the PBKDF
> iteration setting. Is bumping it 5 times in 13 months really required? On
> the other hand you might want to consider staying on the LTS releases and
> avoid issues such as this, and the issue you’re describing is quite niche.
>
> However, I would say that based on your previous posts to this mailing
> lists around authentication that you are definitely in need of some form of
> federated login/SSO for your several web properties. That would certainly
> alleviate this issue and some of the other problems you’ve reported here.
>

Thank you for your suggestions. I was not aware that upgrading to non-LTS
releases will log out users. It's good to know now.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeE2tMF7eLAtCGEEXc0rXj_kYv0BWVcD63ffNvdOcQuVbg%40mail.gmail.com.

Re: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

[אורי]

Hi,

To conclude, I think it would be better to change the number of iterations
not every 8 months, but every 2 years (with a new LTS release).

אורי
u...@speedy.net


On Thu, Sep 3, 2020 at 10:29 AM Florian Apolloner 
wrote:

> I do not think there is anything to reopen because it works as designed.
> Password changes cause other browser sessions to be terminated because the
> session auth hash no longer matches.  You can use a custom user model and
> override `get_session_auth_hash` but the defaults won't change, sorry.
>
> On Thursday, September 3, 2020 at 4:56:13 AM UTC+2 Uri wrote:
>
>> Django developers,
>>
>> I would like to reopen #31970
>> <https://code.djangoproject.com/ticket/31970>. In short, the problem is
>> - if a user is logged in with more than one browser, and when we upgrade
>> Django to any version which *PBKDF2PasswordHasher.iterations* changes
>> (which is *any* new version), and then the user logs in again - this
>> logs them out from all other browsers. I think this is a bug.
>>
>> I found out that this can be avoided by changing *def must_update*, for
>> example if you change it to something like:
>>
>> def must_update(self, encoded):
>> # Update the stored password only if the iterations diff is at least 
>> 250,000.
>> algorithm, iterations, salt, hash = encoded.split('$', 3)
>> iterations_diff = abs(self.iterations - int(iterations))
>> return ((int(iterations) != self.iterations) and (iterations_diff >= 
>> 25))
>>
>> Or even simply:
>>
>> def must_update(self, encoded):
>> return False
>>
>>
>> אורי
>> u...@speedy.net
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/87b16804-3da2-46b7-8ff5-466cd2f38aa2n%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/87b16804-3da2-46b7-8ff5-466cd2f38aa2n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeHppQW8gc5-eg3-wN-7wSVXWumPvYVAZD5OTW9PnGtCTA%40mail.gmail.com.

Re: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

[אורי]

Hi,

On Thu, Sep 3, 2020 at 11:23 AM Shai Berger  wrote:

>
> Please be aware that this is a security issue. The passwords are
> encrypted as protection for the case that they fall into the hands of
> an attacker, but for this protection to be effective, it must stay hard
> and costly to brute-force them. The number of iterations is enlarged in
> order to keep this cost up with the improvements of available hardware.
> If you intend to keep a user's password un-updated for many years, it's
> almost as bad as keeping it in plaintext -- in 10-15 years, we'd expect
> the number of iterations in current Django to be grossly insufficient.


I don't intend to keep the settings of now for 10-15 years. But since I
launched Speedy Net in Django 1.11 in production 13 months ago, I upgraded
to 2.0, 2.1, 2.2, 3.0 and now 3.1. These are 5 major version upgrades in 13
months. I don't see a reason why the number of iterations should have
changed 5 times in 13 months. Even if I would upgrade Django every 8
months, I prefer to keep the number of iterations and change it every 2-3
years, if this logs out users. I'm not sure if I'll write a blog post, but
you can see our patch on GitHub:

https://github.com/speedy-net/speedy-net/blob/master/speedy/core/patches/session_patches.py

I wish I knew about this issue before and then I would have patched
something like this before, before causing this to change 5 times in
production.

אורי.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFp_9btTbguvBDyUxCaaYcX4VD9thsddp7hdRqVL%2BJnuw%40mail.gmail.com.

Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

[אורי]

Django developers,

I would like to reopen #31970 <https://code.djangoproject.com/ticket/31970>.
In short, the problem is - if a user is logged in with more than one
browser, and when we upgrade Django to any version which
*PBKDF2PasswordHasher.iterations* changes (which is *any* new version), and
then the user logs in again - this logs them out from all other browsers. I
think this is a bug.

I found out that this can be avoided by changing *def must_update*, for
example if you change it to something like:

def must_update(self, encoded):
# Update the stored password only if the iterations diff is at
least 250,000.
algorithm, iterations, salt, hash = encoded.split('$', 3)
iterations_diff = abs(self.iterations - int(iterations))
return ((int(iterations) != self.iterations) and (iterations_diff
>= 25))

Or even simply:

def must_update(self, encoded):
return False


אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGAGHjA-jCEEcJbMmp7i2XFUZ4w7u7Waz-YMo5gYRPQpA%40mail.gmail.com.

Using directory locale with __init__.py

[אורי]

Django developers,

I had an exception because of using a directory locale with __init__.py,
but I followed Django, which also uses a directory locale with __init__.py.
It seems that there is a module *locale *in Python that can't be used with
a local directory locale.

https://stackoverflow.com/a/49237311/1412564

https://github.com/django/django/tree/master/django/conf/locale

Do you think it's a good idea to use a directory locale with __init__.py?

This is the error message I received:

$ python tests_manage.py test
Traceback (most recent call last):
  File "tests_manage.py", line 14, in 
execute_from_command_line(sys.argv)
  File
"E:\Uri\Speedy_Net\Git\speedy-net-public\.venv\lib\site-packages\django\core\management\__init__.py",
line 401, in execute_from_command_line
utility.execute()
  File
"E:\Uri\Speedy_Net\Git\speedy-net-public\.venv\lib\site-packages\django\core\management\__init__.py",
line 334, in execute
parser = CommandParser(usage='%(prog)s subcommand [options] [args]',
add_help=False, allow_abbrev=False)
  File
"E:\Uri\Speedy_Net\Git\speedy-net-public\.venv\lib\site-packages\django\core\management\base.py",
line 50, in __init__
super().__init__(**kwargs)
  File "C:\Program Files\Python36\lib\argparse.py", line 1637, in __init__
self._positionals = add_group(_('positional arguments'))
  File "C:\Program Files\Python36\lib\gettext.py", line 612, in gettext
return dgettext(_current_domain, message)
  File "C:\Program Files\Python36\lib\gettext.py", line 575, in dgettext
codeset=_localecodesets.get(domain))
  File "C:\Program Files\Python36\lib\gettext.py", line 510, in translation
mofiles = find(domain, localedir, languages, all=True)
  File "C:\Program Files\Python36\lib\gettext.py", line 482, in find
for nelang in _expand_lang(lang):
  File "C:\Program Files\Python36\lib\gettext.py", line 206, in _expand_lang
loc = locale.normalize(loc)
AttributeError: module 'locale' has no attribute 'normalize'
(.venv)

אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeEimeugNrwFsi9mYZ0kaDRzs%2B0122dDq55G8WAnsbGK3A%40mail.gmail.com.

Re: Italic

[אורי]

Thank you.
אורי
u...@speedy.net


On Thu, Aug 27, 2020 at 9:13 AM Carlton Gibson 
wrote:

> I think it means that the ticket recently changed state, so that it no
> longer matches the query.
> (I’m not sure of the underlying mechanism there…)
>
> On 27 Aug 2020, at 08:05, ⁨אורי⁩ <⁨u...@speedy.net⁩> wrote:
>
> Hi,
>
> I queried tickets from  https://code.djangoproject.com/  and one ticket
> is in Italic. What does it mean?
>
> Thanks,
> אורי
> u...@speedy.net
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CABD5YeFhF%2Be754rJPvLwVF9d8QRKZgkGL%2BhepQ5ow%2BwOb1%2BN8g%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CABD5YeFhF%2Be754rJPvLwVF9d8QRKZgkGL%2BhepQ5ow%2BwOb1%2BN8g%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/827396DF-2818-4BA1-822A-6021C60B2F1A%40gmail.com
> <https://groups.google.com/d/msgid/django-developers/827396DF-2818-4BA1-822A-6021C60B2F1A%40gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGj1LnvgCid9TYECkAyDhtKDrnbixD745QeQ5Rhgktd%3DQ%40mail.gmail.com.

Italic

[אורי]

Hi,

I queried tickets from  https://code.djangoproject.com/  and one ticket is
in Italic. What does it mean?

Thanks,
אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFhF%2Be754rJPvLwVF9d8QRKZgkGL%2BhepQ5ow%2BwOb1%2BN8g%40mail.gmail.com.

Re: Regression in Set-Cookie which affects Django users

[אורי]

On Sun, Aug 23, 2020 at 8:19 AM Mariusz Felisiak 
wrote:

> It's not about the number of lines but about our backporting policy
> <https://docs.djangoproject.com/en/3.1/internals/release-process/>. We
> don't backport new features. Moreover Django 2.2 and 3.0 are in extended
> support. Per our backporting policy this means it doesn't qualify for a
> backport.
>

  OK, I will try to fork Django and backport it myself. Thank you.

אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeEcTa%3DPveAvw7y0aker3U5hHcSy1jJoP298Hns9h9es2Q%40mail.gmail.com.

Re: Regression in Set-Cookie which affects Django users

[אורי]

Hi,

I looked at it and I think PR #11894 should be backported to all working
versions of Django. It doesn't look like it will introduce new bugs or
regressions. All I need is these 2 lines:


if samesite.lower() not in ('lax', 'strict'):
raise ValueError('samesite must be "lax" or "strict".')
if samesite.lower() not in ('lax', 'none', 'strict'):
raise ValueError('samesite must be "lax", "none", or "strict".')

And the relevant documentation. This will allow setting cookies explicitly
to SameSite=None. Since Django 2.2 should be supported until 2022, I think
it makes sense to backport it to Django 2.2 and 3.0.

אורי
u...@speedy.net


On Sat, Aug 22, 2020 at 9:48 PM Mariusz Felisiak 
wrote:

> We decided that it's a new feature that will not be backported to Django
> 3.0, see #30862 <https://code.djangoproject.com/ticket/30862>, and
> discussion in ​PR <https://github.com/django/django/pull/11894> (with few
> simple workarounds).
>
> Best,
> Mariusz
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/8d09195c-b15a-4d1c-9f5c-277b5af2df3cn%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/8d09195c-b15a-4d1c-9f5c-277b5af2df3cn%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeECAyu49KimB9EdE%2BgrqaN208EfUWiFpdQF9Q3xRHdrgA%40mail.gmail.com.

Re: Regression in Set-Cookie which affects Django users

[אורי]

On Sat, Aug 22, 2020 at 10:07 PM Adam Johnson  wrote:

> (The workaround is in this comment:
> https://github.com/django/django/pull/11894#issuecomment-577681440 , and
> if you want, a package: https://github.com/jotes/django-cookies-samesite )
>

Thank you. I was not aware of this package and middleware.

אורי.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGTtzHQMrsB%3Dc%3DHBeymNxWFJc1En9vqj%3DF1HEtO5P0odA%40mail.gmail.com.

Re: Regression in Set-Cookie which affects Django users

[אורי]

On Sat, Aug 22, 2020 at 9:48 PM Mariusz Felisiak 
wrote:

> We decided that it's a new feature that will not be backported to Django
> 3.0, see #30862 <https://code.djangoproject.com/ticket/30862>, and
> discussion in PR <https://github.com/django/django/pull/11894> (with few
> simple workarounds).
>

These decisions were probably before the breaking changes in Chrome.
https://www.chromestatus.com/feature/5088147346030592
https://www.chromium.org/updates/same-site

אורי.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeEB9FP_GivRDx0%2BC0dCV4rELhxU%2BEOxAVkuxstb2GhXMA%40mail.gmail.com.

Re: Regression in Set-Cookie which affects Django users

[אורי]

On Sat, Aug 22, 2020 at 9:34 PM Adam Johnson  wrote:

> Hi Uri
>
> You implied it, but to make it explicit - Django 3.1 allows setting the
> value "None" (string) for samesite cookies:
> https://docs.djangoproject.com/en/dev/releases/3.1/#django-contrib-sessions
> . Essentially you're asking for a backport of this feature.
>

Yes. But this may also affect other settings such as *CSRF_COOKIE_SAMESITE*.

You can also see this answer <https://stackoverflow.com/a/63539373/1412564>
on Stack Overflow.


>
> I think a backport is probably reasonable if sites are broken. You didn't
> write in your ticket in what way SameSite=Lax breaks your sites - can you
> explain the use cases you need SameSite=None for?
>

It is explained on Stack Overflow:
https://stackoverflow.com/questions/63538073/set-cookie-is-not-working-in-chrome-and-dolphin-with-two-websites

https://stackoverflow.com/questions/59298548/set-cookie-is-not-working-in-chrome-with-two-websites


אורי.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFN5wWwNcjszTxKFCTstXB1aSE8cM0UWeMTvP%3Dvt99sjg%40mail.gmail.com.

Regression in Set-Cookie which affects Django users

[אורי]

Django developers,

I just created issue #31933 <https://code.djangoproject.com/ticket/31933>:

It seems that there is a regression in *Set-Cookie* in browsers such as
Chrome and Dolphin, which affects Django users. *SESSION_COOKIE_SAMESITE =
None* does not work any more with those browsers. This affects all versions
of Django, and especially where it's not possible to explicitly set cookies
to *SameSite=None* (Django <= 3.0).

You can read about it in the following links:

Cookies default to SameSite=Lax
<https://www.chromestatus.com/feature/5088147346030592>
Reject insecure SameSite=None cookies
<https://www.chromestatus.com/feature/5633521622188032>

You can see more information in the question
<https://stackoverflow.com/q/63538073/1412564> I just asked on Stack
Overflow.

I think it should be made possible to explicitly set cookies to
*SameSite=None*, also in settings such as *SESSION_COOKIE_SAMESITE*, and
backport it to all working versions of Django.

אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFnd0p5WmaLsePKzbeO_pR4xrZ5cE7%2BVgfhzHyjgB7uTw%40mail.gmail.com.

Re: Django default input validation accepts special caracters

[אורי]

On Tue, Aug 18, 2020 at 12:26 PM Adam Johnson  wrote:

>
> The only change we should be making is moving from separate first_name +
> last_name fields to solely a name field, since *many* people don't fit into
> that. I think there's a ticket, but there are massive backwards
> compatibility concerns.
>

This may be true - not all people have first_name & last_name or want to
use them online. But it's also convenient to be able to call a person by
their first name, and also allow them to use their full name on the
website. I checked popular websites - Facebook and Google require first
name and last name, Twitter, GitHub and Stack Overflow require only a
"name", and I heard that in some IP addresses and languages Facebook
doesn't require a last name, but I tried and I couldn't delete my last name
from Facebook. I have a formal last name, but I want to be registered only
with my first name on Facebook, which I can't. And by the way, Facebook,
Twitter and Github let me change my username, Google didn't. So I have to
use a username which doesn't reflect my real name on Google (I changed my
last name and the username reflects my former last name). The only way to
use a different username on Google is to create a new account. But also if
I change my username, my email address would change, and messages sent to
my previous email address might not reach me.

אורי.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeE6wmedgQk5c15ND8TU4xN4iOMyS2Cn6cEL2NJ4DBi12A%40mail.gmail.com.

Re: The cotent types framework unreasonably limits model name length.

[אורי]

How can a class name be more than 100 characters? Can you give an example?

A limit of 100 characters seems reasonable to me, maybe even 60 would be
enough.

אורי
u...@speedy.net


On Tue, Aug 11, 2020 at 6:06 AM Richard Campen 
wrote:

> Hello
>
> I have hit what I feel is an arbitrary limit on the length of a django
> model class name. I am using the PostgreSQL backend, which smartly
> truncates table names above a certain size (normally 63 characters) which
> means in theory a table name can be of indeterminate length, as PostgreSQL
> will truncate it appropriately. However, if the model class name is greater
> than 100 characters than an error is thrown when saving the model name to
> the `django_content_type` model as the `ContentType.model` field uses a
> CharField with a limit of 100. This arbitrarily restricts the size of the
> model name when the db backend can handle it fine.
>
> I tried to go back in time to figure out if there was any context in
> setting the `ContentType.model` field max_length at 100 chars, but it was
> made before the Django project was migrated to git.
>
> I feel it would be best to switch this field to a TextField, as even 255
> characters seems an unreasonable limit to impose when the db backend can
> support longer names, though perhaps having a smaller (but configurable)
> max_length on the TextField would still be desirable.
>
> What are peoples feelings on this?
>
> Cheers,
> Richard
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/26478a0a-5809-449f-b17d-d7223e2cfb3do%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/26478a0a-5809-449f-b17d-d7223e2cfb3do%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFdA95UhJex%2BERf1pM-groRiUjO5tyLv300wSRjcWkGSQ%40mail.gmail.com.

Re: Django 4.0 sessions

[אורי]

Hi Tom,


On Sun, Aug 9, 2020 at 4:12 PM Tom Forbes  wrote:

> As a side note Uri, it’s good practice to keep your messages concise when
> posting. The very long first paragraph in your message containing 4 or 5
> questions is hard to parse and respond to, and not all of it appears
> relevant.
>
>
I apologize for the long post and paragraph.

אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGYTqs1a_RARzCXF_Qkw-vqwu96tsgaKnAsHv%2B7SAfB8g%40mail.gmail.com.

Django 4.0 sessions

[אורי]

Django developers,

I'm using Django 3.0 with sessions on my websites, Speedy Net
<https://www.speedy.net/> and Speedy Match <https://www.speedymatch.com/>.
I understand that sessions as they are now (in Django 3.0) will be changed
and removed in Django 4.0. I would like to know how will it affect the
users of my websites? Will it log out any user who didn't visit the site
from Django 3.1 to Django 3.2, or will it also log out any user who didn't
login again to the website using Django 3.1 and 3.2? I use persistent
sessions and cookies for ~30 years, and I expect sessions to keep working
when I upgrade Django. I think I can handle logging out users who didn't
visit the site for ~16 months, but I can't handle users who visited the
site as authenticated users but didn't login again in more than ~16 months
- this will mean that when I upgrade (eventually) to Django 4.0, most of my
users will suddenly be logged out (who should be logged in). Is there a way
to overcome this? Are sessions objects created by the website other than
when users log in? This deprecation can cause me not to want to upgrade
Django to 4.0, which is a shame. I upgraded all versions of Django from 1.8
to 3.0, and I'm about to upgrade to 3.1 as well. I also had a problem when
I upgraded to Django 2.1, which affected my users, and there was a bug for
about 6 weeks on my website, because of introducing
*SESSION_COOKIE_SAMESITE* with the default 'Lax' in Django 2.1 [
https://stackoverflow.com/questions/59298548/set-cookie-is-not-working-in-chrome-with-two-websites].
Due to this bug my website didn't work properly for about 6 weeks. And I
don't want to cause more problems when I upgrade Django to 4.0. Actually I
would like the window to be wider - for example, log out users who didn't
visit the website for 2 or 3 years, and anyway convert their sessions
automatically without forcing them to login again (if they visited my
websites during this time). Will sessions be converted automatically or can
I cause them to be converted automatically to the new format and hashing
algorithm, while using Django 3.1 and 3.2, before I upgrade Django to 4.0?

By the way, both my websites are configured to log in and log out users
together - if they log in or log out from one website, they should be
automatically logged in or logged out from the other domain too.

Is it possible to change the sessions deprecation Django version so that
users will have about 2 or 3 years to convert their sessions?

Thanks,

אורי
(Uri)
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeHY_%3DBaZyi0L%2Bp0tFmrJsFZp3V9n3JfR%3D925-440RnsRA%40mail.gmail.com.

Re: Status of 3.1 release blockers.

[אורי]

Thank you.

אורי
u...@speedy.net


On Fri, Aug 7, 2020 at 8:24 AM Mariusz Felisiak 
wrote:

>
> *> After I signed up and logged in, I reverted to Django 3.0, and then one
> user was logged out (who should be logged in) and another user got the
> exception `Incorrect padding` (from
> `base64.b64decode(session_data.encode('ascii'))`). *
>
> This is a separate issue, see #31864
> <https://code.djangoproject.com/ticket/31864>.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/d220613e-e717-4518-b204-14d5c2b2ac47n%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/d220613e-e717-4518-b204-14d5c2b2ac47n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFR9g5CHJCyU8Y88e85ueNEQBLdzrGPP75ewa%2BJxG5Ykw%40mail.gmail.com.

Re: Status of 3.1 release blockers.

[אורי]

Hi,

Have you tested multiple servers with Django versions 3.0 and 3.1 with
`DEFAULT_HASHING_ALGORITHM = 'sha1'`? I created a branch with this setting,
with Django 3.1, and then I used it on our staging server. After I signed
up and logged in, I reverted to Django 3.0, and then one user was logged
out (who should be logged in) and another user got the exception `Incorrect
padding` (from `base64.b64decode(session_data.encode('ascii'))`). It looks
like the setting I created  `DEFAULT_HASHING_ALGORITHM = 'sha1'` is ignored
with Django 3.1. I know you don't support downgrading Django, but this
might also affect users who run several servers in parallel, with Django
3.0 and 3.1.

When I downgraded I rolled back 2 migrations - one I created myself
(match_accounts.0008_auto_20200804_1453) and
(auth.0012_alter_user_first_name_max_length). But rolling back these
migrations looks like it's not related to this issue.

אורי
u...@speedy.net


On Mon, Aug 3, 2020 at 11:25 AM Mariusz Felisiak 
wrote:

> Hi Markus,
>
> I don't see a clear path to do this, we cannot add a setting that
> accepts a string and immediately (in the next release) change it to a list,
> this will require a deprecation path etc. and will be really confusing to
> users. IMO we can reconsider this new feature in the next release with a
> different setting.
>
> Best,
> Mariusz
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/77dfa750-21c2-42ef-a69c-077217746098n%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/77dfa750-21c2-42ef-a69c-077217746098n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeF3p33QuL6104BLWttLenfoscdcmLZwEUBod78ORE5HdQ%40mail.gmail.com.

Re: Status of 3.1 release blockers.

[אורי]

I also think, when the old hashing algorithm is deprecated, it's better to
convert sessions to the new hashing algorithm without logging out users and
without raising errors or exceptions. Is it possible? And notice that the
Django user may change this setting only in the future, such as in Django
4.0 and even later. What will happen then?
אורי
u...@speedy.net


On Fri, Jul 31, 2020 at 11:46 PM Mariusz Felisiak <
felisiak.mari...@gmail.com> wrote:

> I've created a draft PR13262 <https://github.com/django/django/pull/13262>
> with the new setting for the default hashing algorithm.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/c3b3025f-3830-464a-8c8c-883ec606720an%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/c3b3025f-3830-464a-8c8c-883ec606720an%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFwrijwMt81ijbBw2TST-phxBSTW%2BSF7iv4SneBa2oZHg%40mail.gmail.com.

Re: Status of 3.1 release blockers.

[אורי]

Hi Mariusz,

How do you propose running several versions of Django 3.0 and 3.1 with this
PR and setting? Does it have to be defined, or is it enough using the
default setting? And when upgrading Django to 3.1, what is the default
setting if this setting is not explicitly defined? And how will it affect
sessions in case of downgrading back to 3.0? Will it be possible to
downgrade also with the default setting?

Also, maybe it's better to document the answers to these questions in the
release notes and in the definition of the new setting. And also, how to
define this setting to its default value in Django versions <= 3.0. What do
you think?

אורי
u...@speedy.net


On Fri, Jul 31, 2020 at 11:46 PM Mariusz Felisiak <
felisiak.mari...@gmail.com> wrote:

> I've created a draft PR13262 <https://github.com/django/django/pull/13262>
> with the new setting for the default hashing algorithm.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/c3b3025f-3830-464a-8c8c-883ec606720an%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/c3b3025f-3830-464a-8c8c-883ec606720an%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeG1KNTg9YGfUqxTmV82qU1Khs_E-EwfUyR-OHcaornzZA%40mail.gmail.com.

Re: Status of 3.1 release blockers.

[אורי]

Hi Carlton,

I think a possible solution can be if Django 3.0 will be patched to handle
sessions created by 3.1. This will allow both downgrading Django and
running Django on several servers with 3.0 and 3.1 in parallel. If this is
too late now to do it before releasing 3.1, maybe you can postpone this
change (of hashing algorithm, if I understand correctly) to Django 3.2. And
then of course, patch 3.0 and 3.1 to handle sessions created by 3.2.

אורי
u...@speedy.net


On Fri, Jul 31, 2020 at 2:13 PM Carlton Gibson 
wrote:

> Hi Uri.
>
> On 31 Jul 2020, at 12:11, ⁨אורי⁩ <⁨u...@speedy.net⁩> wrote:
>
> On Fri, Jul 31, 2020 at 12:28 PM Mariusz Felisiak <
> felisiak.mari...@gmail.com> wrote:
>
>> Markus reported a release blocker #31842
>> <https://code.djangoproject.com/ticket/31842>related with running an app
>> on multiple servers with different versions of Django (3.0.x or 3.1).
>>
>
> I think it might be related to an issue I reported - #31592
> <https://code.djangoproject.com/ticket/31592>. Django 3.0 can't handle
> sessions created by Django 3.1.
>
>
> Yes, it’s related. Your issue was downgrading IIRC. This is “can’t upgrade
> piecemeal” — but a solution may allow your use-case too.
>
> C.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/AEC8D4F2-E042-4A6B-9E9D-7D0584BB42B4%40gmail.com
> <https://groups.google.com/d/msgid/django-developers/AEC8D4F2-E042-4A6B-9E9D-7D0584BB42B4%40gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeEVhj2T0Yq0q%3DESvKjEHfXddiTNtgo_M%2B%2BxDvSKs5xRYw%40mail.gmail.com.

Re: Status of 3.1 release blockers.

[אורי]

On Fri, Jul 31, 2020 at 12:28 PM Mariusz Felisiak <
felisiak.mari...@gmail.com> wrote:

> Markus reported a release blocker #31842
> <https://code.djangoproject.com/ticket/31842> related with running an app
> on multiple servers with different versions of Django (3.0.x or 3.1).
>

I think it might be related to an issue I reported - #31592
<https://code.djangoproject.com/ticket/31592>. Django 3.0 can't handle
sessions created by Django 3.1.


אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGYZGjH2k48Rr%3DT1NwbYzjq%2Bs94Bw-4uZ0H%3Dmw7bK-vQQ%40mail.gmail.com.

Re: f-strings again.

[אורי]

I don't like f-strings (actually I was not aware what they are until I
googled them now). I also don't like the %-formatting and I prefer to use
{}-format (with or without a number or name) for all my formatting purposes.

In general, f-strings take variables which are not given to them
explicitly, which I think is wrong. The {}-format takes only variables
which are explicitly given to them.

Also when I use translations, I use the {}-format strings in the translated
strings.
אורי
u...@speedy.net


On Tue, Jul 21, 2020 at 9:55 AM Carlton Gibson 
wrote:

> Hi All.
>
> f-strings...
>
> There was some discussion a couple of years ago
> <https://groups.google.com/d/topic/django-developers/psUTrFUNlQE/discussion>
> about replacing all string formatting operations with f-strings.
>
> The consensus then was "No, let's not do that": %-formatting and format()
> are both great. Each has advantages
> in readability, depending on context, and there are translation and
> logging issues with f-strings.
>
> We've since not been allowing (at all) f-strings in the code. A PR comes
> in with a f-string, we remove it (or ask the author to).
>
> A few months ago this came up again
> <https://github.com/django/django/pull/12650>. We said we needed to come
> back to the mailing, because of the previous discussion,
> but the thread never started — *but* there was an amount of support for
> at least allowing f-strings. (From Claude, Jon, Nick, Paolo, Simon, ...)
>
> We have a PR again where the "Are f-strings allowed?" conversation
> <https://github.com/django/django/pull/12646#discussion_r456892548> has
> come up — so I'm posting to the list: is it time to update the policy?
>
> So let me quote Simon on #29988
> <https://code.djangoproject.com/ticket/29988#comment:8>:
>
> > I am in favor where it makes sense and has clear readability benefits. I
> don't have strong rules to provide but I've already seen this feature
> abused in the wild to compose complex formatting string which makes hard to
> differentiate placeholders from their delimiters when function calls are
> involved.
> >
> > I also share you Claude's concerns about error messages and logging
> message templates.
>
> So, paraphrasing, in favor of allowing, but it's not just true that
> f-strings are always more readable, and can't be used for strings that may
> be translated.
>
> I had the impression in ≈Feb that that kind of view would have broad
> support. 🤷‍♀️
>
> Beyond that I would like to avoid spending time updating existing uses to
> use f-strings. Sure, if we're editing, and an f-string is more reasonable,
> let's use it, but, like replacing quotes, let's not (please) spend time on
> it beyond that. (I think Jon and Nick may not agree with that from previous
> comments but...)
>
> As such I've prepared a PR suggesting a change to the Coding Style doc
> <https://github.com/django/django/pull/13214/files>, that should allow us
> to close #29988:
>
> > * String variable interpolation may use %-formatting, ``format()``, or
> >   f-strings as appropriate, with the goal of maximizing code readability.
> >   f-strings should not be used for any string that may require
> translation,
> >   including error and logging messages. Don't waste time doing unrelated
> >   refactoring of existing code to adjust the formatting method.
>
> Tweaks (as always) welcome on the PR. General discussion of the principle
> here? Shall we allow f-strings? Three formatting methods seems a lot... but
> that's what we've got, and folks are getting used to using them.
>
> Thanks for the input all!
>
> Kind Regards,
>
> Carlton
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/f7709597-7f55-4e64-9a2a-f0b62e6e1393o%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/f7709597-7f55-4e64-9a2a-f0b62e6e1393o%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeE_LCZ-oHXpXVGmX%3DimHPGs74GuF4qwrRyXGetvmSm-Og%40mail.gmail.com.

Re: Welcome email

[אורי]

Yes, I think it's a good idea. If a post doesn't belong to the group, it
should be deleted and the person who sent it should receive a message with
a link to the relevant group, such as Django users.

I also thought, why not change this group name to Django Core Developers,
and Django Users will be Django Developers or something like that with the
word "developers"?
אורי
u...@speedy.net


On Thu, Jul 9, 2020 at 5:10 PM Peter Inglesby 
wrote:

> Hi folks,
>
> Is there any moderation for posts from new users?  It can be enabled
> <https://support.google.com/groups/answer/2466386?hl=en>, and I'd be
> willing to be part of a team that filters posts from new users.
>
> All the best,
>
> Peter.
>
> On Thu, 9 Jul 2020 at 13:59, Adam Johnson  wrote:
>
>> I think that's a good improvement, not bikeshedding :)
>>
>> On Thu, 9 Jul 2020 at 13:17, Shai Berger  wrote:
>>
>>> Sorry for the bike-shedding, but I think the text should drop the
>>> "using Django" language. The people who come here with these questions
>>> clearly think of themselves as developers, not users.
>>>
>>> IMO It should go something like,
>>>
>>> Welcome to django-developers, the mailing list for discussion
>>> of the development of Django itself.
>>>
>>> This mailing list is not for support developing apps and
>>> websites with Django. For support, please follow the "Getting
>>> Help" page: https://docs.djangoproject.com/en/3.0/faq/help/ .
>>> This page will direct you to the django-users mailing list or
>>> other resources, so you can find people who are willing to
>>> support you, and to ask your question in a way that makes it
>>> easy for them to answer.
>>>
>>> Thanks,
>>>
>>> The Django Community
>>>
>>>
>>>
>>> On Wed, 8 Jul 2020 11:50:16 +0100
>>> Adam Johnson  wrote:
>>>
>>> > Okay I'm in favour. That said, there's already a banner on the groups
>>> > page:
>>> >
>>> > This group is for the discussion of the development of Django itself.
>>> > If
>>> > > you want to ask questions about using Django, please post on
>>> > > django-users.
>>> > >
>>> >
>>> > Suggested wording, adapted from my templated reply:
>>> >
>>> > Welcome to django-developers, the mailing list for discussion of the
>>> > > development of Django itself.
>>> > >
>>> > > This mailing list is not for support using Django. For support,
>>> > > please follow the "Getting Help" page:
>>> > > https://docs.djangoproject.com/en/3.0/faq/help/ . This page will
>>> > > direct you to the django-users mailing list or other resources, so
>>> > > you can find people who are willing to support you, and to ask your
>>> > > question in a way that makes it easy for them to answer.
>>> > >
>>> > > Thanks,
>>> > >
>>> > > The Django Community
>>> > >
>>> >
>>> > Who has access to add this? Someone from the DSF board, the ops team,
>>> > or the fellows?
>>> >
>>> > On Mon, 6 Jul 2020 at 00:02, Ahmad A. Hussein
>>> >  wrote:
>>> >
>>> > > +1 on this. Here's the relevant feature
>>> > > <https://support.google.com/a/users/answer/9308780?hl=en> I found.
>>> > >
>>> > >
>>> > > Ahmad
>>> > >
>>> > > On Sun, Jul 5, 2020 at 7:58 PM Adam Johnson  wrote:
>>> > >
>>> > >> I can't find a google groups feature that would allow this. Do you
>>> > >> know of one? It might otherwise require a custom bot.
>>> > >>
>>> > >> On Sun, 5 Jul 2020 at 16:14, Arvind Nedumaran
>>> > >>  wrote:
>>> > >>
>>> > >>> Oh I understand. I meant we could include the distinction in the
>>> > >>> welcome email and possibly a link to the other list.
>>> > >>>
>>> > >>> That may reduce the number of people who may be looking for help
>>> > >>> but end up here mistakenly?
>>> > >>>
>>> > >>> Get Outlook for Android <https://aka.ms/ghei36>
>>> > >>>
>>&

Re: Welcome email

[אורי]

I think because this list is called Django developers and what we call
"Django users" are also developers who use Django. But they are developers.

אורי
u...@speedy.net


On Sun, Jul 5, 2020 at 5:59 PM Arvind Nedumaran 
wrote:

> Hey everyone,
>
> I notice that people who try to find support on using Django mistakenly
> post in this list and sometime usually has to write an explanation about
> how this is the wrong place.
>
> Could we possibly as a welcome email whenever someone joins the group?
>
> Just a suggestion.
>
> Best,
> Arvind
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/BYAPR14MB29181EBF50C845052F69E5E1A3680%40BYAPR14MB2918.namprd14.prod.outlook.com
> <https://groups.google.com/d/msgid/django-developers/BYAPR14MB29181EBF50C845052F69E5E1A3680%40BYAPR14MB2918.namprd14.prod.outlook.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeH0WySFuBnzyXENnMt-5bN5hawS4HYoNUVeGFG8TLG0qw%40mail.gmail.com.

Re: The blacklist / master issue

[אורי]

I think *master* is the default branch name in any Git repository. It's not
about Django and even not GitHub. Do you want to change the default branch
name in Git?
אורי
u...@speedy.net


On Mon, Jun 15, 2020 at 7:28 PM Tom Carrick  wrote:

> This ticket was closed wontfix
> <https://code.djangoproject.com/ticket/31670#ticket> as requiring a
> discussion here.
>
> David Smith mentioned this Tox issue
> <https://github.com/tox-dev/tox/issues/1491> stating it had been closed,
> but to me it seems like it hasn't been closed (maybe there's something I
> can't see) and apparently a PR would be accepted to add aliases at the
> least (this is more recent than the comment on the Django ticket).
>
> My impetus to bring this up mostly comes from reading this ZDNet article
> <https://www.zdnet.com/article/github-to-replace-master-with-alternative-term-to-avoid-slavery-references/>
> - it seems like Google have already made moves in this direction and GitHub
> is also planning to. Usually Django is somewhere near the front for these
> types of changes.
>
> I'm leaning towards renaming the master branch and wherever else we use
> that terminology, but I'm less sure about black/whitelist, though right now
> it seems more positive than negative. Most arguments against use some kind
> of etymological argument, but I don't think debates about historical terms
> are as interesting as how they affect people in the here and now.
>
> I don't think there is an easy answer here, and I open this can of worms
> somewhat reluctantly. I do think Luke is correct that we should be
> concerned with our credibility if we wrongly change this, but I'm also
> worried about our credibility if we don't.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAHoz%3DMZrOAQ94Whn0PpDa%2BuJzGSs%3DWAWHbO0nn8rc0D94uUAcw%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAHoz%3DMZrOAQ94Whn0PpDa%2BuJzGSs%3DWAWHbO0nn8rc0D94uUAcw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeH3ixuxTqBvB6FdLzimDbB4D5uGHKEawwjvqXVHU%3DcvKg%40mail.gmail.com.

Re: Implement QuerySet.__contains__?

[אורי]

Hi,

I'm thinking, maybe instead of:

if obj in queryset:

Users should write:

if obj in list(queryset):

Which I understand is already working? Why does the first line (without
list()) should work anyway?

And if users want performance, why not write:

if queryset.filter(pk=obj.pk).exists():
אורי
u...@speedy.net


On Tue, Jun 2, 2020 at 11:57 AM Johan Schiff  wrote:

> Is there a specific reason Djangos QuerySet does not implement
> __contains__? It doesn't seem very complicated to me, but maybe I'm missing
> something.
>
> When checking if an object is in e queryset I always use code lite this:
> if queryset.filter(pk=obj.pk).exists():
>
> The pythonic way would be:
> if obj in queryset:
>
> The way I understand it this latter version will fetch all objects from
> queryset, while the first one is a much leaner db query.
>
> So, is there a reason QuerySet doesn't have a __contains__ method, or
> would it be a good addition? My guess is that a lot of people use the "obj
> in queryset" syntax, believing it does "the right thing".
>
> //Johan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/88c83b8d-658c-47cc-9162-fcfebebe9c4a%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/88c83b8d-658c-47cc-9162-fcfebebe9c4a%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeE7_ORUfJcnt6f4aB4J0j-%3DyDK_BowEt_fefcaFMGdB1g%40mail.gmail.com.

Re: timesince 'depth' parameter

[אורי]

Hi,

On Sat, May 23, 2020 at 12:39 AM Toby Such  wrote:

> Hi all!
>
> I've been a little frustrated with the timesince filter that comes with
> default Django. By default it always comes with 2 parts e.g. 4 hours and 3
> minutes ago but I would much rather have just the 4 hours. In my own
> projects I've simply created my own version of the timesince filter and 
> accompanying
> utils function that powers it that just has the code which adds the second
> part removed. However I wonder why this isn't standard as I can't think of
> a single website that displays time since as multiple parts.
>
> I'm proposing adding a 'depth' parameter to the timesince function which
> would allow the developer to set how many parts to render. At depth one it
> would be "3 weeks". 2 depth: "3 weeks 2 days" (default behaviour), 3 depth:
> "3 weeks, 2 days, 4 hours ago" etc.
>
>
Actually I think it's a good idea. I don't think I ever used this feature
with Django, but it's nice to have anyway.

Have you seen this question from 2011?
https://stackoverflow.com/questions/6481788/format-of-timesince-filter

Also, other related questions from
https://www.google.com/search?q=timesince+filter

אורי

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGU2_2Bj2F%3DPW-KZVCg-2jSr1TVi9gi%3DWD3MZgjK50syw%40mail.gmail.com.

Disabling .delete() in querysets in Django

[אורי]

Django developers,

I recently disabled .delete() in querysets in all managers in my project,
after encountering a bug in a bulk delete queryset in my tests [
https://code.djangoproject.com/ticket/31600]. Actually it was quite simple
to disable .delete() in querysets, but I had to define my own QuerySet
class:

class QuerySet(models.query.QuerySet):
def delete(self):
raise NotImplementedError("delete is not implemented.")


I also disabled bulk_create() in managers for similar reasons. And I
thought, maybe you can introduce optional settings in which if it's set,
will disable delete() and bulk_create() in managers and querysets? I think
this may be useful, since the delete() and bulk_create() methods have
problems - they don't call the model's methods and in some cases (such as
in my case) related objects from other models don't get deleted (with
delete()) and models don't get validated (with bulk_create()).

I also call each model's self.full_clean() method before saving, which may
also be a setting in Django. I don't want invalid objects to be saved to
the database.

If you think this is a good idea and want me to implement it, I can try to
submit a PR.

By the way, I checked and I found out that I can still delete objects from
our admin interface, so it probably doesn't use the delete() queryset.

Thanks,
Uri.

אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGBinT0uXyCdmw6%3DARAN5URFWk-Sh%3D1wvb8Fbfuj8c_pQ%40mail.gmail.com.

Re: Proposal: Allow stopwords in slugs generated by ModelAdmin.prepopulated_fields

[אורי]

I very much prefer a slug "to-be-or-not-to-be-that-is-the-question"
than "be-or-not-be-question" (which doesn't make sense).
אורי
u...@speedy.net


On Wed, Apr 8, 2020 at 11:35 PM Andy Chosak  wrote:

> Automatic slug generation in ModelAdmin via prepopulated_fields
> <https://docs.djangoproject.com/en/3.0/ref/contrib/admin/#django.contrib.admin.ModelAdmin.prepopulated_fields>
> uses a urlify.js
> <https://github.com/django/django/blob/b2bd08bb7a912a1504f5fb5018f5317e6b5423cd/django/contrib/admin/static/admin/js/urlify.js>
> file which, among other behaviors, removes certain stop words
> <https://github.com/django/django/blob/b2bd08bb7a912a1504f5fb5018f5317e6b5423cd/django/contrib/admin/static/admin/js/urlify.js#L168-L176>
> from the slug. For example, a string like "To be or not to be, that is the
> question" will generate a slug "be-or-not-be-question", not
> "to-be-or-not-to-be-that-is-the-question" as one might expect. I’d like to
> solicit feedback on the idea of removing this logic so that slugs can
> contain these words.
>
> For reference, the current list is: a, an, as, at, before, but, by, for,
> from, is, in, into, like, of, off, on, onto, per, since, than, the, this,
> that, to, up, via, with.
>
> Django ticket #30538 <https://code.djangoproject.com/ticket/30538>
> mentions this behavior as part of a more general comparison between
> urlify.js and Python slugify
> <https://github.com/django/django/blob/b2bd08bb7a912a1504f5fb5018f5317e6b5423cd/django/utils/text.py#L394>.
> It was closed as wontfix due to reasons of backwards compatibility. Per the 
> triaging
> guidelines
> <https://docs.djangoproject.com/en/3.0/internals/contributing/triaging-tickets/#closing-tickets>,
> I’m making this post to solicit feedback on the more specific question of
> addressing stopword removal in the JS code only -- not to try to address
> any other differences in behavior between these two methods. There’s been
> quite a bit of discussion on generating slugs for non-English languages
> (for example #2282 <https://code.djangoproject.com/ticket/2282>), and
> this post is not intended to reopen that discussion.
>
> The current list of stopwords being removed seems to have been the same since
> at least 2005
> <https://github.com/django/django/blob/dd5320d1d56ca7603747dd68871e72eee99d9e67/media/js/urlify.js>
> (the earliest code I can find including this logic). Some of these words
> feel a little unexpected, for example “before” and “since”. After 15 years
> it seems reasonable to revisit the list and consider whether it still makes
> sense.
>
> Was removal of these words introduced for SEO reasons? If so, is this
> still a recommended default behavior? In 2020, search engines like Google
> seem smart enough to interpret them properly. Here's
> <https://cseo.com/blog/google-stop-words/> an arbitrary page that
> discusses this and includes a much longer list of what might be considered
> stopwords. As another datapoint, the popular WordPress Yoast SEO plugin
> used to remove stopwords, but stopped doing so
> <https://yoast.com/yoast-seo-7-0/> a few years back.
>
> Potentially outdated SEO concerns aside, does this behavior still align
> well with the needs and desires of Django users? Is this something this
> community would be open to revisiting? Thanks for your consideration.
>
> (One minor point on language support: allowing these words would help to
> resolve at least some of the unequal treatment given to English over other
> languages, for example #12905
> <https://code.djangoproject.com/ticket/12905>. See also wagtail#4899
> <https://github.com/wagtail/wagtail/issues/4899>, from which much of this
> post has been copied, for an example of how this logic impacts a
> Django-based CMS.)
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/fb6c9596-951d-4102-91b5-b5fd9c8c6340%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/fb6c9596-951d-4102-91b5-b5fd9c8c6340%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeG3G_NCp%3DjGcGggMg1zCUMd-DPAZo2pEJgC5UaM__k4ww%40mail.gmail.com.

Reverting Django 3.1. to Django 3.0.6 raises "binascii.Error: Incorrect padding".

[אורי]

Hi,

I submitted this ticket today and it was closed:
https://code.djangoproject.com/ticket/31592

I think Django should handle downgrading versions without
raising exceptions. If objects (such as sessions) are invalid because of
downgrading, they should be deleted automatically. It may happen that a
user (website owner) downgrades Django and they would expect everything to
keep working.

And I have a question: Will authenticated users still be authenticated
after upgrading or downgrading Django to a different version? We use
persistent cookies for 30 years and I don't want to log out users if they
don't log out themselves or delete their cookies. I had a problem when
upgrading to a previous version of Django (2.1) that session cookies
stopped working in the other website I have (a different domain name), and
it persisted until I defined *SESSION_COOKIE_SAMESITE = None* in settings [
https://stackoverflow.com/a/59315164/1412564]. Until then my production
websites didn't accept logins to the other website.

Thanks,
Uri.
אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeEvwJGZrA-x8z%3D--jUeXE66%3D6SDvbH6Q0242gKz%2BktLRQ%40mail.gmail.com.

Re: Rename request.GET and POST, and lowercase COOKIES, FILES, and META

[אורי]

Hi,

I also prefer lowercase names since uppercase is usually reserved for
constants in Python. The names of the requests ("GET" / "POST") can be used
in strings to check the request method (uppercase). But there is no sense
in using uppercase names for variables.
אורי
u...@speedy.net


On Wed, May 6, 2020 at 12:26 AM Adam Johnson  wrote:

> request.GET and request.POST are misleadingly named:
>
>- GET contains the URL parameters and is therefore available whatever
>the request method. This often confuses beginners and “returners” alike.
>- POST contains form data on POST requests, but not other kinds of
>data from POST requests. It can confuse users who are posting JSON or other
>formats.
>
> Additionally both names can lead users to think e.g. "if request.GET:"
> means "if this is a GET request", which is not true.
>
> I believe the CAPITALIZED naming style was inherited from PHP's global
> variables $_GET, $_POST, $_FILES etc. (
> https://www.php.net/manual/en/reserved.variables.get.php ). It stands out
> as unpythonic, since these are instance variables and not module-level
> constants (as per PEP8 https://www.python.org/dev/peps/pep-0008/#constants
> ).
>
> I therefore propose these renames:
>
>- request.GET -> request.query_params (to match Django Rest Framework
>- see below)
>- request.POST -> request.form_data
>- request.FILES -> request.files
>- request.COOKIES -> request.cookies
>- request.META -> request.meta
>
> Since these are very core attributes and the change would cause a huge
> amount of churn, I propose not deprecating the old aliases immediately, but
> leaving them in with a documentation note that they "may be deprecated."
> Perhaps they can be like url() or ifequal which came up on the mailing list
> recently - put through the normal deprecation path after a few releases
> with such a note.
>
> Django Rest Framework already aliases GET as request.query_params in its
> request wrapper:
> https://www.django-rest-framework.org/api-guide/requests/#query_params .
> Therefore the name request.query_params should not be surprising. DRF also
> provides request.data which combines request.POST and request.FILES, and
> flexibly parses from different content types, but I'm not sure that's
> feasible to implement in Django core.
>
> For reference, other Python web frameworks have more "Pythonic" naming:
>
>- Bottle: request.url_args, request.forms, request.files,
>request.cookies, request.environ
>- Flask: request.args, request.form, request.files, request.cookies,
>request.environ
>- Starlette: request.query_params, request.form(),
>request.form()[field_name], request.cookies, scope
>
> One more note for those who might think such core attributes should be
> left alone: Django 2.2 added request.headers as a way of accessing headers
> by name. This is convenient as it avoids the need to transform the header
> to the WSGI environ name. makes the code more readable, and in the process
> reduces the potential for bugs. I believe this proposal is in the same vein.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAMyDDM3%2BUucViDezhkWrFsk6ZsKViWjOgtA5aBm9pnzozdc%2Beg%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-developers/CAMyDDM3%2BUucViDezhkWrFsk6ZsKViWjOgtA5aBm9pnzozdc%2Beg%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeEFsbneB%3DfPKpE90cNukOUAKZejfp4Yo1N712mkmNVQHQ%40mail.gmail.com.

Re: Removing url() ?

[אורי]

Thank you, Carlton.
אורי
u...@speedy.net


On Wed, May 6, 2020 at 10:06 AM Carlton Gibson 
wrote:

> Hi Uri.
>
> On 6 May 2020, at 08:32, ⁨אורי⁩ <⁨u...@speedy.net⁩> wrote:
>
> Although I'm not sure why it was deprecated and renamed to re_path().
>
>
> It was part of the effort to simplify the URL routing, as part of Django
> 2.0
>
>
> https://docs.djangoproject.com/en/3.0/releases/2.0/#simplified-url-routing-syntax
>
> Here’s the DEP that led to that:
>
>
> https://github.com/django/deps/blob/master/final/0201-simplified-routing-syntax.rst
>
> Kind Regards,
>
> Carlton
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/3E395185-94A5-4789-A319-0032B57D3F0A%40gmail.com
> <https://groups.google.com/d/msgid/django-developers/3E395185-94A5-4789-A319-0032B57D3F0A%40gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeH9Vk%2BbEOWN5wk04Jq%3DhM2_iF2P0OWLGZoE5AmA2N4zxw%40mail.gmail.com.

Re: Removing url() ?

[אורי]

Hi,

Since url() is deprecated I think it should be removed. Although I'm not
sure why it was deprecated and renamed to re_path(). It took me about 10
minutes to replace the calls to "url(regex=" with "re_path(route=" (I
usually prefer to call all functions by parameter name) and replace the
imports to django.urls (instead of django.conf.urls). I think no harm will
be done when deprecating url(). Users can either replace url() with
re_path(), or if they want they can declare they own function, like is
declared in Django:

def url(regex, view, kwargs=None, name=None):

return re_path(regex, view, kwargs, name)

And then import it, so they can keep using url() if they want to. So to
conclude, I'm not sure what's the reason why url() was deprecated and
renamed to re_path(), but since it has been done I think it should be
removed in Django 4.0.

Uri.
אורי
u...@speedy.net


On Tue, May 5, 2020 at 6:42 PM Collin Anderson  wrote:

> Hi All,
>
> Are we _sure_ we want to completely get rid of url()?
>
> Yesterday, url() was given a RemovedInDjango40Warning [PR]. The removal
> was approved as part of the new path() syntax back in 2017 [DEP 0201].
>
> Is this really worth it? It's only a *few lines of code* to keep backward
> compatibility, and it seems to me it would take *almost no work to
> maintain* that compatibility shim compared to the countless programmer
> hours needed to upgrade their code, including many unpaid programmers
> working on open source projects. I'll personally need to do a find/replace
> for url() to re_path() across my ~20 projects, and update all of the
> imports. Isn't this *useless code churn*?
>
> Yes, there's an advantage to having one and only one way to do it, so I
> agree we should encourage people to use re_path() instead of url(), but
> shouldn't we also make it *as easy as possible to upgrade django*? Is
> getting rid of url() really worth the cost?
>
> Yes, the removal is still ~3+ years away, but that's a question of _when_
> not _if_.
>
> If we want, we _could_ deprecate url() without giving it an actual removal
> date [Compatibility Discussion] and leave the compatibility shim around
> longer, if not indefinitely.
>
> Thanks,
> Collin
>
>
> [PR] https://github.com/django/django/pull/12855
>
> [DEP 0201]
> https://github.com/django/deps/blob/master/final/0201-simplified-routing-syntax.rst
>
> [Compatibility Discussion]
> https://groups.google.com/d/topic/django-developers/asqnjcYPnms/discussion
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/17899c17-2c07-4a80-baa5-e0a348d9512c%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/17899c17-2c07-4a80-baa5-e0a348d9512c%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFAZZT0q8twtchWaBEUtUQY1u%3DC8eVekCfKHxHwS%2B7gkg%40mail.gmail.com.

Re: Removing url() ?

[אורי]

My project contains about 100 calls to url() with regex. Can you explain to
me what has been changed and why, and how should I change my code to stop
using url()? And where is it documented? I checked the documentation and I
didn't find an explanation why url() was changed and what are the
differences between url() and path() and re_path()?
אורי
u...@speedy.net


On Tue, May 5, 2020 at 6:42 PM Collin Anderson  wrote:

> Hi All,
>
> Are we _sure_ we want to completely get rid of url()?
>
> Yesterday, url() was given a RemovedInDjango40Warning [PR]. The removal
> was approved as part of the new path() syntax back in 2017 [DEP 0201].
>
> Is this really worth it? It's only a *few lines of code* to keep backward
> compatibility, and it seems to me it would take *almost no work to
> maintain* that compatibility shim compared to the countless programmer
> hours needed to upgrade their code, including many unpaid programmers
> working on open source projects. I'll personally need to do a find/replace
> for url() to re_path() across my ~20 projects, and update all of the
> imports. Isn't this *useless code churn*?
>
> Yes, there's an advantage to having one and only one way to do it, so I
> agree we should encourage people to use re_path() instead of url(), but
> shouldn't we also make it *as easy as possible to upgrade django*? Is
> getting rid of url() really worth the cost?
>
> Yes, the removal is still ~3+ years away, but that's a question of _when_
> not _if_.
>
> If we want, we _could_ deprecate url() without giving it an actual removal
> date [Compatibility Discussion] and leave the compatibility shim around
> longer, if not indefinitely.
>
> Thanks,
> Collin
>
>
> [PR] https://github.com/django/django/pull/12855
>
> [DEP 0201]
> https://github.com/django/deps/blob/master/final/0201-simplified-routing-syntax.rst
>
> [Compatibility Discussion]
> https://groups.google.com/d/topic/django-developers/asqnjcYPnms/discussion
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/17899c17-2c07-4a80-baa5-e0a348d9512c%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/17899c17-2c07-4a80-baa5-e0a348d9512c%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeF59%3DRvoSGiuM_9WkXxCFosz5d3-4rgW5eSa3aEXDeuKg%40mail.gmail.com.

Re: Google Groups contingency plan

[אורי]

‪On Sun, Apr 26, 2020 at 7:34 PM ‫אורי‬‎  wrote:‬

>
> By the way, is Django a commercial entity? Why does it use the .com domain
> suffix? Python uses .org, but doesn't Django use .org too? From reading the
> website I see that the Django Software Foundation is non-profit.
>

Sorry, I meant:  Python uses .org, why doesn't Django use .org too?

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeHOzoPCrXSztBrUzTAJO6O1dVGO3Zq2wbenKL5rxhk%2BDA%40mail.gmail.com.

Re: Google Groups contingency plan

[אורי]

On Sun, Apr 26, 2020 at 7:14 PM Tom Forbes  wrote:

> Hello,
> Given the recent worldwide situation I’ve found myself thinking a lot
> about contingency plans recently. I wanted to raise a question about our
> reliance on Google Groups and if we had any contingency plans if this
> service was shut down?
>
> To put it politely, it's pretty obvious that Google Groups is in
> “maintenance mode” and there is little, if any, active development.
> Alongside this:
> 1. Google has apparently broken core functionality like advanced
> searching, and left it broken for years at a time (
> https://en.wikipedia.org/wiki/Google_Groups#Google_Groups)
> 2. Google itself has shut down down maintenance-mode services before even
> if they have an active user base (see Google Reader)
> 3. Google Groups clearly doesn’t bring any revenue to Google at all, and
> is probably a legal liability.
>
> Given this, if we have not already we should maybe consider what we would
> do if it was announced tomorrow that Google Groups was shutting down in 3
> to 6 months?
>
> Perhaps we’ve already considered this but I couldn’t find any discussions
> about this (and it’s hard to search for threads that reference “Google
> Groups” as every thread contains that string!). Some food for thought: the
> Python development mailing lists (i.e
> https://mail.python.org/archives/list/python-...@python.org/) are
> browsable through a service called HyperKitty (
> https://gitlab.com/mailman/hyperkitty), which is built with Django. We
> could potentially ask for a mailing list on the python.org mail server or
> we could host HyperKitty and MailMan ourselves?
>
>
>
I think python.org and Django are managed by different (legal) entities so
it doesn't make sense for Django mailing lists to use the domain name
python.org. Actually as far as I see it, we only need mailing lists and
don't need any web interface features we get from Google Groups. Personally
my email is powered by Google which is like Gmail and I assign labels per
mailing list, so if I want to search I can just type text and the label
name and I can see any messages since I joined the mailing lists (I never
delete messages). I think if, if Google will close Google Groups they will
give us at least a few months notice and then we can discuss it, why do we
have to worry about it now? But just in case, I think running a (free
software & open source) mailing list software on a specific server will do,
something similar to what python.org is doing but not using their domain
name (unless Django becomes parts of the python.org legal entity).

By the way, is Django a commercial entity? Why does it use the .com domain
suffix? Python uses .org, but doesn't Django use .org too? From reading the
website I see that the Django Software Foundation is non-profit.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeHLNhJXTGbaM%2BrYcoM9emvbHwhKxabQ0OoVTBPJyypt%2BA%40mail.gmail.com.

Re: Remove automatic date-naming of migrations (00XX_auto_YYYMMDD)

[אורי]

On Sat, Apr 25, 2020 at 5:48 PM Adam Johnson  wrote:

> Re: Uri:
>
>> If the file name is not like ‘auto’ name with the current date + time, it
>> looks like a migration which was written by a developer.
>>
>
> I think making a distinction between "auto generated" and "hand written"
> migrations is a bad idea. Django's makemigrations is a code generator, but
> as a developer you're still responsible for the code. The autodetector
> isn't perfect, and perhaps never can be. Even "simple" cases like adding a
> through table to a ManyToManyField are autodetected "incorrectly" ( a real
> migration needs SeparateDatabaseAndState
> https://docs.djangoproject.com/en/3.0/howto/writing-migrations/#changing-a-manytomanyfield-to-use-a-through-model
> ).
>
> I fear marking "auto generated" migrations differently would just
> encourage (more) lax use of migrations files without reading their content,
> which invites more risk for data loss and anger with Django for not being
> perfect.
>

As a developer I would like to know who generated the code. If a migration
is auto-generated, I would like to know that. I checked and auto-generated
migrations in my project have a comment such as "# Generated by Django
2.1.15 on 2020-01-21 15:31". In most cases auto-generated migrations are
good and don't need to be edited by a developer. So, I would prefer the
migration file names to be auto-generated too (‘auto’ name with the current
date + time).

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeFvWJSotjqhB_L%3Dt9i%3Dx3%3DRt%2Bh-S_gYCAgTV3C8RFMjwg%40mail.gmail.com.