Merging Schema Alteration branch

2013-08-09 Thread Andrew Godwin
Hi everyone, I think it's finally time to look at merging the schema-alteration branch, which has gone slightly beyond its name and encompasses the schema alteration backends and the migration code as well. The branch is working, well tested, moderately documented and has all of the big changes t

Re: Proposal: Modifying the CSRF protection scheme

2013-08-09 Thread Luke Plant
On 03/08/13 23:57, Shai Berger wrote: > This would work exactly like it works today, except with signed cookies. That > is, the "user specific element" is the cookie. CSRF is about tricking the > user > into submitting a request designed out of the site -- an attacker can't just > set (or read

Re: Proposal: Modifying the CSRF protection scheme

2013-08-09 Thread Shai Berger
On Friday 09 August 2013 18:08:26 Luke Plant wrote: > On 03/08/13 23:57, Shai Berger wrote: > > This would work exactly like it works today, except with signed cookies. > > That is, the "user specific element" is the cookie. CSRF is about > > tricking the user into submitting a request designed out

manage.py and pyc's

2013-08-09 Thread jdetaeye
The patch in ticket #8280 finds management commands shipped in .pyc, .pyo, .zip, .egg files, etc I find it strange and un-pythonic that the current code uses a walk over the file system, rather than the proper python APIs to discover the contents of packages... Johan -- You received this mes

GZipMiddleWare documentation

2013-08-09 Thread Daniele Procida
What should the documents have to say on the subject now, in light of ? Daniele -- You received this message because you are subscribed to the Google Groups "Django developers" g

Re: Merging Schema Alteration branch

2013-08-09 Thread Russell Keith-Magee
On Fri, Aug 9, 2013 at 9:36 PM, Andrew Godwin wrote: > Hi everyone, > > I think it's finally time to look at merging the schema-alteration branch, > which has gone slightly beyond its name and encompasses the schema > alteration backends and the migration code as well. > > The branch is working,

Re: GZipMiddleWare documentation

2013-08-09 Thread Russell Keith-Magee
On Sat, Aug 10, 2013 at 5:42 AM, Daniele Procida wrote: > What should the documents have to say on the subject now, in light of < > https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/>? > > > > Historically, we haven't updated our docu

Re: GZipMiddleWare documentation

2013-08-09 Thread Donald Stufft
On Aug 9, 2013, at 11:09 PM, Russell Keith-Magee wrote: > Historically, we haven't updated our documentation to point out bugs, but in > this case, given that there are ongoing security implications, I think it > might be worthwhile to draw attention to this. I agree with documenting. > >