Electronics & Programming

develissimo

Open Source electronics development and programming

  • You are not logged in.
  • Root
  • » Django
  • » problem marketing django to php folk [RSS Feed]

#1 Nov. 26, 2005 07:37:27

Kenneth G.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

problem marketing django to php folk


hi,
have been talking to some php folk about switching to django, but
they have raised a serious concern: Django website does not have a
page for security alerts and the django team has not released any
security patches - so they feel very uneasy about the whole thing.
Can this defect somehow be rectified?
--
regards
kghttp://www.livejournal.com/users/lawgontally ho!http://avsap.org.inಇಂಡ್ಲಿನಕ್ಸ வாழ்க!

Offline

#2 Nov. 26, 2005 07:44:32

Tom T.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

problem marketing django to php folk


On 11/26/05, Kenneth Gonsalves <> wrote:
>
> hi,
> have been talking to some php folk about switching to django, but
> they have raised a serious concern: Django website does not have a
> page for security alerts and the django team has not released any
> security patches - so they feel very uneasy about the whole thing.
> Can this defect somehow be rectified?

Err... 1.0 isn't even out yet. :-D

Offline

#3 Nov. 26, 2005 07:54:34

Ian H.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

problem marketing django to php folk


There isn't any found yet?

but seriously.. we should have a 'security' page which covers django
'best-practices' in that area.
there has been some recent discussion on the developer list about how
to accept parameters defensively.

There is also a cross site request forgery prevention compoent here:http://lukeplant.me.uk/resources/csrfmiddleware/regards
Ian.


On 11/26/05, Kenneth Gonsalves <> wrote:
>
> hi,
> have been talking to some php folk about switching to django, but
> they have raised a serious concern: Django website does not have a
> page for security alerts and the django team has not released any
> security patches - so they feel very uneasy about the whole thing.
> Can this defect somehow be rectified?
> --
> regards
> kg
>
>http://www.livejournal.com/users/lawgon> tally ho!http://avsap.org.in> ಇಂಡ್ಲಿನಕ್ಸ வாழ்க!
>


--
-- ++61-3-9877-0909
If everything seems under control, you're not going fast enough. -
Mario Andretti

Offline

#4 Nov. 26, 2005 09:57:51

G.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

problem marketing django to php folk


I created 631 (http://code.djangoproject.com/ticket/631) a few months
ago for this very reason :-)

--Simon

Offline

#5 Nov. 26, 2005 18:36:34

Adrian H.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

problem marketing django to php folk


On 11/26/05, Kenneth Gonsalves <> wrote:
> have been talking to some php folk about switching to django, but
> they have raised a serious concern: Django website does not have a
> page for security alerts and the django team has not released any
> security patches - so they feel very uneasy about the whole thing.
> Can this defect somehow be rectified?

Let me get this straight. They're worried that nobody has found
security holes in Django? I guess I don't understand the logic there:
"No security issues have been found; therefore it's insecure"?

But seriously, there haven't been any security-related fixes in Django
since July 19 (http://code.djangoproject.com/changeset/230), when
about 2 people were using it. I guess you could counthttp://code.djangoproject.com/changeset/1242, which changed the debug
page's behavior not to display the database password and secret key,
but that's hardly a huge thing.

Jacob has drafted a "Contributing to Django" page, which has a full
section on how we handle security bugs/alerts, but he hasn't posted
that to the site yet. It will have the full scoop on how we handle
security problems if they arise.

Adrian

--
Adrian Holovaty
holovaty.com | djangoproject.com | chicagocrime.org

Offline

#6 Nov. 26, 2005 22:38:05

D.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

problem marketing django to php folk


I'd be paranoid too if I used php

Offline

  • Root
  • » Django
  • » problem marketing django to php folk [RSS Feed]

Board footer

Moderator control

Enjoy the 24th of April
PoweredBy

The Forums are managed by develissimo stuff members, if you find any issues or misplaced content please help us to fix it. Thank you! Tell us via Contact Options
Leave a Message
Welcome to Develissimo Live Support