On Sunday, June 28, 2020 at 1:23:25 AM UTC+2 timog...@gmail.com wrote:
> It seems like it could be insecure to move that to a system check as "For > performance reasons, checks are not run as part of the WSGI stack that is > used in deployment." (Also, it seems impossible to write a system check > that determines whether or not a project will consult SECRET_KEY.) > The check if it is empty can be done on access in LazySettings without any real overhead. We are even calling url validators when access MEDIA_URL/STATIC_URL (https://github.com/django/django/blob/62d85a283500e9abb0e1c9ec53c59be468f056a0/django/conf/__init__.py#L152-L158) -- so we really don't have to talk about overhead here :D I will try to remove those properties and move the checks into `__getattr__`, this should result in a (small) one time overhead. PR(s) to follow. I think a deployment system check for non-empty SECRET_KEY might also make sense. Cheers, Florian -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/688bcec8-ed3f-4c35-bdf2-ad5fe4929ca4n%40googlegroups.com.
