On Jan 4, 6:18 pm, James Bennett <ubernost...@gmail.com> wrote: > Simon, the amount of pushback this is getting, and the changes which > need to be made to start bringing it up to snuff, make me feel far too > nervous about this being ready in time to make 1.2 at all. I know > you've put in the effort to shepherd this along, but I'm starting to > think it's time to push this to the 1.3 release cycle (especially > since 1.2 alpha freeze is tomorrow, and I don't think there's any way > it'll be even alpha-ready by then).
I certainly don't think we should check this in for the alpha freeze. We do however need to consider the places in Django that are already using hmac / md5 / sha1 (contrib.formtools and middleware.csrf for example). Even if we don't add the signed cookies feature to 1.2, fixing any problems with our existing use of crypto should not be affected by the feature freeze. There's not much point in implementing this logic in several different places, so I think we should keep targeting the django.utils.signed module for 1.2. Cheers, Simon -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.