On Sat, 25 Aug 2018 11:56:02 -0400 Michael Manfre <mman...@gmail.com> wrote:
> Anyone who uses it after reading the warning would likely still use > it if it were in another package. A separate package is another "Are > you sure?" step that they would likely ignore. I disagree -- a separate package means that the idea of pickling the session object into a cookie is removed from the Django documentation, making people much less likely to stumble upon it and much more likely to use safer serializations in relevant use-cases. It's not just an "Are you sure?" -- they'd have to actively look for it. +1 for footgun removal, Shai. -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/20180826000928.010da0fb.shai%40platonix.com. For more options, visit https://groups.google.com/d/optout.