In particular, they include settings that shouldn’t be stored in a git repo such as SECRET_KEY and database passwords. You’ll find these kinds of settings in git repos all the time.
Really the default django-admin startproject shouldn’t have a single settings.py that people include in their git repos, but instead a python settings module, with a base.py, development.py, staging.py, and production.py. An __init__.py reads base.py and one of development/staging/production based on ENV variables (defaulting to development if no ENV variable). Additionally, startproject should add a .gitignore in the root directory to not include development/staging/production settings files. I get that this might not be absolutely necessary but I think these are the kinds of defaults that make practical real-world use more secure, as well as standardizing workflow for more advanced production usage. Is this something agreeable? I can put together a solution if people like this. -bobby -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/320B70FD-BDC1-445D-B72B-0CD0BA736B88%40gmail.com.
