I Use This!
Very High Activity

News

Analyzed about 21 hours ago. based on code collected 2 days ago.
Posted about 15 years ago
I think most people have already seen the news, but EuroDjangoCon 2009 is a go! DjangoCon 2008 was such a blast that we're doing it again, this time in Europe. EuroDjangoCon 2009 will be held in Prague, Czech Republic from May 4th to May ... [More] 6th. The conference will be followed by two days of development sprints (May 7th and 8th). Robert Lofthouse is once again the organizer and conference chair; he's got an awesome set of speakers lined up. Keynoters will be Blaine Cook (Osmosoft), Joe Stump (Digg), Leah Culver (Six Apart), and (ahem) yours truly. Tickets are now on sale, and you can find out all the rest of the details over at http://euro.djangocon.org/. Hope to see you there! [Less]
Posted over 15 years ago
Shortly after last week's Django 1.0.1 release, several people noted that the packaging script used to produce the release omitted several directories from the Django source tree; mostly this affected some unit tests, but at least one of the omitted ... [More] directories affected the use of Django itself (specifically, of django.contrib.gis). So tonight we're issuing Django 1.0.2, which is built around an updated packaging script and should resolve these problems. This is a recommended upgrade for anyone using or targeting Django 1.0 or Django 1.0.1; to obtain a copy, swing by the downloads page, and don't forget to read the release notes. For the security conscious, a signed file containing the package's checksums is, as always, available. [Less]
Posted over 15 years ago
Following the previously-announced schedule, today the Django team has released Django 1.0.1. This is a bugfix-only release containing fixes and improvements to the Django 1.0 codebase, and is a recommended upgrade for anyone using or targeting ... [More] Django 1.0. For full details, check out the 1.0.1 release notes, and to grab a copy of Django 1.0.1, visit the downloads page. For the security-conscious, a file containing checksums of the 1.0.1 package, signed with the release manager's key, is available. And with Thanksgiving coming up in the US, your friendly local release manager would like to pause for a moment and express thanks, on behalf of myself and the Django development team, for all the work put in by all the members of our community to help keep the releases coming, the tickets triaged and the bugs fixed. We wouldn't be able to do it without all of you, so give yourselves a big pat on the back and see if you can't sneak an extra slice of pie come Thanksgiving dinner. We'll see you again in a few months, for either Django 1.0.2 or Django 1.1. Happy holidays! [Less]
Posted over 15 years ago
Following the previously-announced schedule, today the Django team has released Django 1.0.1 beta 1; this is a preview of the upcoming Django 1.0.1 release, which consists solely of bugfixes and other improvements to the Django 1.0 codebase. This ... [More] package also follows our policy of maintaining compatibility in the 1.0 release series. Though it's labeled a "beta", this package is considered to be of production quality; we're releasing it as a preview of Django 1.0.1, and the primary goal of this package is to give users of Django 1.0 an idea of what's been fixed in the codebase since the 1.0 release. If there's a particular issue you're interested in which doesn't seem to be resolved in Django 1.0.1 beta, please consider helping the Django team to fix it by working to develop a patch (see the contribution guidelines for details); Django 1.0.1 is currently scheduled for release on November 14, 2008, which provides a roughly two-week window for submitting patches (and please keep in mind that patches intended for inclusion in 1.0.1 should be against the 1.0.X branch and not trunk). As such, this release is mostly of interest to developers who want to help out with the Django development process; the final Django 1.0.1 release next month, however, will be a recommended upgrade for all users of Django 1.0. Also, this beta release does not contain release notes, as there are no new features, only bugfixes. When the final Django 1.0.1 release is issued next month, a list of resolved issues since 1.0 will be included in lieu of release notes. For verification purposes, a file containing the MD5 and SHA1 checksums of the 1.0.1 beta package has been placed on the djangoproject.com server. The file is PGP-signed with the Django release manager's key; this key has the ID 0x8C8B2AE1 and can be obtained from, e.g., the MIT PGP keyserver. [Less]
Posted over 15 years ago
With Django 1.0 out the door and a successful inaugural DjangoCon behind us, it's time to look ahead to the future, which includes two releases: Django 1.1, currently targeted for release in March 2009. Django 1.0.1, currently targeted for ... [More] release next month. Both of these releases, of course, will follow our policy of maintaining compatibility in the 1.0 release series. Django 1.1 timeline At the moment, we're aiming to release Django 1.1 on or around March 16, 2009, or roughly six months following the release of Django 1.0. As covered in our release process documentation, the 1.1 release cycle will consist of three phases: feature proposal, feature work and bugfixing/polishing. Since Django 1.1 is happening on a six-month schedule, that means two months for each phase of development; the relevant dates for 1.1 have already been discussed on the django-developers mailing list, but here's the quick breakdown (these dates are still rough estimates, and may change as needed): November 10, 2008: A draft feature list for 1.1 will be posted. November 15, 2008: The 1.1 feature list will be finalized, and no new feature proposals will be accepted for 1.1. January 15, 2009: All major features must be merged into Django trunk, trunk will go into the initial 1.1 feature freeze and work will shift to bugfixes. March 16, 2009: Django 1.1 will be released. As with 1.0, Django 1.1 will be preceded by several pre-release packages to help focus development effort and isolate bugs. March is still quite a ways off, of course, but keep in mind that the feature-proposal window will be closing in a couple of weeks; if there's something you'd really like to see in Django 1.1 and you haven't already started a discussion of it on the django-developers list, you'll want to do so quickly. Django 1.0.1 timeline In the much more immediate future, we're preparing to release Django 1.0.1, which will consist solely of bugfixes and similar improvements to the Django 1.0 codebase. Django 1.0.1 will be a recommended upgrade for anyone who's currently using or migrating to Django 1.0. Because 1.0.1 will only involve bugfixes, with no feature additions to propose or test, the release process for it will be somewhat abbreviated. Here are the key dates: October 31, 2008: Django 1.0.1 beta. Though it will be called a "beta" release, this will mainly serve as a preview of 1.0.1, and will be production-quality; its primary purpose will be to give folks an idea of what's been fixed since the 1.0 release and a last opportunity to submit patches for any fixes they'd like to see make into into 1.0.1 final. November 14, 2008: Django 1.0.1 will be released. From an administrative perspective, the 1.0.1 release will not involve any special categorization or milestones in the ticket tracker; with a release of this type, administrivia in Trac is far less important than simple working code, and any bug is a candidate for fixing up until the day of the release. So if there's a particular issue you'd like to see solved for 1.0.1, the best way to ensure the fix makes it into the release is to provide a working patch. As always, preferential treatment will be given to patches which match our contribution guidelines, especially to patches which include unit tests that both demonstrate the bug and demonstrate the success of the solution. Also, remember that patches for 1.0.1 should be created against the 1.0.X release branch, rather than against trunk. [Less]
Posted over 15 years ago
No, you’re not hallucinating, it’s really here. Around three years ago, Adrian, Simon, Wilson and I released some code to the world. Our plan was to hack quietly on it for a bit, release a solid 1.0 release, and then really get the ball rolling. ... [More] Well. What happened, of course, was that an amazing community sprung up literally overnight — our IRC channel had over a hundred people in it the day after release, and it’s never been that “empty” since. I really can’t stress enough how amazing our community of users and developers are. About half of the code that’s gone into Django over the past three years has been contributed by someone other than a core committer. Since our last stable release, we’ve made over 4,000 code commits, fixed more than 2,000 bugs, and edited, added, or removed around 350,000 lines of code. We’ve also added 40,000 lines of new documentation, and greatly improved what was already there. Django 1.0 represents a the largest milestone in Django’s development to date: a web framework that a group of perfectionists can truly be proud of. Without this amazing community, though, it would have never happened. You can download Django 1.0 on the Django downloads page, and read the complete release notes. For distributors and for verification purposes, a file containing the MD5 and SHA1 checksums of the 1.0 package has been placed on the djangoproject.com server. This file is PGP-signed with the Django release manager’s public key. This key has the ID 0x8C8B2AE1 and can be obtained from, e.g., the MIT PGP keyserver. [Less]
Posted over 15 years ago
In accordance with the (updated) Django 1.0 release roadmap, today we've released the first release candidate for Django 1.0. To grab a copy of the release candidate, head over to the Django downloads page, and be sure to read the release notes. ... [More] Please keep in mind, though, that this release is not meant for production use, and is intended primarily for developers who are interested in checking out the new features in 1.0 and helping to identify and resolve bugs prior to the final release. The 1.0 alpha and beta releases and release candidates will not receive long-term support and will not be updated with security fixes, since their main purpose is to serve as a stepping-stone on the path to the final Django 1.0, due to be released as soon as possible.. For distributors and for verification purposes, a file containing the MD5 and SHA1 checksums of the release candidate package has been placed on the djangoproject.com server. This file is PGP-signed with the Django release manager's public key. This key has the ID 0x8C8B2AE1 and can be obtained from, e.g., the MIT PGP keyserver. [Less]
Posted over 15 years ago
In accordance with our security policy, today the Django project is issuing a set of releases to fix a security vulnerability reported to us. This message contains a description of the vulnerability, a description of the changes made to fix it ... [More] , and pointers to the patches for each supported version of Django. Description of vulnerability The Django administration application, as a convenience for users whose sessions expire, will attempt to preserve HTTP POST data from an incoming submission while re-authenticating the user, and will -- on successful authentication -- allow the submission to continue without requiring data to be re-entered. Django developer Simon Willison has presented the Django development team with a proof-of-concept cross-site request forgery (CSRF) which exploits this behavior to perform unrequested deletion/modification of data. This exploit has been tested and verified by the Django team, and succeeds regardless of whether Django's bundled CSRF-protection module is active. Affected versions Django development trunk Django 0.96 Django 0.95 Django 0.91 Resolution As it represents a persistent vector for CSRF attacks, this behavior is being removed from Django; henceforth, attempted posts from users whose sessions have expired will be discarded and the data will need to be re-entered. This is, then, backwards-incompatible with existing behavior and may be considered a feature removal; however, the Django team feel that the security risks of this feature outweigh its minor utility. The fix for this issue was applied to the Django repository in changeset 8877, which contains the relevant changes for each affected version Based on these changes, the Django team is issuing three new releases: Django 0.96.3: http://www.djangoproject.com/download/0.91.3/tarball/ Django 0.95.4: http://www.djangoproject.com/download/0.95.4/tarball/ Django 0.91.3: http://www.djangoproject.com/download/0.96.3/tarball/ The relevant patch has been applied to Django trunk as well, and so will be included in the forthcoming Django 1.0 release candidate (to be issued later today) and the final Django 1.0 release. All users of affected Django versions are encouraged to upgrade immediately. A file containing the MD5 and SHA1 checksums of the new release packages has been placed on the djangoproject.com server. This file is PGP-signed with the Django release manager's public key. This key has the ID 0x8C8B2AE1 and can be obtained from, e.g., the MIT PGP keyserver Release manager's note If you are currently maintaining and distributing a packaged version of Django (e.g., for a Linux or other Unix distribution), or if you are a hosting company which officially supports Django as an option for customers, and you did not receive an advance notification of this issue, please contact Django's release manager (James Bennett, james at b-list dot org) as soon as possible so that you can be added to the list of known distributors who receive such notifications. [Less]
Posted over 15 years ago
In accordance with the (updated) Django 1.0 release roadmap, today we've released the second "beta" testing version of Django 1.0. To grab a copy of 1.0 beta 2, head over to the Django downloads page, and be sure to read the release notes. Please ... [More] keep in mind, though, that this release is not meant for production use, and is intended primarily for developers who are interested in checking out the new features in 1.0 and helping to identify and resolve bugs prior to the final release. The 1.0 alpha and beta releases will not receive long-term support and will not be updated with security fixes, since their main purpose is to serve as a stepping-stone on the path to the final Django 1.0, due to be released on September 2, 2008. As of this release, Django is officially in a feature freeze for 1.0; from here on out, we'll only be working on bugs and stability before the final 1.0 release. If you'd like to help out, please review our documentation for contributors and feel free to join in one of the development sprints scheduled for the run up to 1.0. [Less]
Posted over 15 years ago
Come help us celebrate the release of Django 1.0! Next week is going to be huge. We’ll be releasing Django 1.0 early in the week, and then the first DjangoCon kicks next Friday. To celebrate the release of Django 1.0, we’ll be holding a dinner ... [More] party at the Tied House in Mountain View on Saturday, September 6th at 7pm. The date and time are designed to tie in with DjangoCon, but anyone is invited — especially those who can’t attend DjangoCon. We’ve reserved the whole restaurant for Django friends and fans. Dinner starts at 7pm, and the festivities should continue until about 10:30 or so. The party’s free, though the dinner and drinks aren’t. Tied House has good food and great beer; come hungry! To make the night extra fun, we’ll be holding “lightning talks” at the party — five minute presentations on various Django-related topics. We’ll be asking speakers at the conference to present vastly twimmed-down versions of their conference talks, and we’ll be opening the floor up to anyone to present their own cool shit. Tied House is located in downtown Mountain View (map). For DjangoCon attendees, that’s about 15 minutes away from the conference venue; we’ll caravan over (and provide transportation for folks without cars) right after the day’s talks end. If you’ll be coming, please RSVP so that we can get an accurate headcount. We’re also looking for sponsors for the party, so if you’re interested please contact us. We hope to see you all there! [Less]