On Sat, Aug 10, 2013 at 5:42 AM, Daniele Procida <[email protected]> wrote:
> What should the documents have to say on the subject now, in light of < > https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/>? > > <https://code.djangoproject.com/ticket/20887> > > Historically, we haven't updated our documentation to point out bugs, but in this case, given that there are ongoing security implications, I think it might be worthwhile to draw attention to this. I also have a nagging feeling in the back of my head that there have been questions raised about whether GZIPMiddleware should exist *at all* -- that there's some niggling detail in the WSGI spec that says that GZip compression should be applied at the web server level, not the WSGI level. Can anyone confirm if I'm hallucinating on this point? And if I'm not, perhaps we should just be deprecating GZipMiddlware? Yours, Russ Magee %-) -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. For more options, visit https://groups.google.com/groups/opt_out.
