On 09/04/17 16:16, Josh Smeaton wrote:
So I think there are a few questions to go over.
1. What are the more successful strategies that work in the wild?
(files in /etc/, PYTHONPATH, env vars, local_settings.py)
2. Are any of the above clearly superior?
3. Is this a serious problem that people are having?
4. If yes, does it need to be solved in core?
To put a word in on number 2 regarding environment variables, we should
take into account articles like:
https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/
The argument for solving in core would be if there are security issues
we can genuinely fix by putting something in core rather than allowing
custom mechanisms, and if that mechanism will really work in most cases.
We also need to consider shared hosting where /etc/ is not an option.
Luke
--
You received this message because you are subscribed to the Google Groups "Django
developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/a10c2ac8-b71c-0382-82c3-6a0c2bd0efa4%40cantab.net.
For more options, visit https://groups.google.com/d/optout.
