On Sat, 25 Aug 2018 11:56:02 -0400
Michael Manfre <[email protected]> wrote:
> Anyone who uses it after reading the warning would likely still use
> it if it were in another package. A separate package is another "Are
> you sure?" step that they would likely ignore.
I disagree -- a separate package means that the idea of pickling the
session object into a cookie is removed from the Django documentation,
making people much less likely to stumble upon it and much more likely
to use safer serializations in relevant use-cases. It's not just an
"Are you sure?" -- they'd have to actively look for it.
+1 for footgun removal,
Shai.
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/20180826000928.010da0fb.shai%40platonix.com.
For more options, visit https://groups.google.com/d/optout.
