Markus reported a release blocker #31842 <https://code.djangoproject.com/ticket/31842> related with running an app on multiple servers with different versions of Django (3.0.x or 3.1). Signatures created on servers with Django 3.1 are not valid on Django 3.0, it's not only about signing.loads()/dumps but also about sessions etc. (see #27468 <https://code.djangoproject.com/ticket/27468>). We have several possible approaches:
- revert commits related with #27468, - change the default hashing algorithm to SHA-1, - add the new setting for the default hashing algorithm, - add the "algorithm" parameter to signing.dumps()/loads() (PR13260 <https://github.com/django/django/pull/13260>) and ignore the rest of the problem (it's probably not an option), - add the new setting "MIN_DJANGO_VERSION" and change the default hashing algorithm if it's 3.0 or less. - ... (ideas are welcome) Best, Mariusz -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/2a3d706d-6f78-406e-b7a9-3bba3ea9b7e6n%40googlegroups.com.
