It looks like we need to add the algorithm to the function signatures, as per the PR, but also add a (immediately deprecated) migration setting, so folks can opt-in to the new algorithm when they’re updated.
Add the new setting default to sha1. Raise a DeprecationWarning unless it’s set to sha256 (so folks can opt-in to the future.) Remove setting, and change default to sha256, when 4.0? Does that sound right? (Grrr.) -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAJwKpyTM41tJ3mO_rs4%2B9moBPmw_G-6vQmK%2Bx6JV4i0081VLRA%40mail.gmail.com.
