On Sun, Aug 5, 2012 at 12:24 AM, Steve Bergman <sbergma...@gmail.com> wrote: > I'm considering using Django for 2 projects. An LFS shop and a site > which will use Pinax. Both high profile Django apps. At this time, the > latest supported Django version for both is 1.3.3. If I understand > correctly, the 1.3 branch of Django will no longer get security > updates after 1.5 releases. The nominal release cycle for Django > appears to be 9 months. And in practice it looks more like 1 year. So > Django 1.5 should be out sometime between December and March. If I > deploy in a month, that means a forced upgrade on both framework and > apps in just 3 to 6 months from launch. And that's assuming that the > apps have versions which support Django 1.4 by that time. > Obviously, I'm missing something here, since no sane organization > would accept such a situation. (It would certainly be a deal-breaker > for us.) But I'm not sure what it is that I'm missing.
>From Django's perspective, you've correctly understood the situation. We officially support a development release, a stable release, and a security release (currently 1.5 in preparation, 1.4 and 1.3 respectively). Our releases come on a 9-12 month cycle, which means that if you were to move to the current stable release (1.4) right now, you could reasonably expect to receive security updates for the next 18 months or so (i.e., until the release of Django 1.6). The problem you've got isn't with Django, it's with the downstream tools you want to use *with* Django. I can't speak with authority for Pinax or LFS, but if they're reporting that they're only officially supporting Django 1.3, then yes; you'd be deploying onto 16 month old code right now, and you will have a problem when Django 1.5 comes out in a few months. This would be worth taking up with the Pinax and LFS development teams; Django 1.4 came out almost 4 months ago -- if the maintainers of these projects haven't made a statement about Django 1.4 support, that's slightly concerning. However, I would say that Django itself has a very strong backwards compatibility policy. I recently updated a sizeable codebase from 1.3 to 1.4, and the only problems I encountered were with the test suite -- ironically, minor changes to Django's test runner in 1.4 revealed some test failures that were being silenced by 1.3's test runner. Chances are, the issue with Pinax and LFS is entirely one of documentation -- i.e., that the projects in question simply haven't updated their documentation, not that there is a problem preventing them from moving onto future releases. I would also add that when we make a security release, we provide full disclosure of the issue, including a description of the problem and a patch for our supported versions. Often, this patch is identical between versions, so it may be possible for you to be running a very old version of Django an manually apply any security patches (effectively doing your own security release for an officially unsupported Django version). Yours, Russ Magee %-) -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
