On Fri, Jul 18, 2014 at 8:31 PM, Santiago L <santiago.lam...@gmail.com> wrote:
> Hi, > > Some weeks ago I noticed that django-registration is not longer maintained > by > its creator: > > quoting https://bitbucket.org/ubernostrum/django-registration/wiki/Home > > django-registration > > I stepped down as maintainer of this application in September 2013. Pull > > requests, issues and comments sent to this repository will be ignored. > > > As I'm currently using this app in my project, I wonder if there is any > alternative for django-registration? Maybe someone knows about a fork. > I'm not aware of an active fork. If you're looking to step into open source contribution, this would be a good project to adopt - the code base is stable, so the management overhead should be relatively low. > Besides that, I found a related issue report (rejected because is not the > good > place to ask this question, but relevant anyway)[2] > > [2] https://code.djangoproject.com/ticket/13164 > > Because there's no single answer to the question. Authentication is a topic that is hard to get right, and there's a very limited number of "right" answers. Passwords *must* be done well, or you risk vulnerability, and what constitutes "well" requires considerable expertise. However, the requirements for registration and signup will vary between projects, and will depend on project requirements. Some projects will need a fully verified personal profile before you can continue; some only require a verified email address; some will allow an email address, but allow later verification, and some will require completely anonymous profiles that are filled in at a critical point in workflow (e.g., at checkout in an e-commerce site). There's also nothing especially technically complex about these workflows - unlike Authentication, there aren't any real land mines that could lead to vulnerabilities (beyond those that are inherent in building *any* web page). So, the Django project has made the decision to keep Authentication as a core piece of functionality, but keep registration as a third-party thing. This means that the wider community can contribute alternate approaches. It also means that the core team isn't a bottleneck on progress - django-regsistration has it's own release cycles, bug tracking processes, and so on. This arrangement has worked well for 8 years; it's only because James has stepped down and nobody has volunteered to take over that a problem now exists. Yours, Russ Magee %-) -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAJxq848i_UPVh9fhq0wTQ_0aWpAQa%3DA-fETtuMc4FK4u4HDdSw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
