[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Request to upgrade DJango

On 04/19/2012 09:56 PM, Stephen Gallagher wrote:
On Tue, 2012-04-17 at 20:10 +0200, Matthias Runge wrote:
On 17/04/12 19:43, Adam Young wrote:
While looking into EPEL support for Openstack, we came across the issue
that EPEL ships with 1.2.7 and Openstack expects 1.3. Upon looking at
I see that one of the major differences is protection against XSRF. This
alone is sufficient reason to upgrade.

Installing an RPM from the Sourceforge site worked well with Openstack,
so it seems to fit our needs as well.

Are there any objections to upgrading EPEL's version of Django To the
Umh, my fault. I'm planning to upgrade django for epel6 to version 1.3.x 
since two weeks now; sadly, real life kept me really busy.

There have been some requests to upgrade to version 1.4 (to skip 1.3.x). 
I'm aware of at least one application, which would break, if we upgrade 
to django-1,4: reviewboard.
So, I'd do an update to django-1.3.1 in the next few days. An additional 
reason to upgrade is, that django developers only support the two latest 
versions, so 1.2.7 is not actively maintained any more.

Yes, ReviewBoard currently cannot work with Django 1.4. This is a known
issue and last I heard probably won't be fixed until ReviewBoard 1.7.0
(not yet in beta release).

However, now that your 1.3.1 packages are in updates-testing, I have
been able to package up ReviewBoard 1.6.5 which requires Django 1.3, so
thanks for that. :) There are a lot of improvements in the 1.6.x series
that I think people will like.


epel-devel-list mailing list
epel-devel-list redhat com
One caveat.   Any DJango app (Probably most Python wsgi apps, actually) is going to give an AVC Denial warning upon startup.  DJango imports Python's UUID module which in turn imports ctypes.  Ctypes does dynamic code generation, specifically by writing a file andd then trying to execute it, which, as you can imagine,  is a pretty big security hole.  Let the wsgi community know that, until we have that fixed,  we should not attempt to get rid of the AVC denial warning message, but instead should push on the Python upstread to get a fix in.  Yes, David Malcolm is aware of it.


By not allowing this action, the UUID generation code becomes inactive, but DJango continues to function normally.  For ReviewBoard,  and most apps,  this is acceptable.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]