= Version 1.0 feature list = == Features Intended for 1.0 == The following features have either been decided to go into 1.0 or are under discussion. || '''Feature''' || '''Leader'''|| '''Changes API?''' || '''Implementation status''' || '''Tickets''' || || newforms || Adrian || Yes || on the way || || || [#Serialization serialization] || Jacob || No || feature not clearly defined || #2930, #2843, #2650, #2553 || || authentication || Joseph || Yes || done || || || generic relations || Malcolm || Yes || not done || || || [#Comments comments] || Jacob || No || not started || #1829, #1853, #2134, #2177, #2228, #3091 || || [#Oracle oracle] || ? || No || almost there || || || ms sql server || ? || No || ? || || || test fixtures || Russ || No || almost there || #2333 || || [#RootViewandURLReversal root views/url reversal]|| ? || Yes || Not started || #2977 || || [#Autoescape autoescape] || Malcolm || No || almost there || #2359 || || [#ModelInheritance model inheritance] || Malcolm || Unclear || started || || || windows installers || ? || No || not started || || || [#DecimalField DecimalField] || adurdin || Yes || needs testing || #2365, #200, #2519, #3238, #3324 || == Delayed Features == Left to those who decide ;-) == Comments about Specific Features == === Serialization === #2930 has not been decided and does not include a patch. #2843 is not changes the API only in a compatible way and there is no decision in the ticket. #2650 is a bug and not an enhancement, and it does not include a patch but complete files (but bug fixes should go in 1.0 anyway, if possible). #2553 proposes to make generic views respond in formats other than html, and it does not go into details nor does it include a patch. From the description it isn't clear what it actually proposes, but it looks like a compatible change. === Comments === Jacob plans to rewrite them for newforms. This change rather belongs into the category 'newforms'. Is it really necessary to rewrite the comments in 1.0? Other than the changes in admin, the comments system rewrite shouldn't directly influence the API of newforms. -- mir === Oracle === While it doesn't change APIs, having an oracle backend is great for the 1.0 release, even if it doesn't contribute to the #1 goal. And there is great impetus behind it. === Root View and URL Reversal === The root view proposal was blocked by the problem of url reversal. A few possible solutions have been brought up that had some disadvantages, and nobody of the core team has commented on this. === Autoescape === Autoescape only changed APIs if it was on by default. But I've (Michael Radziej) followed the discussion very closely, and I'm sure that the main reaction of the community was strictly against this. autoescape is my own favorite pet, but when I apply my own criteria, it wouldn't be a candidate for 1.0. One could argue that it will deeply affect the way templates are written and that they are an important step to make django applications safe, but the consensus about it was not that strong. Or do we want to use it in the admin? -- mir For people trying to catch up on the discussion, there are a few long threads in the django-developers archives. Two good places to start are probably [http://groups.google.com/group/django-developers/browse_frm/thread/17d1dfecd67864ab?q=autoescape& an early discussion here] and the discussion around [http://groups.google.com/group/django-developers/browse_frm/thread/7caeb86c04b81f10/9ea28abb20020437?lnk=gst&q=autoescape+willison&rnum=1#9ea28abb20020437 the original patch]. -- Malcolm. See also AutoEscaping and [wiki:"AutoEscape alternative" Autoescape alternative]. I'm becoming more and more convinced that auto-escaping needs to be on by default. XSS holes totally compromise the security of your application - they are the "root" attack of the Web. They are stupidly easy to introduce - even Google has had them. If you aren't convinced, take a look at the notes I've collected about them: http://simonwillison.net/tags/xss/ -- Simon === Model Inheritance === The latest description of the API and implementation details is in [http://groups.google.com/group/django-developers/browse_frm/thread/7d40ad373ebfa912/85244d55f259455d?lnk=gst&q=model+inheritance&rnum=4#85244d55f259455d this thread]. See also ModelInheritance. === !DecimalField === models.!FloatField would always return floats (not Decimals), and introspection of DECIMAL columns would yield !DecimalFields (not !FloatField). The parameters to !FloatField would also change (no precision, etc.). See also [http://groups.google.com/group/django-developers/browse_thread/thread/852e0115b2535be9/dc496ed3a5d5429e#dc496ed3a5d5429e this thread].