Version 67 (modified by Malcolm Tredinnick, 18 years ago) ( diff )

Reverted last change. This isn't a wishlist page, it's the results of discussion on django-dev.

Version 1.0 feature list

Features Intended for 1.0

The following features have either been decided to go into 1.0 or are under discussion.

Feature Leader Changes API? Implementation status Tickets
newforms Adrian Yes on the way
serialization Jacob No feature not clearly defined #2930, #2843, #2650, #2553
authentication Joseph Yes done
generic relations Jacob/Malcolm Yes Code move is done (Malcolm), admin support (Jacob) not done. Needs newforms-admin merge first.
comments Jacob No not started #1829, #1853, #2134, #2177, #2228, #3091
oracle ? No almost there
ms sql server ? No ?
test fixtures Russ No done #2333
root views/url reversal ? Yes Not started #2977
autoescape Malcolm No almost there #2359
model inheritance Malcolm Unclear started
windows installers ? No not started
DecimalField adurdin Yes needs testing #2365, #200, #2519, #3238, #3324
middleware ordering ? No not started #730, #749

Delayed Features

Left to those who decide ;-)

Comments about Specific Features

Serialization

#2930 has not been decided and does not include a patch.

#2843 is not changes the API only in a compatible way and there is no decision in the ticket.

#2650 is a bug and not an enhancement, and it does not include a patch but complete files (but bug fixes should go in 1.0 anyway, if possible).

#2553 proposes to make generic views respond in formats other than html, and it does not go into details nor does it include a patch. From the description it isn't clear what it actually proposes, but it looks like a compatible change.

Comments

Jacob plans to rewrite them for newforms. This change rather belongs into the category 'newforms'. Is it really necessary to rewrite the comments in 1.0? Other than the changes in admin, the comments system rewrite shouldn't directly influence the API of newforms. -- mir

Oracle

While it doesn't change APIs, having an oracle backend is great for the 1.0 release, even if it doesn't contribute to the #1 goal. And there is great impetus behind it.

Root View and URL Reversal

The root view proposal was blocked by the problem of url reversal. A few possible solutions have been brought up that had some disadvantages, and nobody of the core team has commented on this.

Autoescape

Autoescape only changed APIs if it was on by default. But I've (Michael Radziej) followed the discussion very closely, and I'm sure that the main reaction of the community was strictly against this. autoescape is my own favorite pet, but when I apply my own criteria, it wouldn't be a candidate for 1.0. One could argue that it will deeply affect the way templates are written and that they are an important step to make django applications safe, but the consensus about it was not that strong. Or do we want to use it in the admin? -- mir

For people trying to catch up on the discussion, there are a few long threads in the django-developers archives. Two good places to start are probably an early discussion here and the discussion around the original patch. -- Malcolm.

See also AutoEscaping and Autoescape alternative.

I'm becoming more and more convinced that auto-escaping needs to be on by default. XSS holes totally compromise the security of your application - they are the "root" attack of the Web. They are stupidly easy to introduce - even Google has had them. If you aren't convinced, take a look at the notes I've collected about them: http://simonwillison.net/tags/xss/ -- Simon

Model Inheritance

The latest description of the API and implementation details is in this thread.

See also ModelInheritance.

DecimalField

models.FloatField would always return floats (not Decimals), and introspection of DECIMAL columns would yield DecimalFields (not FloatField). The parameters to FloatField would also change (no precision, etc.).

See also this thread.

Middleware ordering

We are not treating the middleware hierarchy as a stack, in the sense that if one piece of middleware short-circuits the response construction, we go right to the bottom of the pile before processing the request. We need to decide what behaviour we really want here and record it. Both the referenced tickets have good points in them and since this might slightly change request/response behaviour, it's a pre-1.0 decision if possible.

Note: See TracWiki for help on using the wiki.
Back to Top