|Version 70 (modified by Simon G. <dev@…>, 8 years ago) (diff)|
Version 1.0 feature list
Features Intended for 1.0
The following features have either been decided to go into 1.0 or are under discussion.
|Feature||Leader||Changes API?||Implementation status||Tickets|
|newforms||Adrian||Yes||on the way|
|serialization||Jacob||No||feature not clearly defined||#2930, #2843, #2650, #2553|
|generic relations||Jacob/Malcolm||Yes||Code move is done (Malcolm), admin support (Jacob) not done. Needs newforms-admin merge first.|
|comments||Jacob||Yes||in progress||#1829, #1853, #2134, #2177, #2228, #3091, #3546, #4189|
|ms sql server||?||No||?|
|root views/url reversal||?||Yes||Not started||#2977|
|windows installers||?||No||not started|
|DecimalField||Malcolm||Yes||done||#2365, #200, #2519, #3238, #3324|
|middleware ordering||?||No||not started||#730, #749|
Left to those who decide ;-)
Comments about Specific Features
#2930 has not been decided and does not include a patch.
#2843 is not changes the API only in a compatible way and there is no decision in the ticket.
#2650 is a bug and not an enhancement, and it does not include a patch but complete files (but bug fixes should go in 1.0 anyway, if possible).
#2553 proposes to make generic views respond in formats other than html, and it does not go into details nor does it include a patch. From the description it isn't clear what it actually proposes, but it looks like a compatible change.
Jacob plans to rewrite them for newforms. This change rather belongs into the category 'newforms'. Is it really necessary to rewrite the comments in 1.0? Other than the changes in admin, the comments system rewrite shouldn't directly influence the API of newforms. -- mir
While it doesn't change APIs, having an oracle backend is great for the 1.0 release, even if it doesn't contribute to the #1 goal. And there is great impetus behind it.
Root View and URL Reversal
The root view proposal was blocked by the problem of url reversal. A few possible solutions have been brought up that had some disadvantages, and nobody of the core team has commented on this.
Autoescape only changed APIs if it was on by default. But I've (Michael Radziej) followed the discussion very closely, and I'm sure that the main reaction of the community was strictly against this. autoescape is my own favorite pet, but when I apply my own criteria, it wouldn't be a candidate for 1.0. One could argue that it will deeply affect the way templates are written and that they are an important step to make django applications safe, but the consensus about it was not that strong. Or do we want to use it in the admin? -- mir
For people trying to catch up on the discussion, there are a few long threads in the django-developers archives. Two good places to start are probably an early discussion here and the discussion around the original patch. -- Malcolm.
I'm becoming more and more convinced that auto-escaping needs to be on by default. XSS holes totally compromise the security of your application - they are the "root" attack of the Web. They are stupidly easy to introduce - even Google has had them. If you aren't convinced, take a look at the notes I've collected about them: http://simonwillison.net/tags/xss/ -- Simon
The latest description of the API and implementation details is in this thread.
See also ModelInheritance.
models.FloatField would always return floats (not Decimals), and introspection of DECIMAL columns would yield DecimalFields (not FloatField). The parameters to FloatField would also change (no precision, etc.).
See also this thread.
We are not treating the middleware hierarchy as a stack, in the sense that if one piece of middleware short-circuits the response construction, we go right to the bottom of the pile before processing the request. We need to decide what behaviour we really want here and record it. Both the referenced tickets have good points in them and since this might slightly change request/response behaviour, it's a pre-1.0 decision if possible.