Merge lp:~salgado/lava-dashboard/csrf-on-django1.1 into lp:lava-dashboard

Proposed by Guilherme Salgado
Status: Rejected
Rejected by: Loïc Minier
Proposed branch: lp:~salgado/lava-dashboard/csrf-on-django1.1
Merge into: lp:lava-dashboard
Diff against target: 12 lines (+1/-1)
1 file modified
dashboard_server/default_settings.py (+1/-1)
To merge this branch: bzr merge lp:~salgado/lava-dashboard/csrf-on-django1.1
Reviewer Review Type Date Requested Status
Loïc Minier (community) Needs Resubmitting
Zygmunt Krynicki (community) Approve
Review via email: mp+38588@code.launchpad.net

Description of the change

This typo means we don't have CSRF protection on 1.1

I'd fixed it as part of another branch of mine, but doing so causes 3
django.contrib.auth tests to fail on Lucid, so I'm proposing it separately for
discussion.

To post a comment you must log in.
Revision history for this message
Zygmunt Krynicki (zyga) wrote :

Auth tests fail on lucid because of unrelated reason (note that james sent an email about a package in -proposed that fixes this). So unless I misunderstood there is nothing that prevents this fix from landing.

review: Approve
Revision history for this message
Guilherme Salgado (salgado) wrote :

This change causes other tests to fail.

I have all tests passing on my trunk branch as I've installed the
updated python-django from lucid proposed, but once I fix the typo,
these 3 tests fail.

Revision history for this message
Guilherme Salgado (salgado) wrote :

The test suite is still passing on maverick after this change.

Revision history for this message
Guilherme Salgado (salgado) wrote :
Revision history for this message
Loïc Minier (lool) wrote :

Is this still relevant?

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

It's complicated. I'll reply more soon (on the go now)

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

> Is this still relevant?

Short answer: possibly

Long answer:
I'm not sure if we can stick to django 1.1, it seems to be missing more features than I expected and most importantly, it seems to be no longer supported by some of our dependencies. We need to discuss if the cost of backwards compatibility with 1.1 is something we are expected to pay. Django will have 1.3 release soon, packaging everything for ubuntu/lucid (which mandated django 1.1 in the first place) is something we have not yet started and it seems to be just adding problems instead of solving them.

For the moment this patch is pending (it's not clear it can be applied AFAIR) further review. During the sprint I'll discuss with Validation team lead (plars) and IS on what kind of deployment options we have. I'd rather much prefer to do a non-deb deployment or have someone else package everything we have built or depend upon. Ever since I discovered pip and virtualenv debian I don't look back (although it's not without issues it tends to get the job done better for python packages)

Revision history for this message
Loïc Minier (lool) wrote :

Did you get the chance to discuss deployment options?

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

Yes.

The consensus was (AFAIR) that we should either clearly indicate which versions of what are required or package that so that it works on lucid.

During the last week I packaged everything required to take launch-control off the ground on lucid (ppa:zkrynicki/lava). I'm working on the final package (which you can run from a checkout assuming you apt-get install the dependencies). Packaging django applications is not a well documented topic. I'm actually packaging django-hello-world application to document the process and try out how things work. I have a very very rough package for launch-control itself but there is no way to start or configure the application once it's installed.

If you want to try this out please note that my PPA has lucid packages only, I copied a few binaries over to maverick but that's it. Once the system is proven and works I'll copy everything to maverick and lucid to ensure anyone can apt-get install it on an Ubuntu system.

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

> Did you get the chance to discuss deployment options?

Oh, I also have to add that I did decide to backport few key packages from maverick and natty (django and simplejson) because working across versions was too difficult. This branch will probably be discarded once I'll review all the pending branches and either merge or discard them totally.

Revision history for this message
Loïc Minier (lool) wrote :

The diff seems trivial; I think we can merge this?

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

> The diff seems trivial; I think we can merge this?

I'll look at this after I resolve packaging. AFAIR this broke tests on lucid and there is no need to support django 1.1 anymore.

Revision history for this message
Loïc Minier (lool) wrote :

Rejected as to not leave this in the review queue; please resubmit when ready

review: Needs Resubmitting
Revision history for this message
Loïc Minier (lool) wrote :

11:57 < lool> ams_cs: Is
https://code.launchpad.net/~ams-codesourcery/gcc-linaro/lp663939/+merge/45750
              still work in progress? It seems really old now
[...]
11:58 < ams_cs> lool: last activity 12th april
11:58 < ams_cs> lool: I have to do some reworking
11:58 < ams_cs> lool: I've also discussed this patch with Ramana quite a bit

Revision history for this message
Loïc Minier (lool) wrote :

gah, sorry, wrong merge proposal

Unmerged revisions

95. By Guilherme Salgado

Fix a typo on dashboard_server/default_settings.py

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'dashboard_server/default_settings.py'
--- dashboard_server/default_settings.py 2010-10-02 21:25:06 +0000
+++ dashboard_server/default_settings.py 2010-10-15 20:04:41 +0000
@@ -112,7 +112,7 @@
112# middleware in 1.2 rewrites the whole response. Once we drop support112# middleware in 1.2 rewrites the whole response. Once we drop support
113# for 1.1 we can remove this section.113# for 1.1 we can remove this section.
114if django.VERSION[:2] == (1, 1):114if django.VERSION[:2] == (1, 1):
115 MIDLEWARE_CLASSES = MIDDLEWARE_CLASSES + (115 MIDDLEWARE_CLASSES = MIDDLEWARE_CLASSES + (
116 'django.contrib.csrf.middleware.CsrfMiddleware',116 'django.contrib.csrf.middleware.CsrfMiddleware',
117 )117 )
118elif django.VERSION[:2] == (1, 2):118elif django.VERSION[:2] == (1, 2):

Subscribers

People subscribed via source and target branches