[Python-modules-team] Bug#686104: python-django-registration: Not compatible with, Django 1.4.
Winfried Tilanus
winfried at tilanus.com
Fri Aug 31 09:46:57 UTC 2012
On 08/31/2012 09:59 AM, Raphael Hertzog wrote:
Hi,
(I hope you are still patient with me.)
It is hard to judge how severe the use of SHA1 in django-registration
0.7.1 is. I think we can go endlessly here. (What if an attacker
requests 2 accounts: one on a valid e-mail address and one on a invalid
one? Is 5 characters of salt, 26 bits of randomness, enough safeguard?).
I think in the end it is a subjective decision and I am not to judge here.
So lets get back to the original issue: the changelog mentions fixed
compatibility issues with Django 1.4:
https://bitbucket.org/ubernostrum/django-registration/src/2d6fcc0c55d0/CHANGELOG
It is for sure referring to this commit:
https://bitbucket.org/ubernostrum/django-registration/changeset/b79f9f2cf3c9f246d68a0e5d3b9e75ab0c1b20c6
I have seen one bug report about this causing problems:
http://spottedsun.com/django-registration-activation-error-for-django-1-4/
I can recall also fixed problems with the naming schemes between 0.7.1
and 0.8, but I can't give exact references to those.
Winfried
More information about the Python-modules-team
mailing list