Like Raphael I also think we should avoid introducing a new way of defining settings. I suggest we use a list of path to instances of password validators instead:
AUTH_PASSWORD_VALIDATORS = [
'django.contrib.auth.password_validators.min_eight_chars_validator',
]
Simon
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/494039b5-c06b-4afc-aaf3-0705db37d13e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/3a0b87ad-5073-4af1-8a7a-cd91705e287a%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CANQFsQATUqV1CfsnAdjrvAQgHs0eQ-zx7pVC%2Bg9KvDiQ7mFbYQ%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/24FEB9D0-03ED-4CD6-81D4-E5A981C6BFE3%40solidlinks.nl.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/20e86482-be46-4dc8-b363-313eecafa926%40googlegroups.com.
$ python manage.py createsuperuser
Username (leave blank to use 'markus'):
Email address: ********
Password:
Password (again):
This password is too short. It must contain at least 8 characters.
Password:
Password (again):
The password is too similar to the email address.
Password:
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/9860adf7-b0b3-492d-b8a0-f08c7b85b587%40googlegroups.com.
$ python manage.py createsuperuserUsername (leave blank to use 'markus'):Email address: ********Password:
Password (again):
The passwords do not match.Password:
Password (again):You used a password that doesn't fulfill all validation requirements:
- This password is too short. It must contain at least 8 characters. - The password is too similar to the email address.
Superuser successfully created
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/470bba48-2695-405e-bdf4-88b66373a323%40googlegroups.com.
--Aymeric.
To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsub...@googlegroups.com.
I would even dare to say I'm totally against activated-by-default
password validators.
I think it should be a decision the developers take
consciously, as it again adds just more overhead (which Django surely
doesn't need).
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/e653f37d-dc81-430b-87c4-47477bd971d9%40googlegroups.com.
+1
I started using django-classy-settings and it works very well for me.
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/1aba1352-89ba-4cfe-a789-77430c504026%40googlegroups.com.
Some other related questions also come to my mind: What exactly are we
considering a secure password?
Why not leave the validator list empty by
default and document the feature on the security checklist, with the
rest of deployment-related features that aren't on by default?
Don't take me wrong, I *do* think this is a great feature, but it should
be the developers choice to turn it on.
>Cause noone reads docs and this is not really deployment related imo.
What if the checks framework warned it?