There seemed to be a lot of Release Blockers this week — bugs in new features, or regressions from previous versions. That’s to be expected: folks are installing the new version (3.2) and coming up against the changes. Ultimately, it’s only by people using it that we can explore all the edge-cases. A lot of people test in pre-release. It would be good if that were more. But there are some issues that just don’t show up until you put them live.
We’ve got a couple of weeks to resolve this first batch before 3.2.1 that’s due May 4th.
Applications for this year’s Google Summer of Code (GSoC) closed on Monday. We now have a month to review them, work out mentoring, and apply for project slots.
Fewer applications than previous years, partly I think because Google have cut the scope (and so the stipend) which looks to have cut down on spammy applications. (Only a small exaggeration: Build crypto-coin price predictor in \<INSERT PROJECT NAME> — please accept me!). There’s always an initial phase of having to exclude these, which I’m very pleased to have already done this year. (Massive win 😃)
If you’re an Old-Django-Hand mentoring for GSoC is a good way to get (back) involved. It’s basically hanging round on a single ticket/PR — which is a long-way removed from the constant stream of incoming tickets on Trac. It’s doing the crossword. If this is you, and you fancy a low-commitment hobby for the summer, let me know. 😉
Midweek the Jazzband team put out a security release for multiple versions of Django Debug Toolbar. This fixed a potential SQL injection — potentially terrible if DDT snuck into production somehow (or say onto a staging server with not great data scrubbing…)
Aside: Update Now!
Top-work, very well done. I was only involved in this to the extent of posting the blog post and the email to django-announce, but it got me thinking (again) about both how wonderfully deep, and how precarious the Django ecosystem is.
Jazzband is volunteer-driven, and it works, but… grrr… there still feels like disconnect between the sheer number of companies using Django and all it’s related projects and the amount of money in the system to make sure this kind of work has the support it needs.
I’m not sure what exactly we can do in the short-run but Mariusz and I (as Fellows) are community managers, and if we can help you with security related issues like this to your package, do reach out.
On Friday, I posted a TIL on using HTMX to progressively enhance a Django form.
I still haven’t quite hit my stride on TILs. I keep forgetting to post. Most days I do something that would be worthy of an entry. Just need to get into the habit.
HTMX is super. I’m having a lot of fun with it.
I’ve been playing with the same basic idea of loading server rendered HTML fragments into the page more-or-less forever — jQuery.load() was where I started. I’ve watched pjax and Turbolinks in this space over the years, and been a bit envious of the nice Rails integration, but at the same time not found it that good a match for Django. With HTMX I’m like Oh, yes. I’m just doing my Django thing, and it’s fitting very well. It really feels like the lessons have been learnt.
(Secretly now lining up the summer project of integrating HTMX with WKWebView on iOS. Much to do before this though.)