Jacob Kaplan-Moss

Tag: django

Measuring the Django Community: Circles of Django (2007) March 22nd, 2007

So here’s a question I get asked a lot: “How big is Django’s community?” Anyone who works in open source knows that it’s basically impossible to know the size of any open source community. It’s easy with commercial programs – just look at the sales numbers – but since F/OSS is freely (and widely) available, there’s almost no way to know how many people are using your project. Still, the tie-wearing enterprisy business folks ask these types of questions, and it’s useful to have an answer ready.…

Measuring the Django Community: The Django community in 2009 November 6th, 2009

In March of 2007, I attempted to measure the size of Django’s community. That March turned out to be a major inflection point in Django’s growth: the release of 0.96 brought a lot of new features – testing and the new forms library being the critical ones – and those in turn brought in a lot of new users. Growth since then has been at a much faster pace. So I thought it’d be interesting to review the same metrics I used back then.…

Measuring the Django Community: The Django community in 2012 March 5th, 2012

In 2007, and again in 2009, I made an attempt to measure the size of the Django community. By popular request — okay, a couple people asked for it, whatever — let’s do this thing again. Users In 2007 and 2009, I shared three ways of looking at how many people are using Django: hits to the website, downloads of the Django tarball, and sites listed as “using Django.” So, here’s an overview of users, some notes on interpreting these numbers follow:…

Django's new governance model March 12th, 2020

Starting today, Django has a new governance model. Previously, a small “core team” made most decisions, including electing a Technical Board to own decisions about each release. Now, the “core team” is gone; all power rests with the Technical Board. Anyone who’s made substantial contributions to Django is now eligible to run, and the board is now elected by the DSF Membership at large. You can read more about the change in today’s announcement, and if you want to full details they’re in DEP 10.…

Articles for r2c: Preventing SQL Injection in Django May 15th, 2020

SQL Injection (SQLi) is one of the most dangerous classes of web vulnerabilities. Thankfully, it’s becoming increasingly rare — thanks mostly to increasing use of database abstraction layers like Django’s ORM — but where it occurs it can be devastating. This article will help you understand and prevent SQLi vulnerabilities in your Django apps.

Articles for r2c: Not all attacks are equal: understanding and preventing DoS in web applications September 11th, 2020

Denial-of-Service (DoS) vulnerabilities are common, but teams frequently disagree on how to treat them. The risk can be difficult to analyze: I’ve seen development teams argue for weeks over how to handle a DoS vector. This article tries to cut through those arguments. It provides a framework for engineering and application security teams to think about denial-of-service risk, breaks down DoS vulnerabilities into high-, medium-, and low-risk classes, and has recommendations for mitigations at each layer.