← Back to Show Notes

Transcript: Django Community Survey

hi welcome back to django chat to fortnightly podcast on the django web framework i'm carlton

gibson joined as ever by my co-host will vincent hello will how are you it's been so long i know

i'm good hi carlton it's this is the first one since mid-july we had a little break for the

first time we were just discussing before we went online we both have we have seven kids between us

all under the age of 12 so that's uh been interesting but everyone's juggling stuff

but it feels nice to be back in sort of a routine i guess with school virtual and otherwise yeah no

for me it's still very much like swimming through treacle like literally the kids finished school

on the 13th of march and they went back on the 14th of september so that's six months literally

six months out of school um so you know 2020 i saw a tweet the other day when uh 20 there's only

three months of 2020 left but mentally i never left february i really resonated with me i'm like

yes that's that's exactly how this year's gone anyway yes but anyway stuff has happened so as

you as you mentioned in the intro so we are going to be going every two weeks going forward we did

weekly for 72 74 weeks in a row but we're going to be going um every two weeks this episode we're

going to be talking about the django community survey updating everyone on what's happened in

django the last couple months but most of the episodes are going to be guests we have a whole

bunch of guests lined up for the fall that we're excited about so it'll be mainly guests talking

about using Django out in the wild what's happened um 3.1 came out Carlton you and Marius yes it did

yes well Marius was um release manager for that so he basically did all the hard work and I was

there with like the supportive cup of coffee and metaphorical you know remote coffee and remote

donut I was like you know yeah did Tim Graham pop up this time or is it the first without him

no he didn't he didn't make an appearance but he has been active he's um been working on the

cockroach db back and i think there's there's progress there on making that more money for

fully more fully featured because tim keeps making these little prs so that's nice to see

yeah i've seen that well that's good you and there's already been a security release so 3.1.1

and 2.2 whatever that came out a couple days ago yes that wasn't super high priority and

there was a strange permit that make deer the position um the behavior of make is changed in

python 3.7 um to not set the permissions of intermediate directories that it creates um

and then so when you run collect static or whatever you had to had to make sure that we

were saying the correct permissions it's not particularly high um high impact one in that

you know if someone's got access to your file system you've probably got bigger problems already

but yeah you know we got that out and we got a lot of um quick fixes out so three the point one

the you know the 3.1.1 that that first point release is always quite hectic because there's

new features and then people finally try you know give them a try against their production

environments and they find all kind of issues so um a few with the new admin sidebar css kind of

issues we'll resolve those or we resolved a lot of those with a couple more that will get resolved

in 3.1.2 and then hopefully it should be like yeah okay we've got the worst of that json field

a couple of little ones there and a few a few regressions in the orm we change you know if

you've got particularly complex queries which you know aren't antecedently covered by the test suite

because it's like i'm aggregating here and then grouping by you know or the group by and then

ordering on the aggregation it's like these things can be tricky so a few of those yeah the orm can

be tricky yes well kudos to that i'm glad you know that came out well kudos to maris really i

mean maris worked like an absolute trojan is the phrase he really um you know he really sweated it

and it's my turn for 3.2 so i'm a bit like oh is that how you're alternating is that the plan

yeah yeah because like we so we we alternate the monthly releases but then also the major

releases we take turns on those because they're a lot more work um yeah and 3.2 will be the

will be the lts yeah is that even more work for for the two of you no no it's exactly the same

like the lts is just the same um sorry there was a mosquito trying to meet me so i just had to

attack it there um the lts is the same uh you know what can i say i just i'm smiling because

we make a lot of efforts to have good quality audio and you're you're smacking your hands loudly

for all the guests yeah no sorry yeah no sorry i do apologize i'd like but mosquito versus guests

it's like mosquito yeah what else um i updated all my books so this time i was able to use the

beta release as you would say and so they all came out i had to redo screenshots for every single

admin view um because there's the new admin sidebar but also the chrome browser changes so

anyways it's complete start to finish redo of everything but i was able to get that out and then

take a little bit of a break so that's good you you were you you read up wrote a post or perhaps

just a series of tweets where you're saying that um rewriting the books is kind of like um

i can't remember exactly what you said but more like doing scales yeah you use the yes scales

because you go through it and you tweak it and i'm trying to be zen about it yeah i think that's

accurate that because i go through for every every major release i go through everything from scratch

new code base, new screenshots. And it is the, you know, the bane of the existence of people

who create content is you have to update it all the time if it's technical. And so most people

don't. And I've, I'm on now my fourth or fifth time updating for Django. I think the first time

I did was 110. But yeah, I think it's, I think it is sort of like musical scale. So I play music,

my kids play music. And, you know, my, we spent a bunch of time during the break with my,

my brother-in-law, who's a professional violinist, and he plays, you know, five hours a day and he

plays scales every day on top of everything else. So I think there is something true about that,

that, you know, going through, because there's things that change in Django, there's things

that change in Python, there's externalities, but there's also just how I feel about teaching

stuff changes. So I try to, you know, it is an opportunity to do that. I mean, for example,

some of the changes that I made in the book, well, the book size changed actually. So the paperback

trim it was eight and a half by eleven and now it's more closer to seven by nine which is more

standard sized um so people probably won't notice that but that was a whole ton of work for me to do

and that's gonna be harder to find on the bookshelf though it'll be hard to find a bookshelf

yeah because it'll match blend in with all the others it'll be camouflaged

yeah i mean i would like to have you know hire a professional develop uh designer and

make it all perfect but i i update all the time so um but anyways i think it i think it's better

uh the pathlib is a big change in three in three one so the settings.py file defaults if you do

start project to pathlib i had so i update everything to use pathlib instead of just

um os what else and i guess the other one that i've had a bunch of questions about is i decided

to for project names in the past i would if it was a book project i would call it book underscore

project or you know to do underscore project but i've adopted more of the um calling everything

config that's a project folder so it's it's completely superficial um but i made that i

implemented that in the books as well as i've been doing that my tutorials because i think it's one

less thing to worry about because it is one of those things that you have in every project and

so it just seems i like to standardize it and i think jeff triplett cued me onto that pattern so

so that's because you've got a folder full of apps and then one of those apps isn't really the app

it's the project folder it's got the settings and the yeah so that's why i would do i would make a

point of doing you know underscore project which um just to reinforce that anyways so yeah those

are out there's so many moving parts in a django project and app so to the extent that some things

are standard try to name them as such and treat them as such across the different examples that i

give um what else uh django people has been sunsetted so that was a project that's been

around for a long time not really maintained there's a post up on the django site we'll link to

um it wasn't being used so um it redirects to i think that blog just a holding page now

yeah just a holding page um i think that that's the point it wasn't being used it wasn't being

maintained um and so whilst django snippets is still being maintained and that's up to date and

you know that that's keep going nicely django people was in need of love and then there's

there's folks who are like oh i need to um reset some credentials or i need to change some details

that and they weren't able to log in and we weren't able to recover accounts and at that point

it's no longer sustainable yeah i mean because there is this constellation of django things that

are maintained by the django software foundation so now django packages will be moving into that

orbit um what else is there there's there's a list of things that the ops team um is in charge of

so anyways that's yeah people won't probably miss it but that's changed um django news newsletter

that's something i've been doing with jeff triplet that's still going along um we'll put a link

that's a weekly uh link of all sorts of django news projects videos there's a whole bunch of

conferences that have happened so pycon australia happened there's a django track um we'll link to

that pycon africa happened there is a whole a number of django talks we'll have links to that

and django con europe is coming up this weekend which you're speaking at well yeah yeah well

speaking out i'm busy um trying to make a recording so um my talk's about um yeah my

talk's about uh optimizing model choice field and in order to have an example for that i've got this

crazy database query that you know goes insane and then trying to record the demo i wasn't actually

able to record the demo because my computer wouldn't capture the video and process all the

database requests without doubling the time because it was busy like i don't know what oh god what

they do time sharing um and so basically i'm having to go slides only because i can't i can't

do the demo but i hate live demos i even recorded live demos so live coding even a recorded video

it doesn't work is what you're saying yeah no i'm not live coding any like you know no so i'm

actually happier that i'm doing slides but that means i'm i'm still working on it even though

deadlines really soon. But it's fine. I'm quite excited about it. Yeah, well, there's a great

list of talks. So there's your talk. Adam Johnson has one on how to hack a Django site that I'm

really interested to see because he would know. Tom Dyson of Wagtail has one on new ways to deploy

Django app. Marcus Holderman has one on migrations. Aaron Bassett has one HTTP headers. Sage Abdullah

has one on cross TB JSON fields. Andrew Godwin's there. So there's a whole list of people. I'm

really excited to see the talks yes i am i'm excited about tom dyson's talk because he's um

going to look at three different ways of deploying from um from the first one being like a static

site so what i want to know is how's he going to get a static site out of his django thing is he

going to use web get and mirror mirror the django side or like or has he got a little command line

tool to do that i'm quite interested in that i think the second one's like a more normal deploy

and then the third one some sort of containerless serverless all in space number yeah no i'm really

interested to see i think it's gonna be great and i'm glad that that that the conference is

happening i think there's there two more things and then we'll get into the survey um so django

technical board vote is coming up so this is a really big deal this has been in the works for

two years i think but um django will have a technical board of three members who will be the

final deciders when there is a big issue is there anything more you want to say on that so people

should they'll be so people who are members there's 200 odd um individual members of the

jango software foundation will be the ones who vote on that um and that election is important

and upcoming yeah well this is yeah i mean all i'd say is that this is the culmination of the

whole dissolving django core or renaming django core and um introducing a more modern government

governance um django such a big project now that it needed something more formal um than what it

grew up with when it was a much smaller project uh and you know we've talked about django core

and how it became stale and you know various other things and not representative of the wider

community and the technical board this final technical board election is kind of like the

final piece of that depth 10 change we've had the mergers we've had the so maris myself and claude

are the mergers and then we've got you know maris and i do the releases and that was all part of the

depth 10 but the thing we've been missing is this this official election of the technical board

yeah so i was excited about that yeah uh and yeah i mentioned um one last thing that the

jango software foundation has been doing is um adding corporate badges so corporate members

um will now have something they can show on their sites that will be up soon um yeah i'm working on

that this week actually so yeah so that's a good um something for the corporate sponsors so that's

important okay community survey we get should we get into it right yeah yeah no this was super

yeah so this so this was and i and this happened right before i took my break too as i sort of just

like you know put out the charts and was like peace for a couple weeks um but we had fantastic

responses. We had 4,379 people responded, which is great. And we hadn't done a survey in five

years. The last one was Tim Graham had done one in 2015. But Python has an annual survey. And

for the fellows and for the core, not the core teams, but the Django developers, it's important

to know what usage is because Django does not track anything. So we're very much in the dark on

what people are using yeah so this was really i think we'll hopefully guide future discussions

around you know we'll go through them but how is it actually being used which database backends

all that kind of stuff that we can only wonder about yes you sort of and you do a lot of work

on um something you're like well is anyone actually using this and it's nice you know but

so you know let's jump the gun there was one on the test framework well which test framework are

you using we do a lot of work on the django test client um to keep that up to date and keep that

running and who's using where it turns out a massive proportion of the user base are using it

so right yeah because it is you sort of wonder is everyone just using pytest why do we bother but

yeah and it's right yeah so anyway that was that's what we'll come back to that when we as we let's

go through them in order because otherwise we'll get lost we'll cut back and forth okay yeah so

there's links to them it's up on the site um so the first one the question and is what is your

primary operating system. And so I think for next year, I'm going to rephrase this because I think

the better question would have been, what is your local operating system and what is your

server operating system? So 45% said Linux, 27% Mac, and 27% Windows. I suspect the Linux question

is there's some combination of your server, not just your local client. Because anecdotally,

at least yes people use linux but i was surprised by this so we could ask it in a way to confirm

that it's actually you know local client versus server yes yes but the big the big thing for me

was the that there are as many people you know bar a margin of 0.2 as percent as many people

using windows is on mac and it's like we always think windows is the minority um operating system

no it's not right it really isn't and yeah you know well especially for regular contributors

they're either on linux or mac yeah it's i mean i'm i'm certainly biased against when you know

i don't have two fancy computers i work on i'm i use mainly mac i mean use a mac um you know

andrew godwin's on windows other people are on windows i know from my install python 3 site

there's tons of people looking for windows installs um but if anything i thought that

windows would be bigger than mac you know or demonstrably bigger um it seems about the same

so that was interesting question i think for next year hopefully this will be an annual survey that

we can do i would want to distinguish between client and server because i i suspect some of

the linux is that but um yeah moving on so what do you what do you so when you start a new project

what do you use so 75 said they use the latest stable release and 30 well done 75 lts yeah um

and i guess maybe if you're starting a new project why wouldn't you be on the latest one it's more a

question of you know in practice it's the upgrades which maybe we can we can even skip to where

people say yeah how often do you upgrade and the majority say every stable release um yeah i think

it's probably a difference you know there's a difference there between a corporate site and a

personal site because that's fantastic to see but most companies i know are behind

they're not on the latest release yeah it's difficult because like so there's a whole

series of questions around upgrades and one of them is how easy it is and there's a big bump

around easy and then a few people like you know okay it was harder and it's interesting we can

dig into the reasons why it's harder in a minute but like what for me at the moment why would you

be on the lts there's just no reason to be on the lts you should be on the latest version because

yeah like like if you're not going to maintain maintain your application then fine you might

think oh we're not going to maintain it will be on the lts because we don't have to maintain it

but if you're not going to be maintaining you might as well be on the latest version because

it's got loads of bug fixes which the lts doesn't have right and if you're not maintaining it well

what's the difference well and that's you know so there there were responses to a couple of

questions including how do we make upgrading django easier and i think one of the one of the

things people point out is that you know it's always your dependencies so it's third-party

packages yes you know the major third-party packages by and large are excellent at staying

up to date but you know who knows how many you're using dozens and dozens and then maybe you have

something custom and you know so i think i know that that is why companies fall behind is because

the dependencies it's not django itself but this this is the thing is that you get there and you

think i need something and it's like i'm just going to bring in this package and then six months

later you realize that you can't update because it's unmaintained or it's you know it's not

compatible with the new version and then what are you going to do are you going to dedicate the

resources to commit back to that upstream package and fix it are you going to somehow patch around

it or you're going to you know you've got to be really cautious about taking on development

dependencies you know a lot of django third-party apps are awesome but a lot of something you could

build in an afternoon especially if you've had look and you've you've sort of seen okay yeah

that's enough i'll take inspiration for that but i'll write my own version because then i'm in top

of it right well you and i are in that camp i think that is definitely as as you progress in

your django career you are more wary of taking on something and so absolutely for me if i i'll take

a look at the source code and if i think i can reverse engineer it pretty easily easily being

within a couple days then i'll do that um but yeah so that's part of it um someone had there

was one of the good comments was someone was asking about a django admin command to show

deprecation warnings because i do think that a lot of people don't use the dash big w to see the

warnings yeah flags you know i don't know if we can make that clear in the docs or i mean that's

little bit of it is superficial i mean there is a whole guide on upgraded it does say yeah

maybe it's an education issue more than uh anything else there is a whole guide um the issue

for me is um with that kind of thing where it's like putting a wrapper around functionality that's

already there is that that wrapper needs to be maintained and it increases the surface area of

the code base and then it takes away from quote unquote real features real work like it's i

understand that if you don't know how to run with the warning flags enabled then that might help

you discover it but but if you just read the doc one time you'll know about it yeah i agree it's

we don't want to just put wrappers on wrappers and wrappers it is there if you search for it

you'll find it, once you do it, once you know about it,

you use it all the time.

I don't know if we, I think we do,

is it linked to when there's a new version that comes out?

I don't know if it's put in the release notes.

I think it is.

We'd have to, there's a thing at the top

which says, you know, how to update.

Yeah, well, in any case, listeners to this podcast

know about the flags and to use them.

Right, but like, how do you learn about these flags?

You learn about these flags

by the first time you need them, but let's have a look.

Yeah, so at the top of the 3.1 release notice,

it says, see the upgrading Django to a new version guide

if you're updating the existing project, right?

That's right in there in the first, before you get anywhere.

And then it says about Python compatibility.

So I don't know.

I just think that adding that kind of stuff is great in principle

if we had much more human power available to developing code on the framework.

And we don't.

So we have to be very selective about what code we take on

and what code we add.

people are you know can we have this really minor feature that will add a teeny bit of complexity

for this for this corner case it's like well no implement a subclass keep that in your own project

because if we implement each little minor edge case it becomes unmaintainable yeah yes well

speaking of resources so one of the questions um which built-in database do you use uh so right

postgres the dominant one as expected um sqlite second um mysql and maria db so maria db is just

basically a different version of mysql an open source version of mysql

oracle's at 2.2 percent you know uh oracle is always one of those ones in terms of resources

i mean i think if this is still the case that for you and marius it's more work to make oracle work

than the other databases just on its own is that still the case yeah i mean i defer to maris on

that but yeah um like maris is a is an oracle expert he knows it he uses it well but yeah at

times it's it's it's fundamentally different from the other databases um right i would say it

certainly takes more than 2.2 percent of the time to maintain yeah and what really gets me is that

oracle corp aren't prepared to support the django software foundation in or apparently you know as

we've had various conversations which haven't gone anywhere oracle corp aren't prepared to

support the django software foundation at that point you think come on people like this isn't

this is a massive corporate enterprise a massive corporate database they just bought prior trees

closed source like a platinum court sponsorship of the django software foundation would be one

than one kind of license one license for oracle would be you know yeah we cover that and and

there's just it's just like crickets when we talk to them so i do get a little bit upset with the

lack of um i don't know input from oracle there yeah well i think there probably will come a time

when there's something that requires a lot of work from the fellows and others around oracle and

that may be the time when it's okay you're the only non-open source database and yeah i think

that time it's just a bit little bit for me it's a little bit disappointing from oracle corp that

they aren't prepared to stand up and support the project in any way it seems yeah i try to be

positive in in public so i'll just we'll move on from oracle but it seems a piece

yes of a piece with how they how they operate um database backends so memcat uh excuse me redis

was the twice as much as memcached which i think that makes sense reddit if you're starting from

scratch redis does seem like it's the default choice um not there's anything wrong with memcache

but redis more powerful okay yeah and this is it's but from just from the caching point of view

like they're equally equivalent i think people um like they they've got redis in play or they

were thinking about redis in play or redis is you know on their radar so they go with that

the interesting thing for me is we don't have a back end in core for redis and yet 76 of our

users say they're using it so um we really need one i mean we're at the point where we're going

to have three versions of the memcache back end in core and none for redis and that just seems

wrong well so what is it what is it so what is what does it take to to have that happen it's

just somebody to sit down and write the back end so the api is quite small it's only half a dozen

methods and you know wrap that around redis pi whatever this so there's janga redis and janga

redis cache which are the two third-party packages they could be used for inspiration it's just a

question of the time to set that sit down and put them in but i think yeah at this stage with the

survey results as they are i think there is a clear case for um a redis cash back-ending call

and then you know the third-party packages can add can expose the further capabilities of redis

right jango environment yeah that's right so moving along but that was one of the interesting

yeah well that and that was one you know that's part the point of the survey that was something i

think i had suspected that was the case but it was very very much validated that that is what the

usages in the community uh moving on to so apps that people contrib apps um admin number one

that's probably not surprise off number two right there um i don't know what else i mean syndication

not a lot of people people using syndication but i guess you know that's not terrible surprise

flat pages still being used but smaller amounts so um you know the python packages one was really

interesting to me uh and i will say so i did not so the list came from looking at the top

pi pi downloads and wagtail was added was only added after a couple days so the wagtail numbers

are low lower than they would be um that would be the two things i would change for next time

is i would include wagtail and i would from the beginning it was only a couple days but i think

it was it was like two three yeah there's a lot of answers in that time yeah um there was a wagtail

virtual conference going on and and jeff said you know people are saying to write in wagtail i was

like wait i i can i can add that in i should have added that in but that's so that i think i know

that's underrepresented um but you know top one psycho pg for using postgres yeah that makes sense

requests sort of makes sense pillow that was a little surprising pillow i mean we would use for

image uploading manipulation you know i mean but everyone's using like um saw thumbnail or

yeah easy thumbnail or these kind of things and they all use pillow right so any kind of

upload an image minimize it yeah anything with images um gunicorn is there g unicorn um pi test

i mean not surprised that pi test is there you know bado3 so that would be for s3 storage for

your um your media files or whatever else or not everyone but lots of people are using that right

yeah black so that's interesting so the python formatter that's which is now part of python i

think or it's official i think in some way i think it's the psf i believe is supporting it

hosting it or something they're doing something with it you whiskey yeah that makes sense that

i would think uh g unicorn would be a little bit higher than you whiskey but

also quite popular coverage you know that makes sense for testing as well yeah usual usual suspects

like white noise yeah you kind of have white noise um so anyways it was interesting to to see i mean

there's clearly there's you know what 10 that jump out and then not a lot of others so well

it's a massive long tail right yeah maybe even next time i wouldn't include all those all those

options i think for the third party apps right so we've got django rest framework debug toolbar

and then django celery i'm like come on folks there are other cues well of course of course

headers was number two was it yeah i mean so it's you have to hover over so this is

the default google layout i don't have control over it um yeah course headers is actually number

two then debug django filter rolling in there django celery django celery you know django

celery and django redis right there and what fifth and sixth so you know django extensions

right below that um someone was actually asking me i don't know why they're asking me but they're

saying oh i wish shell plus was part of django itself because it is true that django extensions

has i mean i use that a lot of people use that if we had unlimited funds there's probably some

things from there we could just roll into django itself but it's yeah i mean package so so what

shell plus does it automatically imports your model files right that's yeah exactly so it's

because it's every time you go into the shell you probably need them so um and then run server plus

i forget what that that has some extra goodies though it's you know django is updating but run

server plus is another one of the i mean it's a swiss army knife for django stuff but certainly

for the shell i always use that django all off you know that's fantastic package up to date

always used django celery beet you know that's i have actually haven't used that myself but i got

700 votes so oh and then it's like scheduled results right yeah and then i don't know if we

scheduled tasks um and then django rest framework um jwt so there was a whole side channel discussion

about jwts and i suppose we might as well you know let's talk about it because um it's kind of

important in that jwts if people come around to the idea and like it's slowly propagating to the

wider community that jwt is a badly designed algorithm it's not it's sort of insecure by

default because there are so many configuration options that people simply can't help but get it

wrong not it's just far too complicated and as as a result of that there are frequent security

breaches because of it or security holes because of it so it came up well what should we be using

for authenticating my um you know single page application well probably just sessions still

you know you should if you're in a browser use sessions if you're in another other client

somewhere else well they can use cookies too so hey just use sessions perhaps um but perhaps

django needs a more rounded story here but jwt perhaps isn't the go-to option it should be well

clients don't want to handle it all handle auth at all themselves um is basically part of the issue

right your your ios your android app just wants to deal with the cookie doesn't want to but pretty

much every library is able to handle cookies.

So it's not like you're writing network code yourself, you're

using some networking library.

And most of those have the ability to start to get a cookie from one request

and then attach it to subsequent requests.

It's no different than the token, right?

The cookie is just the header.

that you send with the request it's it's cookie and then there's your cookie string right whereas

a jwt goes in authentication right and then there's your token or you know a token so it's

just it's from a sort of http request perspective it's just setting a different header so do you

think the do you think the onus is on django to change this or it's on the clients the mobile

clients i think it's like django so to to get a cookie on a response it's just a question of

implementing a view which calls authenticate and django will do the rest right so um that kind of

simple cookie setting login view is is is it is not going to change at all what can we do i don't

know i mean is it our job to go through and say of every login option no this is the one you should

this is the one you shouldn't but i think we could perhaps call out that hey jwts aren't the way to

go and you should be using session authentication still where you can what muddies the water a

little bit is that a session id that there's one session id so you have a session id for your web

client and there would be a separate one for your ios yeah right i mean that's why tokens exist as

a way to have a token generated for your different but you can log in from two two browsers right so

you can have safari open and you can have chrome open and you can have firefox open you can be

logged into your django site and all three and all three of them will have a separate session id

and yeah separate sessions yeah no i know the same with the mobile so look okay back in the

day i wrote mobile clients using jwt because i was learning came um picked up rest framework

and i was like i need some sort of authentication for my ios client back you know when i you know

is345 what do i do uh here you are i can use jwt said the new hotness everyone's recommending them

fine brilliant they work perfectly well i don't think about it anymore but okay with now knowing

more and you know reading more in the last few months it's like hang on i should have been using

sessions all along i just never thought oh no i can i'll implement session north um i don't know

it's difficult because developers don't know any better and i didn't know any better at a time when

i was using token or and you know for for things like oauth that's what you're still using a kind

of token or if you've got a bearer token and which you got off of off of the server when you did the

oauth login and you use that as your credentials yeah it does seem like there's there is becoming

this consensus i mean django rest framework the site lists you know it's almost a dozen different

ways you can do authentication in part because it doesn't want to be the arbiter of what you

should do but perhaps it's something django itself could look at other than saying you know don't use

jwts if you're going to ask some people but there are i think there's this um was it uh

paste or i can't remember what they're even called now but they're you know an attempt to

implement token-based authentication which gets over the problems of jwt and that family

um but then that would need a you know that would need a django rest framework simple

this off rather than jw right jwt well so the last section was asking about how people follow

development and so the top place is the blog um which is good because it's infrequently updated

but it's important things on there stack overflow was number two which i'm not sure how you'd follow

development of Django on Stack Overflow, but I suppose there's advice and questions on there,

and everyone's on there anyways. Twitter, a lot of us are on Twitter, Reddit. A lot of people

on Reddit. I'm not on Reddit, but Django News newsletter, it's nice to see on there. We're

trying to fill in the gap a little bit. Google Groups, down the list. Do you have any thoughts

on things that are how people follow Django development? I mean, it'd be nice if the Google

groups were higher since that's actually how development is being talked about but i think

this is more you know the broader community who has questions about django as opposed to

cutting edge features yeah i mean i think if i'm following it i want to subscribe to the blog i

want to make sure i followed the blog and then you know if i'm on twitter i can follow a few

people there django news i think for a week weekly update is just a super resource i mean

it's brilliant you and jeff doing an awesome job there do i think more people need to be following

the day-to-day conversation on Django developers it would be nice you know if you've got some time

to think about yeah come along join in um because that you know quite often someone will post hey

I've got a proposal for this kind of thing and there's half a dozen people who are like you know

well let's not have that because it can change and yeah but maybe you maybe you need that feature

maybe you want that feature maybe you can talk about it and and if you do hang out on Django

developers then well you know you can you can have a say you can be involved in it um

you know it's it's it's the official forum so to speak it's like we've got the the forum which is

good for discussion but if there's anything that's going to get discussed as is this going

into django it'll be on django developers and we seek consensus there and we just you know we take

a kind of um yeah we try and seek consensus we try and see you know so there's this objection

can we do can we work with that can we can we resolve something where there is a general

consensus and if there is a general consensus we'll make a change yeah it's working in public

yeah yeah no i mean that's what we aim for that's super book as well like this yeah have you have

you gotten it yet oh yeah i've gotten it i'm about a third of the way through you finished it but it

working in public, it describes the dilemmas facing open source projects. And it kind of

describes Django to a T, like, you know, the issues we face on a day-to-day basis. And so

I'm a third of the way through, I'm really excited. Yeah, I thought the descriptive part was great to

see that it's just these things that are endemic to open source, the challenges for contributors

and maintainers. In the first chapter, there's this graph of commits by contributor, and it's

the exact same graph. I mean, it's not because it's got different axes and different labels,

But it's the exact same graph as I put up at DjangoCon a couple of years ago

in my WebRank Needs You talk.

It's like that's the situation we're in.

Yeah, that everyone's in.

I mean, I love the analogy someone made reviewing the books,

the Goodwill hunting analogy for open source.

Do you recall this?

I don't.

You start off as a genius and end up as a janitor

with any open source project.

Yeah, no.

But that's the fellow role, right?

we're very much now um handling the incoming requests triaging the incoming requests and we

do a little bit of the um the code around the side but the fellow's job is is to um be the

janitors to keep it clean to keep it from moving forward if if i could have added sections to the

book i would have been interested to see how other frameworks and projects manage that because i

don't think it's that common to have paid contributors to do that but it seems especially

the size django is i mean it wouldn't work without that right it didn't have regular releases um

you know because the the three types of projects are you have a solo developer basically you have

something corporate sponsored by facebook or google or whatever and then you have a non-profit

and there's not as that that structure is not as common as well as having paid contributors is

less common because i think one of the you know as we're wrapping up the podcast one of the things

she noted is that what really takes time away from maintainers is just attention right it's

the volume of you know maybe relatively low quality uh interactions you want to encourage

people but that becomes very draining and so it's you spend all your time kind of doing maintenance

and inbound as opposed to coding and moving forward which is the rewarding part yeah i mean

there can be high quality interactions as well like it can be there can be a you know some some

really quite sticky point which you know there's not necessarily an agreement on and so you know

it can take an hour to craft the perfect reply and then it doesn't quite it's not turns out it

wasn't the perfect reply and so it's like and then it's like but i can't spend all week on this one

issue yeah because we get we get five new tickets a day every day yeah i mean in a in a much more

minor way but i i have that issue with i i give my email out to anyone who buys my books and places

and and so i get a lot of emails and um it's a lot of time for me and it sort of i think keeps me in

tune with the community but sometimes i think i wish i had fewer emails but i can't there are

these fantastic emails from random people asking me either a really deep question i hadn't thought

about or uh rephrasing how i show something or finding a subtle bug um there's fortunately very

few bugs in my books because they're kind of out but um you know i can't just look at something and

tell if it's quality or not it deserves attention um but there is a cost to that yeah every single

thing you have to give it enough thought to determine whether or not it's valid right yeah

it's a real issue the technical and sometimes i batch them so i can hit them first in the morning

where i see something i'm like oh you know either you know maybe maybe they have something wrong on

their end but also could be something in django could be you know it could be something i really

need to dive into but similar type of thing it can be draining but it's also educational

anyways i think we've believed anyway that yeah no that was something of a working public

awesome book came up this summer we'll put a link to that in the show notes um yeah and we will so

this is coming out we will have um a whole bunch of guests coming up we'll have guests in two weeks

and that'll be the new schedule and we're going to try that out it's hopefully be fine for everyone

anything else as we head out carlton no no just welcome back and uh yeah i miss talking to you

carlton we haven't talked you know yeah no it's been a it's just been a funny year but yes i've

I missed our little

Yes, I'll add links to the DjangoConEurope

videos as well in here when that all is up.

Looking forward to your talk.

Thank you.

You can follow us on Twitter at chatdjango

or djangochat.com

and we'll see you all in two weeks.

Bye-bye.

Join us next time.

Bye-bye.