[PATCH] Use secrets and fall back to random.SystemRandom for keys

Stephen Finucane stephen at that.guru
Thu Oct 17 23:16:10 AEDT 2019


On Wed, 2019-10-09 at 18:55 -0400, Jeremy Cline wrote:
> On Thu, Oct 10, 2019 at 09:32:13AM +1100, Daniel Axtens wrote:
> > > diff --git a/releasenotes/notes/use-secrets-and-fall-back-to-random.SystemRandom-for-keys-9ceb496919a1bb6f.yaml b/releasenotes/notes/use-secrets-and-fall-back-to-random.SystemRandom-for-keys-9ceb496919a1bb6f.yaml
> > > new file mode 100644
> > > index 0000000..7b101cb
> > > --- /dev/null
> > > +++ b/releasenotes/notes/use-secrets-and-fall-back-to-random.SystemRandom-for-keys-9ceb496919a1bb6f.yaml
> > > @@ -0,0 +1,5 @@
> > > +---
> > > +security:
> > > +  - |
> > > +    Change the recommended method for generating the Django secret key to use a
> > > +    cryptographically secure random number generator.
> > 
> > Oh, while I remember, I think I've had trouble with the security:
> > section before. Have you been able to verify that this shows up in the
> > docs? (I build mine with `docker-compose run web tox -e docs`)
> > 
> 
> Ah, you caught me. I noticed the request for a release note late in the
> game and didn't actually check that it worked in the docs. You're right,
> it doesn't show up. Some quick debugging indicates that the reno config
> is excluding the section, something like:
> 
> diff --git a/releasenotes/config.yaml b/releasenotes/config.yaml
> index cd31940..6c7d622 100644
> --- a/releasenotes/config.yaml
> +++ b/releasenotes/config.yaml
> @@ -11,3 +11,4 @@ sections:
>    - [fixes, Bug Fixes]
>    - [api, API Changes]
>    - [other, Other Notes]
> +  - [security, Security Notes]
> 
> fixes it. I can re-roll the patch if you like.

No need. I've included this and applied it. As you note, the Python 2
fallbacks are easy to clean up later if we need to.

Stephen



More information about the Patchwork mailing list