[OH-Dev] [issue753] We need to upgrade Django (security) (good first task)

[Asheesh Laroia]

New submission from Asheesh Laroia <asheesh at asheesh.org>:

Hey all,

As per https://www.djangoproject.com/weblog/2012/jul/30/security-releases-
issued/ we need to upgrade the version of Django we embed.

This should actually be a fairly bitesize task. Anyone is welcome to do it. It 
requires no programming skill, just a willingness to use git.

Here's how to fix it:

1. Make sure you have a local version of oh-mainline

2. When in that, execute: "cd vendor/packages"

3. Use git to remove the entire embedded copy of Django (you might need to pass 
some special arguments to git rm to remove a the directory)

4. "cd ../.." to get back to oh-mainline/

5. pip install --no-install --build=vendor/packages --src=vendor/src -I django

6. Make sure you got a version you like

7. Use "git add" to add the new vendor/packages/Django version to git

8. run "python manage.py shell" and do "import django; print django.VERSION" to 
make sure we're on a safe version of Django

9. Submit a pull request to oh-mainline

I can be a mentor for doing any of this, as needed. Ping me on IRC if you like!

As a side note, we should write documentation in our repository for how to 
upgrade and install embeddeded dependencies.

----------
keyword: bitesize
messages: 3344
nosy: paulproteus
priority: urgent
status: unread
title: We need to upgrade Django (security) (good first task)

__________________________________________
Roundup issue tracker <bugs at openhatch.org>
<https://openhatch.org/bugs/issue753>
__________________________________________