Once upon a time, the company I was working at was going through an acquisition and in part of the due diligence process the acquirer asked us for a complete list of all software and dependencies in our technology stack. The only one my team heard back about was ItsDangerous.
Nowhere in the HN guidelines[1] is it required (or even recommended) for a submission to be new or even recent - there are popular submissions going back to the 1900's and others that have hit the front page a dozen times because they're timeless or little-known.
The fact that the submission has 73 upvotes (as of this comment) and that I found it novel and interesting suggests that it's rather on-topic, and interesting and provides value to others, and it's certainly "Anything that good hackers would find interesting. [...] anything that gratifies one's intellectual curiosity."
Meanwhile, I don't find much value in your questioning why a popular post was submitted in the first place.
I am researching best practices for signing of data for web services (in JavaScript) and remembered that I was using a library with flask at a hackathon a few years ago and that it had a sword illustration on the website but couldn’t find it (but eventually did now).
It predates JWTs by several years.
In practice is is used the same way is as symmetrically signed JWTs though by default with HMAC-SHA-1 vs HMAC-SHA256. It can support a timestamp (`iat` for JWT) to implement expiry but not an actual `exp`; nor `aud` and the other common fields. It also dose not handle encryption or asymmetric signing.
Whilst these all sound like drawbacks they do give it simplicity which is also a useful feature.
This is much simpler than JWT; you'd have a hard time to implement this incorrectly as opposed to JWT. I'm not in the loop, but JWT also used to specify an entire tirefire for crypto algorithms. Probably still does.
Surely for a web app dependency that is pretty much answered by how your app is deployed. For a Flask app it’s likely one line in your requirements.txt, probably a virtualenv in there too. Honestly, it’s not that hard
[+] [-] monkeybutton|4 years ago|reply
[+] [-] zachthewf|4 years ago|reply
[+] [-] diogenesjunior|4 years ago|reply
`itsdangerous` has been around for a while and is actually required by `flask`.
[+] [-] throw10920|4 years ago|reply
The fact that the submission has 73 upvotes (as of this comment) and that I found it novel and interesting suggests that it's rather on-topic, and interesting and provides value to others, and it's certainly "Anything that good hackers would find interesting. [...] anything that gratifies one's intellectual curiosity."
Meanwhile, I don't find much value in your questioning why a popular post was submitted in the first place.
[1] https://news.ycombinator.com/newsguidelines.html
[+] [-] tosh|4 years ago|reply
[+] [-] akavel|4 years ago|reply
[+] [-] ZiiS|4 years ago|reply
[+] [-] formerly_proven|4 years ago|reply
[+] [-] dangerface|4 years ago|reply
[+] [-] sigmonsays|4 years ago|reply
[deleted]
[+] [-] asplake|4 years ago|reply
[+] [-] julius_deane|4 years ago|reply
As bad as Python's env management may be your questions is pretty dishonest.
[+] [-] reedf1|4 years ago|reply
[+] [-] recursive|4 years ago|reply
[+] [-] catfishx|4 years ago|reply
[deleted]