top | item 32795064

(no title)

pandler | 3 years ago

I will always have a soft spot in my heart for Django, the python web framework, even though I don’t use it anymore. https://www.djangoproject.com/

When I was still learning to code, I spent hours and hours and hours poking around the Django source code. In particular I was fascinated by the metaprogramming used in the Model and Query objects, and I ended up learning a ton about how Python works under the hood.

discuss

vokracko|3 years ago

Please don't recommend django, its a dumpster fire in terms of code quality.

Opening random file on github: django.core.serializers.python https://github.com/django/django/blob/main/django/core/seria...

  - function name doesn't match pep8
  - name doesn't match its behavior
  - docstring is trying to explain what it does instead of proper function name, see 2
  - 60 line for cycle
    - what does d mean in for d in object_list? perhaps d as an object/instance/item? Good luck remembering that when you reach end of this for 60 lines later
    - using comments instead of functions
      - Handle M2M relations could be replaced with handle_m2m_relations(...)
      - Handle FK fields could be replaced with handle_fk_fields(...)
      - and so on ..
  - using/catching generic exceptions
  - using isinstance instead of proper polymorphism
  - **options

And I've seen way worse things inside django than this. Please don't recommend django. Please

umangsh|3 years ago

https://github.com/django/django Django's codebase is a pleasure to read. The directory structure is intuitive to navigate, and test coverage is great.

jamal-kumar|3 years ago

Me but with Flask and its cohorts like Werkzeug. I always found the amount of security advisories with Django vs that to be something alarming. I might still use it once in a while for something like prototyping.

Python is easy to write but writing it "right", in a way that doesn't compromise performance, is a thing.

ThePadawan|3 years ago

> Me but with Flask and its cohorts like Werkzeug. I always found the amount of security advisories with Django vs that to be something alarming.

At work, another team introduced automated CVE scanning to fulfill a contractual obligation to do so. When they asked me to implement this on my team's Django project, I said "well alright, as long as it doesn't constantly break the build because of some obscure false positive CVE".

Within a week, the CI job was broken because of 5 "CVE"s. 4 were false positives for our project and 1 was a configuration error by the other team.

Just to let you know to take "number of CVEs" with a large grain of salt.

physicsguy|3 years ago

You get CVE’s inside Django because it’s a large and widely used target, and because in Flask, FastAPI, etc. you end up implementing a lot more stuff yourself instead of using built in things. That doesn’t necessarily mean your code is more secure!

pbhowmic|3 years ago

I feel much the same about django rest framework