December archive

DjangoCon Europe 2014: tickets are now on sale

December 31, 2013

Tickets for DjangoCon Europe 2014, which will be held on the Île des Embiez, are now on sale!

There's an initial run of 50 early tickets, after which prices will go up.

What's different this year is that all tickets include your accommodation and your meals.

It can be a hassle to book suitable accommodation in a place you don't know well, never mind try to work out a budget in advance for your meals and other expenses.

Now consider that this year's DjangoCon Europe will take place on the French Riviera - a gorgeous place to stay, but not exactly noted for being an inexpensive place to visit.

This year, you don't need to worry about finding suitable and affordable accommodation, or where to eat or how much it will cost, because we have taken care of it for you.

As well as saving you the time and trouble of doing it yourself, this will make it much less expensive than it would otherwise have been, because we've been able to negotiate all these prices on your behalf.

So, the basic cost for the event, including two nights' accommodation, two breakfasts, three lunches and two evening meals is a mere €610 at the early bird rate (and only €670 thereafter).

As anyone who is familiar with the French Riviera can tell you, that's very good value, and it includes the entire conference too!

On top of the basic ticket there are various options:

Early arrival

If you prefer to arrive on Monday afternoon or evening rather than Tuesday morning, you can purchase an extra night (dinner and breakfast included of course).


Sprinters should purchase a ticket for the extra two nights and four meals.

Partners and family

Finally, it's not often that one gets to visit a place as special as the Île des Embiez, so make the most of it. You're invited to bring your partner and family!

The island has beaches, nature reserves, sporting facilities, some splendid wildlife - and there are no cars on the island, so it's a lovely environment.

Your partner can join you by purchasing the appropriate Companion ticket. There's no charge for children under four. We're working out prices for older children.

We often talk of the Python/Django family or community, but we're really serious about embracing a wider community - let's make this DjangoCon a truly inclusive family affair!

Djangonaut couples

If both you and your partner wish to attend the conference, you should register as an Attendee and Companion, rather than purchasing two full tickets. Note that this is aimed at couples, and that only double beds are provided.

Django Update - 2013-12-15 to 2013-12-28

December 29, 2013


Time for my second Django Update!


Elena Williams has proposed to start a new podcast, for all of you who get their news audibly :)

I wasn't aware, until Elena contacted me, that the Lincoln Loop "Django Roundup" has ended. Disappointing for all, I'm sure, and for me, especially, as in their last post they'd talked of inviting me on! :)

So, if you'd like to contribute some ideas for what you'd like to hear, or just to cheer Elena on, take a look here.

Ticket Movement

Short lived tickets: 36

Tickets Created: 34

Open tickets: 1391 (+16)


App Loading reloaded

Aymeric Augustin has very publicly worked on the App Loading refactor, giving a detailed plan at the start, regular updates, and a slew of code improvements.

This work has focused on changing how we think about INSTALLED_APPS. The most noticeable changes are:

  1. Allow apps without a models module or package
  2. Provide a verbose name, for example for the admin

My personal favourite goal "Provide a reliable initialization signal" was, unfortunately, not achieved in the time frame, but looks to be within sight. All of the resulting tasks are now in tickets with the keyword "app-loading", ready for the wider community to tackle.

Improving aggregate support

Josh Smeaton has taken on the challenge of #14030 - to allow using more complex expressions in aggregates.

This one's been on the cards for 3 years now, and a number of people have looked into it. With Anssi Kääriäinen (akaariai) lending advice, perhaps we can hope to see this land soon!

Did you know?

You can use F expressions in your model fields, not just in filter() statements.

So, if you want to increment an integer field on your model, but want to avoid the obvious race condition, you can use:

>>> from django.db.models import F
>>> product = Product.objects.get(name='Venezuelan Beaver Cheese')
>>> product.number_sold = F('number_sold') + 1
>>> product.save()

For more detail, see Updating attributes based on existing fields.


So, that's a second post under my belt!

-- Have a better one.

Kogan donates A$10,000 to the DSF

December 16, 2013

The Django Software Foundation (DSF) is proud to announce that we have just received an A$10,000 (around US$9,000) donation from Kogan.com.

Kogan.com is one of Australia's most recognisable entrepreneurial brands and values technology at its core. Kogan selected Django as its website platform in 2006 because of it’s scalable design, flexibility and burgeoning open source community. Django has been (and still is) Kogan’s platform of choice throughout the company’s rapid growth as Australia’s largest online retailer.

Kogan & its software engineering team give a big shout out to everyone in the Django community and extend a special thanks to the team behind significant ORM speed improvements in the Django 1.6 release! The team is excited to have built several world-first e-commerce innovations on a platform that is so enjoyable to work with!

The DSF will use these funds to help support Django development sprints, to provide financial aid to people in the Django community to attend Django and Python events, and to support any other activities that benefit the Django community.

A huge thanks to Ruslan Kogan and his team for this generous contribution!

Call for Volunteers: DjangoCon US 2014 Website

December 16, 2013

It might be 9 months away, but work is already underway planning DjangoCon US 2014. One of the first pieces of work required is the conference website. Last year's website design was met with some criticism, so this year, The Open Bastion (the organizers of DjangoCon US) is calling for volunteers.

If you are interested in helping out with the design of this year's conference website, jump onto the DjangoCon organizers mailing list, or email Steve Holden from Open Bastion directly.

If website design isn't your thing, but you're still interested in volunteering, you're also welcome to join the organisers mailing list -- we'll need lots more volunteers before the big event arrives!

Django Update - 2013-12-01 to 2013-12-14

December 15, 2013


Welcome to my first Django Update!

A framework has two core roles: to protect us from dangerous things, and to protect us from tedious things.

In these posts I plan to help with the latter :)

My goal is to help keep the community informed of just how much development is going on, and where they can help. I hope to release a fresh updated every fortnight (that's two weeks for our American viewers - a contraction of "fourteen night").

The structure, for now, will include:

  • general notices and announcements
  • new tickets this fortnight
  • tickets closed
  • short lived tickets (opened and closed in this fortnight)
  • interesting new work
  • requests from anyone looking for help with a project
  • and points where more feedback from the community is sought for a design decision.

None of this is new. None of this is hidden. It's always been there for everyone to see, but it may have just been too tedious to gather.

If you have something you think should go into these posts, please drop me a line on scoop@djangoproject.com

  • Django 1.6.1 has released, with quite a sizable list of bug fixes.
Ticket Movement

Short lived tickets: 43

Tickets Created: 35

Open tickets: 1375

(once I can beat Trac into submission, I hope to also list tickets _closed_ this period)


There's work afoot to move the decision of which lookups are available on a field onto the field itself.

This would, for instance, allow a DateTime field to list that it supports "__date", or that a GeoDjango Point field supports "__distance_lt".

This could potentially remove the need for GeoDjango to be separated as it is, but also open the gates on support for Postgres JSON fields, and more!

If you want to know more, hit up akaariai on IRC, who has been working on this for quite some time.

Did you know?

To help ease migrating to Django 1.6, there's a new "manage.py check" command, which will warn you of many detectable backward-incompatible changes.


Well, that's it for this edition, folks. Hopefully next cycle I'll have more news, updates, and exciting things to look at!

-- Have a better one,

Django 1.6.1 released

December 12, 2013

We've just released Django 1.6.1, a bugfix release fixing a few issues with last month's 1.6 release.

Most bug fixes are minor; you can find a complete list in the Django 1.6.1 release notes.

All users are encouraged to upgrade to Django 1.6.1 at your earliest convenience. You can install Django using pip or download Django 1.6.1 from the Django downloads page. As always signed checksums of the package are available.

Reviving Django Update posts

December 9, 2013

Although the 1.6 release of Django has been well received, one criticism of the 1.6 release cycle was that the core team wasn't very good at keeping the community well informed about progress. The original plan was to ship in late August. However, that didn't happen, and every time the schedule slipped, we weren't very good about clearly communicating why those slippages were occurring, and what the revised release date would be.

So - for the 1.7 release, we're going to resurrect two things that we've done in the past, but have missed for the last couple of releases.

Firstly, we've put up a wiki page to cover the important details of the release -- most notably the release dates, but also helpful guides for how to contribute. We'll keep this wiki page up to date as progress continues.

Secondly, we're going to resurrect the regular Django Update blog posts. Back in the early days of Django, we posted regular summaries of progress on the project (here's an example from June 2007). During some releases, we've done regular updates to let the community know how we're progressing towards the release (here's an example from the 1.3 release cycle). Curtis Maloney (a.k.a. FunkyBob on IRC), the recent winner of the inaugural Malcolm Tredinnick Memorial Prize, has offered to resurrect these blog posts for the 1.7 release cycle.

Curtis will be monitoring mailing lists and Trac to keep abreast of progress, but if you've got a suggestion for interesting activities in the community that should be included in the regular updates, email scoop@djangoproject.com and Curtis will throw them onto the pile for inclusion.

A big thank you to Curtis for volunteering to take on this task. We look forward to seeing your inaugural edition!

Announcing Django Weekend Cardiff, the UK's first Django conference

December 2, 2013

In 2014 Cardiff will host the first-ever Django conference in the UK.

Django Weekend Cardiff will take place at Cardiff University in Wales, from the 7th to the 9th February, for three days of talks, tutorials, code sprints and clinics.

Registration for the event is now open, as well as a Call for Papers.


Cardiff is the capital city of Wales. It's easy to reach; we've provided some information about how to get here, where to stay and what else you can do while in Cardiff.


Django Weekend Cardiff is looking for more sponsors, to help make this event even more memorable and enjoyable for its attendees.

Please get in touch if you want to ask or discuss anything at all about the event.

Thanks, and we look forward to welcoming you to Cardiff in 2014.

Daniele Procida, on behalf of Django Weekend Cardiff.

Security advisory: ImageField abuse

December 2, 2013

We've received a report of a means of allowing an HTML file to be uploaded via Django's ImageField. As ImageField is expected to validate for a valid image file, this provides an attack vector for someone to upload a phishing form, something to steal cookies, or something else malicious. Unfortunately, we cannot offer a solution in Django itself. Rather, you need to take some steps in how you serve static files in order to mitigate this type of attack. These steps are now outlined in our security guide. We recommend that if you allow image uploads that you check your server's configuration against the guide.

Thanks Rolo Mawlabaux for the report.