Updates March 2010 Edition

This post is mainly going to be an update on what I am thinking and what I’ve been working on the past few weeks.


At the beginning of this year, I took a new position (same company) in a security group. Our primary focus is to ensure that the company is shipping secure, OSS compliant, legally compliant code. However, my specific role in that is to develop tools (with Django) to help in making sure that happens. This is an exceptionally interesting project and involves pulling in vast amounts of data (terabytes) from many sources (multiple VCS, multiple databases) and presenting it in a comprehensive manner. This project and my work has led to some good problems:

Some of our databases are MSSql databases. This is a problem since we’re a Linux shop. Pyodbc works great for connecting to MSSql from Linux, but unfortunately, there are some incompatibilities with django-pyodbc. In addition, the project doesn’t seem to be that widely used so it isn’t supported or documented as well as it could be. We are considering sqlalchemy/elixir as well, but I’ve been able to patch up django-pyodbc to get it (mostly) working with the Django trunk. I also have some concerns about the django-pyodbc project as a whole. I’m considering working on this project pretty heavily.

Also, as part of my work, a coworker and I detailed a security flaw we found with urllib2. It resulted in basic authentication credentials being sent to sites that did not request it (and weren’t running SSL).

Future of RPC4Django

I have been considering moving RPC4Django from my personal subversion repository to Google Code or Github. I feel that there are a few advantages of this:

  • It is easier for others to contribute and get involved.
  • A public bug tracker that would let other people easily raise issues instead of emailing me directly. This way we have public archives and the information can be found by anyone interested in RPC4Django.
  • If I were hit by a bus, some one could easily take it over

I might make a mailing list as well. Are there any strong opinions on this?

2 thoughts on “Updates March 2010 Edition

  1. Hi David,

    first, thx for your work on this project…after I found it on the interwebs, I’m now using it for some important code in our company.
    second, why not use launchpad? sourcecode housing via bzr, bugtracker, team management etc.
    and it fits in the pythonic environment of Ubuntu/Launchpad and Django 😉 and it gives you a mailinglist (or more) for free, too.
    third, it’s a good idea to push this project to a wider audience and to let people actively contribute to your project 🙂

    Keep up the good work,

    Stephan aka \sh

  2. @shermann
    Launchpad seems like it will work and I don’t see any reason why I can’t learn Bazaar. At first I thought that a wiki might be useful, but I sort of like the idea of keeping that information in the docs/ directory of the source code. This way I can enforce that updates to the codeline come with corresponding updates to the documentation. The way the Django project handles this is truly admirable.

Comments are closed.