Since I first threw out the idea of the forwards-compatible setting, I'll chime in here.
Stephen wrote:
Given the concerns of privacy advocates, I would say that it would be better to have a separate
AUTH_PROVIDERS = ['allauth.socialaccount.providers.google', ...]in settings_local.py, and merge that in to INSTALLED_APPS. Of course removing specific providers would be OK too, but I think that this is a place where "deny all / accept what you want" is appropriate.
I'd be happy with this setting too. It would also, in theory, make it more straightforward to opt-in or opt-out to the entire feature depending on what the default remains. (I don't have a strong opinion about the default or how easy it is for a system or web-based administrator to change this setting so I'll stay out of that part of the conversation.)
Abhilash wrote:
Next topic, people worrying about customizing settings in settings_local.py and worrying about not getting newer updates. Isn't this how rest of the packaging and configuration world works?
Generally, I would agree, yes it is. The only difference would be the forwards-compatible nature of redefining something as critical as the INSTALLED_APPS locally. It works but it might leave both the administrator and the mailman maintainers with a fun little challenge if you were to ever need to add any Django apps as a critical function in the future. It would be the responsibility of the administrator to figure out what's necessary to change when they upgrade to that version.
So you could argue that neither option is right or wrong but one leads to a bit smoother of an administrator and maintainer process based on the design of how the INSTALLED_APPS are managed.