Update test matrix

[lorddaedra]

• Added support for Django 4.1
• Removed support for Python < 3.7 and Django < 3.2

[jonashaag]

Thanks! Can we keep the old versions?

[lorddaedra]

@jonashaag @AndrewIngram

Default recommendation for test matrix: keep supported versions of packages (green&green) and remove all unsupported versions (any red&red and green&red).

Please, confirm you would like to keep unsupported Python and Django versions in test matrix. (Using unsupported versions in production may lead to security and stability issues)

https://endoflife.date/python https://endoflife.date/django

[jonashaag]

Yes, please keep outdated versions as well. It doesn't cost us a lot to keep supporting those versions.

[lorddaedra]

Please, check #248

[lorddaedra]

It doesn't cost us a lot to keep supporting those versions.

I completely agree, it's not about cost of supporting those versions. I worry about users may keep using outdated Python and Django versions so I usually try to force them to update to oldest supported at least. https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/

BUT I'm not package owner, it's not my decision, so I just followed your request...

[jonashaag]

I don’t like forcing people to do anything. There might be good reasons why other people still use old versions of something. Real world example, I maintain a Django site for a non profit organization that runs on a very old version of Django and other dependencies. If someone forced us to upgrade to a newer version, we‘d have to shut down the site because no one has time to do the upgrade.

[lorddaedra]

I don’t like forcing people to do anything.

Hmm... It's related with role's responsibilities for security incidents, for example, infrastructure engineers may have some "professional deformation": they tends to create "secure by default" processes. Plus cultural features, I guess...

There might be good reasons why other people still use old versions of something.

IMHO it's always a tech debt. But sometimes it's acceptable...

Real world example, I maintain a Django site for a non profit organization that runs on a very old version of Django and other dependencies. If someone forced us to upgrade to a newer version, we‘d have to shut down the site because no one has time to do the upgrade.

Your arguments are valid, I agree with you, I missed such use cases for your package...

[AndrewIngram]

Since I was mentioned, I might as well offer a loose opinion.

I don't think it's necessary to proactively drop support for unsupported Python and Django releases, but it's worth being mindful not to expend undue effort in the future to maintaining that support. In general, a library like this shouldn't be the impetus for someone upgrading their language or core framework, especially given that the library itself is relatively stable.