DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://defectdojo.com
BSD 3-Clause "New" or "Revised" License
3.69k stars 1.55k forks source link

s/uwsgi/gunicorn/g #11019

Open fopina opened 3 weeks ago

fopina commented 3 weeks ago

Have you considered dropping uWSGI in favor of gunicorn or other WSGI server?

uWSGI is in maintenance-mode only for a long time plus it doesn't even have wheels built for any system.

mtesauro commented 3 weeks ago

FYI: May have been you but this question was asked during an AMA earlier today.

The short version is that I've pinged the core contributors and asked them to chime in here with their thoughts.

Beyond any technical considerations, uwsgi is sprinkled around in many places in the repo - 60 per GH's search: https://github.com/search?q=repo%3ADefectDojo%2Fdjango-DefectDojo%20uwsgi&type=code so the conversion isn't just a change to requirements.txt (not that I think you were suggesting that)

fopina commented 3 weeks ago

It wasn’t me but nice to know there’s more interest.

if the only reason is effort, I’ll gladly work on a PR for it!

mtesauro commented 2 weeks ago

@fopina Just to be clear, the effort isn't the reason but a factor in how quickly the transition can happen if consensus is to move to gunicorn. It would also likely mean the change happens right after a monthly minor release so the changes can spend approx 1 month in the dev branch and get solid testing by the community before they get merged into master.

That said, I love the vim syntax in your issue title :rofl:

Maffooch commented 2 weeks ago

uWSGI has "served" us well for many years. The fact that it is in maintenance mode is sort of a perk in my eyes because of the stability that comes with that status. I believe DefectDojo started out on gunicorn many years ago, but the migration away from it was before my time here.

If we were to to move server frameworks, I would recommend uvicorn. I have used in other projects and really liked it

fopina commented 2 weeks ago

Nice pun 🤣 I get your point on stability

I never used uvicorn but AFAIK it’s the gunicorn sibling for async CGI