[checklists] Render times in UTC, fix typo, add @never_cache

Makefile

@@ -1,6 +1,6 @@
 .PHONY: all ci clean collectstatics compile-scss compile-scss-debug install run test watch-scss
 
-APP_LIST ?= accounts aggregator blog contact dashboard djangoproject docs foundation fundraising legacy members releases svntogit tracdb
+APP_LIST ?= accounts aggregator blog checklists contact dashboard djangoproject docs foundation fundraising legacy members releases svntogit tracdb
 SCSS = djangoproject/scss
 STATIC = djangoproject/static
 

checklists/migrations/0001_initial.py

@@ -134,7 +134,7 @@ class Migration(migrations.Migration):
                         default="L",
                         help_text="Conditions beyond attacker control required to exploit (AC)",
                         max_length=8,
-                        verbose_name="CVSS Attack Complecity",
+                        verbose_name="CVSS Attack Complexity",
                     ),
                 ),
                 (

checklists/models.py

@@ -584,7 +584,7 @@ class SecurityIssue(models.Model):
         help_text="The context by which vulnerability exploitation is possible (AV)",
     )
     attack_complexity = models.CharField(
-        "CVSS Attack Complecity",
+        "CVSS Attack Complexity",
         max_length=8,
         choices=CVSS_ATTACK_COMPLEXITY_CHOICES,
         default="L",

checklists/templates/checklists/release-security-prenotification.md

@@ -1,12 +1,13 @@
 {% load checklist_extras %}
+{% load tz %}
 You're receiving this message because you are on the security prenotification
 list for the Django web framework; information about this list can be found in
 our security policy [1].
 
 In accordance with that policy, a set of security releases will be issued on
-{{ when|date:"l, F j, Y" }} around {{ when|date:"H:i" }} UTC. This message
-contains descriptions of the issue(s), descriptions of the changes which will
-be made to Django, and the patches which will be applied to Django.
+{{ when|utc|date:"l, F j, Y" }} around {{ when|utc|date:"H:i" }} UTC. This
+message contains descriptions of the issue(s), descriptions of the changes
+which will be made to Django, and the patches which will be applied to Django.
 {% for cve in cves %}
 {{ cve.headline_for_blogpost|rst_underline_for_headline:'=' }}
 

checklists/templates/checklists/release-security-skeleton.md

@@ -1,4 +1,5 @@
 {% load checklist_extras %}
+{% load tz %}
 {% with cves=instance.cves versions=instance.versions cves_length=instance.cves|length %}
 # Django Security Release: {{ versions|enumerate_items }} ({{ when }})
 
@@ -87,7 +88,7 @@
 - [ ] Post announcement in mailing list (without details in django-announce):
     ```
     Django versions {{ versions|enumerate_items }} will be released on
-    {{ instance.when.date|date:"l, F j" }} around {{ instance.when.time|date:"H:i" }} UTC.
+    {{ instance.when.date|utc|date:"l, F j" }} around {{ instance.when.time|utc|date:"H:i" }} UTC.
     {% if cves_length == 1 %}
     They will fix one security defect with severity "{{ cves.0.severity }}".
     {% else %}

checklists/tests/test_models.py

@@ -1,5 +1,6 @@
 import json
 import re
+import zoneinfo
 from datetime import UTC, date, datetime
 
 from django.db import IntegrityError
@@ -357,7 +358,8 @@ def test_render_checklist_affects_prerelease(self):
             self.factory.make_release(version="5.1.8", date=date(2025, 4, 2)),
             self.factory.make_release(version="5.2rc1", date=date(2025, 3, 19)),
         ]
-        when = datetime(2025, 5, 7, 11, 18, 23, tzinfo=UTC)
+        tz = zoneinfo.ZoneInfo("America/Chicago")
+        when = datetime(2025, 5, 7, 11, 18, 23, tzinfo=tz)
         checklist = self.make_checklist(releases=[], when=when)
         self.factory.make_security_issue(
             checklist, releases, cve_year_number="CVE-2025-11111"
@@ -383,7 +385,7 @@ def test_render_checklist_affects_prerelease(self):
         prenotification = [
             "Create a new text file `prenotification-email.txt` with content",
             "a set of security releases will be issued on Wednesday, May 7, 2025 "
-            "around 11:18 UTC",
+            "around 16:18 UTC",
             *(cve.headline_for_blogpost for cve in cves),
             "Affected supported versions =========================== "
             + " ".join(f"* Django {branch}" for branch in checklist.affected_branches),

checklists/views.py

@@ -1,6 +1,7 @@
 from django.contrib.auth.decorators import login_required, permission_required
 from django.http import JsonResponse
 from django.shortcuts import get_object_or_404, render
+from django.views.decorators.cache import never_cache
 from markdown import markdown
 
 from releases.models import Release
@@ -14,6 +15,7 @@
 )
 
 
+@never_cache
 def render_checklist(request, instance):
     raw_markdown = instance.render_to_string(request=request)
     markdown_content = markdown(
@@ -43,6 +45,7 @@ def render_checklist(request, instance):
     )
 
 
+@never_cache
 def release_checklist(request, version):
     release = get_object_or_404(Release, version=version)
     if release.is_pre_release:
@@ -55,6 +58,7 @@ def release_checklist(request, version):
     return render_checklist(request, instance)
 
 
+@never_cache
 @login_required
 @permission_required(
     ["checklists.view_securityrelease", "checklists.view_securityissue"],
@@ -65,6 +69,7 @@ def securityrelease_checklist(request, pk):
     return render_checklist(request, instance)
 
 
+@never_cache
 @login_required
 @permission_required("checklists.view_securityissue", raise_exception=True)
 def cve_json_record(request, cve_id):

djangoproject/static/robots.txt

@@ -1,2 +1,3 @@
 User-agent: *
-Disallow: /admin
+Disallow: /admin
+Disallow: /checklists