Documenting troggle reports & fix url refs

handbook/troggle/trogdjango.html

@@ -35,16 +35,22 @@ note that the suffix on a name '<var>'_set</var> actually denotes a function cal
 <li>Django release schedule: <a href="https://www.djangoproject.com/download/">supported versions timetable</a>
 <li>Significant new Django versions are released every 8 months. Deprecated features after removed after the two subsequent versions.
 </ul>
+<p>This may seem overly pedantic and heavyweight, but this is exactly what we need when we are supporting software over decades. When we use software in troggle which is not so well organised, we really feel the pain.
 
 <h4>Django plugins</h4>
 <p>We do not just use our own code and django. We also use django plugins (known as "apps") too. These can do such things as  image re-sizing, user authentication with captchas, PayPal processing or mailing list integration. Unfortunately django plugins are volunteer efforts and do not have the same defined update management process as django itself, so release schedules are rather random. They cause merry hell when upgrading troggle to use a new version of django.
 
-<p>Every extra plugin increases the "vulnerability surface" of troggle with respect to django upgrade problems so we now only install a new plugin if it is really, really necessary and we have removed as many as we could. For example, when django-staticfiles broke during one upgrade we discovered that we could use our own troggle.expopages as a workaround, so we are not planning on reinstalling staticfiles if we don't have to.
+<p>Every extra plugin increases the "vulnerability surface" of troggle with respect to django upgrade problems so we now only install a new 
+plugin if it is really, really necessary and we have removed as many as we could. For example, when django-staticfiles broke during one upgrade 
+we discovered that we weren't really using it and could work around it, so we are not planning on reinstalling staticfiles.
 
 <h4 id="4layer">Why we still use django</h4>
-<p>Well we <a href="trog2030.html">might not use django indefinitely</a>, but unlike many frameworks the necessary functions are separately replaceable. So this gives us an evolution path. We can incrementally reduce the amount of django we use, replacing it with our own simpler python that does only what we need.
-<p>The separate functions within the framework form a "stack". These functions exist in all web application frameworks but in Django they are <a href="https://docs.djangoproject.com/en/dev/misc/design-philosophies/">loosely coupled</a>.
-<p>The stack is: 
+<p>Well we <a href="trog2030.html">might not use django indefinitely</a>, but unlike many frameworks the necessary functions are separately 
+replaceable. So this gives us an evolution path. We can incrementally reduce the amount of django we use, replacing it with our own simpler 
+python that does only what we need.
+<p>The separate functions within the framework form a "stack". These functions exist in all web application frameworks but in Django they are <a 
+href="https://docs.djangoproject.com/en/dev/misc/design-philosophies/">loosely coupled</a>.
+<p id="stack"><b>The stack is:</b> 
 <ol>
 <li>SQL database: <a href="https://docs.djangoproject.com/en/dev/topics/db/">mapping</a> to/from python objects and indexing/access routines for all the entries (sqlite, MySQL, MariaDB, postgres all work). This is where the multi-user synchronisation happens too.
 <li>request/response (<a href="https://docs.djangoproject.com/en/dev/ref/request-response/">http GET/POST</a>) including <a href="https://docs.djangoproject.com/en/dev/topics/auth/default/#auth-web-requests">access control</a> and <a href="https://www.moesif.com/blog/engineering/middleware/What-Is-HTTP-Middleware/">security middleware</a>. We could never keep up with web security if we didn't use a well-supported system for this.