Refs #17800 - Added release notes and deprecation note about SECRET_KEY requirement.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17617 bcc190cf-cafb-0310-a4f2-bffc1f526a37

docs/internals/deprecation.txt

@@ -124,6 +124,10 @@ these changes.
 See the :doc:`Django 1.3 release notes</releases/1.3>` for more details on
 these changes.
 
+* Starting Django without a :setting:`SECRET_KEY` will result in an exception
+  rather than a `DeprecationWarning`. (This is accelerated from the usual
+  deprecation path; see the :doc:`Django 1.4 release notes</releases/1.4>`.)
+
 * The ``mod_python`` request handler will be removed. The ``mod_wsgi``
   handler should be used instead.
 

docs/releases/1.4.txt

@@ -617,6 +617,21 @@ Django 1.4 also includes several smaller improvements worth noting:
 Backwards incompatible changes in 1.4
 =====================================
 
+SECRET_KEY setting is required
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Running Django with an empty or known :setting:`SECRET_KEY` disables many of
+Django's security protections, and can lead to remote-code-execution
+vulnerabilities; no Django site should ever be run without a
+:setting:`SECRET_KEY`.
+
+In Django 1.4, starting Django with an empty :setting:`SECRET_KEY` will raise a
+`DeprecationWarning`. In Django 1.5, it will raise an exception and Django will
+refuse to start. This is slightly accelerated from the usual deprecation path
+due to the severity of the consequences of running Django with no
+:setting:`SECRET_KEY`.
+
+
 django.contrib.admin
 ~~~~~~~~~~~~~~~~~~~~
 
@@ -756,6 +771,7 @@ instance:
   * Time period: The amount of time you expect user to take filling out
     such forms.
 
+
 django.contrib.flatpages
 ~~~~~~~~~~~~~~~~~~~~~~~~