[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: add DEPRECATION grace period: the upcoming Great Python2 Purge™

From: Alex Vong
Subject: Re: add DEPRECATION grace period: the upcoming Great Python2 Purge™
Date: Thu, 27 Dec 2018 23:52:06 +0800
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Hello everyone!

Leo Famulari <address@hidden> writes:

> On Wed, Dec 26, 2018 at 02:33:55PM +0100, Pjotr Prins wrote:
>> A lot of software outside Guix still depends on Python2, for better or
>> worse. I don't believe EOL means they are going to drop security
>> updates. Leaf packages may well be in use today.
> I do think it means that the current Python team at will stop
> issuing security updates for Python 2. [0]
> Previously, Guido van Rossum said "The way I see the situation for 2.7
> is that EOL is January 1st, 2020, and there will be no updates, not even
> source-only security patches, after that date. Support (from the core
> devs, the PSF, and stops completely on that date." [1]
> Well, Guido is no longer involved with Python, so maybe the situation
> has changed. In any case, I think we can expect third parties like Red
> Hat to keep maintaining Python 2 for some years, and we can use their
> work.
I suggest everyone to read these two LWN articles[0][1]. IMO, we should
start deprecating all python 2 packages which are already available in
python 3 and are not dependencies of python-2-only packages(*). Also, we
should not create python 2 definition for new python packages
anymore. Of course, we can make an exception if there's a demand for
it. This way, we can start warning everybody that python 2 is going EOL
and support is going to be dropped gradually. Right now,
'guix refresh -l python2' shows there're 1692 packages depending on
python 2.

For security updates, as Guido has mentioned python devs will no longer
provide security updates after 1/1/2020, which others seemed to
agree. You can read the whole thread here[2]. However, centos and debian
will still be supporting python 2 past that date. Centos will support
python 2 until 2024 and I suspect Debian will have to support it for
even longer since their next stable release (Debian 10 on 2020) will
include python 2.


(*): Should we make a new construct that does it? Also, I think we
should mention it in the guix blog, so others can learn about the


>> Is there a way we mark packages as DEPRECATED? I think we should not
>> just remove packages without a grace period. Deprecate for, say, 3
>> months or even 6 months is the way to do this. A deprecation tag
>> should include a time stamp that gives the (planned) removal time.
> Not exactly, although there is a 'deprecated-package' procedure that
> accepts a replacement package to supersede the deprecated package. It
> doesn't do what you suggest.

> [0] Already, the status of Python 2 is 'bugfix'. If it reaches "end
> of life", the bugfixing activity will presumably cease, although they do
> describe another 'security' status that seems lesser than 'bugfix':
> [1]

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]