* Re: Does Guix provide security support for Python2? For how long?
2021-01-15 17:18 ` Jorge P. de Morais Neto
@ 2021-01-15 18:17 ` dario
2021-01-15 18:28 ` Jorge P. de Morais Neto
2021-01-15 19:56 ` Leo Famulari
2021-01-15 20:06 ` zimoun
2 siblings, 1 reply; 7+ messages in thread
From: dario @ 2021-01-15 18:17 UTC (permalink / raw)
To: Jorge P. de Morais Neto; +Cc: help-guix
[-- Attachment #1: Type: text/plain, Size: 1328 bytes --]
Hi,
I don't know the answer to your question and you are probably
aware of
that option, but I just wanted to mention that you could consider
switching to mbsync, which (I think) also has better performance
than
offlineimap. It's a bit annoying to migrate the configuration, but
it
does not require that much time (I made that switch some time
ago).
Best,
Dario
Jorge P. de Morais Neto <jorge+list@disroot.org> writes:
> Hi.
>
> Em [2021-01-15 sex 18:07:40+0100], zimoun escreveu:
>
>> As far as I know, Guix provides the security support that
>> upstream
>> releases.
>
> I too suppose so in general. But I would like a more
> authoritative
> answer for the specific case of Python2. And, in fact, this
> should be
> publicly documented---in the manual or in the website, as well
> as the
> description of the python2 package and maybe also in the
> description of
> all python2-.* packages.
>
>> Using the Guix time-machine, the code that works now should
>> work
>> exactly the same in the future, even if Python 2 is removed in
>> the
>> future Guix releases. Does it make sense?
>
> The problem is that OfflineIMAP is Internet software, and
> therefore, I
> believe, it is important to have security support for it
> (including its
> dependencies).
>
> Regards
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 519 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Does Guix provide security support for Python2? For how long?
2021-01-15 18:17 ` dario
@ 2021-01-15 18:28 ` Jorge P. de Morais Neto
0 siblings, 0 replies; 7+ messages in thread
From: Jorge P. de Morais Neto @ 2021-01-15 18:28 UTC (permalink / raw)
To: help-guix
Hi.
Em [2021-01-15 sex 19:17:41+0100], dario escreveu:
> I don't know the answer to your question and you are probably aware of
> that option, but I just wanted to mention that you could consider
> switching to mbsync, which (I think) also has better performance than
> offlineimap. It's a bit annoying to migrate the configuration, but it
> does not require that much time (I made that switch some time ago).
Continuing in OfflineIMAP would have the advantage of not having to
redownload 1.6GB of email, but I thank you for the recommendation. In
fact, a few minutes ago I have asked for mail fetcher recommendations on
the notmuch mailing list. I want to hear many recommendations and make
a final decision. I will take into account yours and any others I
receive in this thread.
Regards
--
- <https://jorgemorais.gitlab.io/justice-for-rms/>
- If an email of mine arrives at your spam box, please notify me.
- Please adopt free/libre formats like PDF, ODF, Org, LaTeX, Opus, WebM and 7z.
- Free/libre software for Replicant, LineageOS and Android: https://f-droid.org
- [[https://www.gnu.org/philosophy/free-sw.html][What is free software?]]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Does Guix provide security support for Python2? For how long?
2021-01-15 17:18 ` Jorge P. de Morais Neto
2021-01-15 18:17 ` dario
@ 2021-01-15 19:56 ` Leo Famulari
2021-01-15 20:06 ` zimoun
2 siblings, 0 replies; 7+ messages in thread
From: Leo Famulari @ 2021-01-15 19:56 UTC (permalink / raw)
To: zimoun, help-guix
[-- Attachment #1: Type: text/plain, Size: 1372 bytes --]
On Fri, Jan 15, 2021 at 02:18:09PM -0300, Jorge P. de Morais Neto wrote:
> Em [2021-01-15 sex 18:07:40+0100], zimoun escreveu:
>
> > As far as I know, Guix provides the security support that upstream
> > releases.
>
> I too suppose so in general. But I would like a more authoritative
> answer for the specific case of Python2. And, in fact, this should be
> publicly documented---in the manual or in the website, as well as the
> description of the python2 package and maybe also in the description of
> all python2-.* packages.
Because Python 2 is not supported upstream — at <https://python.org> —
we do not offer any security support for it.
If some other organization began supporting it, we might consider
switching to that source. But for now, the plan is to remove Python 2
from Guix before very long.
In general, Guix provides no security support for packages besides what
upstream provides. There may be exceptions but they are exceptional. I
don't agree that we should specifically document how much we support
certain packages. For every package, the best we can offer is what the
upstream developers provide. Guix is a distributor, and therefore we do
not do software development of packages.
Regarding offlineimap, if they do not port the software to Python 3, I
recommend switching to mbsync, from the isync package.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Does Guix provide security support for Python2? For how long?
2021-01-15 17:18 ` Jorge P. de Morais Neto
2021-01-15 18:17 ` dario
2021-01-15 19:56 ` Leo Famulari
@ 2021-01-15 20:06 ` zimoun
2 siblings, 0 replies; 7+ messages in thread
From: zimoun @ 2021-01-15 20:06 UTC (permalink / raw)
To: zimoun, help-guix
Hi,
On Fri, 15 Jan 2021 at 18:18, Jorge P. de Morais Neto
<jorge+list@disroot.org> wrote:
> Em [2021-01-15 sex 18:07:40+0100], zimoun escreveu:
>
> > As far as I know, Guix provides the security support that upstream
> > releases.
>
> I too suppose so in general. But I would like a more authoritative
> answer for the specific case of Python2. And, in fact, this should be
> publicly documented---in the manual or in the website, as well as the
> description of the python2 package and maybe also in the description of
> all python2-.* packages.
As far I know, Python 2 is End Of Life and not supported upstream.
Therefore, if your question is: will Guix people fix Python 2
security? Then the answer is no.
However, please indicate if an organization is still maintaining
Python 2 and maybe Guix could package their release.
> > Using the Guix time-machine, the code that works now should work
> > exactly the same in the future, even if Python 2 is removed in the
> > future Guix releases. Does it make sense?
>
> The problem is that OfflineIMAP is Internet software, and therefore, I
> believe, it is important to have security support for it (including its
> dependencies).
In this case, please consider to switch from OfflineIMAP to something else.
Guix is about packaging, not supporting security from deprecated upstream.
All the best,
simon
^ permalink raw reply [flat|nested] 7+ messages in thread