On Fri, Jan 15, 2021 at 02:18:09PM -0300, Jorge P. de Morais Neto wrote:
> Em [2021-01-15 sex 18:07:40+0100], zimoun escreveu:
> 
> > As far as I know, Guix provides the security support that upstream
> > releases.
> 
> I too suppose so in general.  But I would like a more authoritative
> answer for the specific case of Python2.  And, in fact, this should be
> publicly documented---in the manual or in the website, as well as the
> description of the python2 package and maybe also in the description of
> all python2-.* packages.

Because Python 2 is not supported upstream — at <https://python.org> —
we do not offer any security support for it.

If some other organization began supporting it, we might consider
switching to that source. But for now, the plan is to remove Python 2
from Guix before very long.

In general, Guix provides no security support for packages besides what
upstream provides. There may be exceptions but they are exceptional. I
don't agree that we should specifically document how much we support
certain packages. For every package, the best we can offer is what the
upstream developers provide. Guix is a distributor, and therefore we do
not do software development of packages.

Regarding offlineimap, if they do not port the software to Python 3, I
recommend switching to mbsync, from the isync package.