On Wed, Dec 26, 2018 at 02:33:55PM +0100, Pjotr Prins wrote:
> A lot of software outside Guix still depends on Python2, for better or
> worse. I don't believe EOL means they are going to drop security
> updates. Leaf packages may well be in use today.

I do think it means that the current Python team at python.org will stop
issuing security updates for Python 2. [0]

Previously, Guido van Rossum said "The way I see the situation for 2.7
is that EOL is January 1st, 2020, and there will be no updates, not even
source-only security patches, after that date. Support (from the core
devs, the PSF, and python.org) stops completely on that date." [1]

Well, Guido is no longer involved with Python, so maybe the situation
has changed. In any case, I think we can expect third parties like Red
Hat to keep maintaining Python 2 for some years, and we can use their
work.

> Is there a way we mark packages as DEPRECATED? I think we should not
> just remove packages without a grace period. Deprecate for, say, 3
> months or even 6 months is the way to do this. A deprecation tag
> should include a time stamp that gives the (planned) removal time.

Not exactly, although there is a 'deprecated-package' procedure that
accepts a replacement package to supersede the deprecated package. It
doesn't do what you suggest.

[0] Already, the status of Python 2 is 'bugfix'. If it reaches "end
of life", the bugfixing activity will presumably cease, although they do
describe another 'security' status that seems lesser than 'bugfix':
https://devguide.python.org/#status-of-python-branches

[1]
https://mail.python.org/pipermail/python-dev/2018-March/152348.html