From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: add DEPRECATION grace =?utf-8?Q?period?= =?utf-8?Q?=3A_the_upcoming_Great_Python2_Purge=E2=84=A2?= Date: Wed, 26 Dec 2018 23:47:13 -0500 Message-ID: <20181227044713.GB2903@jasmine.lan> References: <20181226093812.GR2581@macbook41> <87pnto8o76.fsf@fastmail.com> <20181226133355.5hqv35f3y5tm3gnk@thebird.nl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="envbJBWh7q8WU6mo" Return-path: Received: from eggs.gnu.org ([208.118.235.92]:51918) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gcNZx-00047I-Mw for guix-devel@gnu.org; Wed, 26 Dec 2018 23:47:34 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gcNZp-0004dU-P4 for guix-devel@gnu.org; Wed, 26 Dec 2018 23:47:27 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:34697) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gcNZl-0004a5-UD for guix-devel@gnu.org; Wed, 26 Dec 2018 23:47:19 -0500 Content-Disposition: inline In-Reply-To: <20181226133355.5hqv35f3y5tm3gnk@thebird.nl> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Pjotr Prins Cc: guix-devel@gnu.org --envbJBWh7q8WU6mo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Dec 26, 2018 at 02:33:55PM +0100, Pjotr Prins wrote: > A lot of software outside Guix still depends on Python2, for better or > worse. I don't believe EOL means they are going to drop security > updates. Leaf packages may well be in use today. I do think it means that the current Python team at python.org will stop issuing security updates for Python 2. [0] Previously, Guido van Rossum said "The way I see the situation for 2.7 is that EOL is January 1st, 2020, and there will be no updates, not even source-only security patches, after that date. Support (from the core devs, the PSF, and python.org) stops completely on that date." [1] Well, Guido is no longer involved with Python, so maybe the situation has changed. In any case, I think we can expect third parties like Red Hat to keep maintaining Python 2 for some years, and we can use their work. > Is there a way we mark packages as DEPRECATED? I think we should not > just remove packages without a grace period. Deprecate for, say, 3 > months or even 6 months is the way to do this. A deprecation tag > should include a time stamp that gives the (planned) removal time. Not exactly, although there is a 'deprecated-package' procedure that accepts a replacement package to supersede the deprecated package. It doesn't do what you suggest. [0] Already, the status of Python 2 is 'bugfix'. If it reaches "end of life", the bugfixing activity will presumably cease, although they do describe another 'security' status that seems lesser than 'bugfix': https://devguide.python.org/#status-of-python-branches [1] https://mail.python.org/pipermail/python-dev/2018-March/152348.html --envbJBWh7q8WU6mo Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlwkWVEACgkQJkb6MLrK fwgiVQ/9FkBcwGfALlPjf6QvlPOazuEgen7ixzbSVuwzO4mK/o9j0EjvH5G+o7ox nbhK4Vcy1S2M8ViWHO96g5VXT3efOCmEqKP5C8+Ij/nazFjAe9pV/+LGE/5jiNp0 qFw8++xHRDwFEVYxTH8EremQ3t8hgowx971UKtIFKrkJXPgN03dfxmtrxvX0GPAG pmNK011vuN7dcOp5RMlUUbsJKuhRs3dIzKVQ2fW7reJ18xS2BV++9ZOpoF67Rpv7 kzrcTsQpgFpOKUktWuoudDjTETVE7Ve6fTP49ap/Ep05/0F41cpD9X7UpEpuN7Aa lo8NxVwC90iblV8p66Hy7r5gMgdJ9egk0JaUpbQArlVEpprego6N2xNxMIAQa3wj LEDeGgvwtWbsLxRk1fWRSD2PpI+f3cirExbUm1zaARx6nFf/ADTjRR1L/64rg7zO /H23CkLObBpX9EvL5F88AmJ7LtKrV7i+oPxqo0CdRK8v5hEaaNzSM6nUONyI7Oep jsJ4J+hwk3PhXNF18iHlg6nFlFLX0lDIQbBmfOJtt3dgZ+0rXRVpoWpZNBkAHRWS AoN9DugP3vG9Yh3xAOTQYtfeg8ufPCINFndTds3gwdJ2CzWfQfsaDxCf7vz/sWcw heaAAcf3mxJCZGIoLXpgDXjgQqbUz0ZbFPtvYO1CwGuLShwRrEM= =eMjv -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo--