* Does Guix provide security support for Python2? For how long?
@ 2021-01-15 16:00 Jorge P. de Morais Neto
2021-01-15 17:07 ` zimoun
0 siblings, 1 reply; 7+ messages in thread
From: Jorge P. de Morais Neto @ 2021-01-15 16:00 UTC (permalink / raw)
To: help-guix
Hi. I use Guix on a foreign distro---Debian buster (current stable). I
want to upgrade Debian to bullseye (current testing), but bullseye does
not provide security support for Python 2. I still use Python 2 for
OfflineIMAP. There is a Python 3 port of OfflineIMAP, but it was done
very recently and I fear it is probably be buggy. So I would like to
install Guix Python 2 atop Debian bullseye just for OfflineIMAP. Would
that work fine? Does Guix, unlike Debian bullseye, still provide
security support for Python 2? For how long?
Regards
--
- <https://jorgemorais.gitlab.io/justice-for-rms/>
- If an email of mine arrives at your spam box, please notify me.
- Please adopt free/libre formats like PDF, ODF, Org, LaTeX, Opus, WebM and 7z.
- Free/libre software for Replicant, LineageOS and Android: https://f-droid.org
- [[https://www.gnu.org/philosophy/free-sw.html][What is free software?]]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Does Guix provide security support for Python2? For how long?
2021-01-15 16:00 Does Guix provide security support for Python2? For how long? Jorge P. de Morais Neto
@ 2021-01-15 17:07 ` zimoun
2021-01-15 17:18 ` Jorge P. de Morais Neto
0 siblings, 1 reply; 7+ messages in thread
From: zimoun @ 2021-01-15 17:07 UTC (permalink / raw)
To: help-guix
Hi,
On Fri, 15 Jan 2021 at 17:02, Jorge P. de Morais Neto
<jorge+list@disroot.org> wrote:
>
> Hi. I use Guix on a foreign distro---Debian buster (current stable). I
> want to upgrade Debian to bullseye (current testing), but bullseye does
> not provide security support for Python 2. I still use Python 2 for
> OfflineIMAP. There is a Python 3 port of OfflineIMAP, but it was done
> very recently and I fear it is probably be buggy. So I would like to
> install Guix Python 2 atop Debian bullseye just for OfflineIMAP. Would
> that work fine? Does Guix, unlike Debian bullseye, still provide
> security support for Python 2? For how long?
As far as I know, Guix provides the security support that upstream releases.
Using the Guix time-machine, the code that works now should work
exactly the same in the future, even if Python 2 is removed in the
future Guix releases. Does it make sense?
All the best,
simon
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Does Guix provide security support for Python2? For how long?
2021-01-15 17:07 ` zimoun
@ 2021-01-15 17:18 ` Jorge P. de Morais Neto
2021-01-15 18:17 ` dario
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Jorge P. de Morais Neto @ 2021-01-15 17:18 UTC (permalink / raw)
To: zimoun, help-guix
Hi.
Em [2021-01-15 sex 18:07:40+0100], zimoun escreveu:
> As far as I know, Guix provides the security support that upstream
> releases.
I too suppose so in general. But I would like a more authoritative
answer for the specific case of Python2. And, in fact, this should be
publicly documented---in the manual or in the website, as well as the
description of the python2 package and maybe also in the description of
all python2-.* packages.
> Using the Guix time-machine, the code that works now should work
> exactly the same in the future, even if Python 2 is removed in the
> future Guix releases. Does it make sense?
The problem is that OfflineIMAP is Internet software, and therefore, I
believe, it is important to have security support for it (including its
dependencies).
Regards
--
- <https://jorgemorais.gitlab.io/justice-for-rms/>
- If an email of mine arrives at your spam box, please notify me.
- Please adopt free/libre formats like PDF, ODF, Org, LaTeX, Opus, WebM and 7z.
- Free/libre software for Replicant, LineageOS and Android: https://f-droid.org
- [[https://www.gnu.org/philosophy/free-sw.html][What is free software?]]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Does Guix provide security support for Python2? For how long?
2021-01-15 17:18 ` Jorge P. de Morais Neto
@ 2021-01-15 18:17 ` dario
2021-01-15 18:28 ` Jorge P. de Morais Neto
2021-01-15 19:56 ` Leo Famulari
2021-01-15 20:06 ` zimoun
2 siblings, 1 reply; 7+ messages in thread
From: dario @ 2021-01-15 18:17 UTC (permalink / raw)
To: Jorge P. de Morais Neto; +Cc: help-guix
[-- Attachment #1: Type: text/plain, Size: 1328 bytes --]
Hi,
I don't know the answer to your question and you are probably
aware of
that option, but I just wanted to mention that you could consider
switching to mbsync, which (I think) also has better performance
than
offlineimap. It's a bit annoying to migrate the configuration, but
it
does not require that much time (I made that switch some time
ago).
Best,
Dario
Jorge P. de Morais Neto <jorge+list@disroot.org> writes:
> Hi.
>
> Em [2021-01-15 sex 18:07:40+0100], zimoun escreveu:
>
>> As far as I know, Guix provides the security support that
>> upstream
>> releases.
>
> I too suppose so in general. But I would like a more
> authoritative
> answer for the specific case of Python2. And, in fact, this
> should be
> publicly documented---in the manual or in the website, as well
> as the
> description of the python2 package and maybe also in the
> description of
> all python2-.* packages.
>
>> Using the Guix time-machine, the code that works now should
>> work
>> exactly the same in the future, even if Python 2 is removed in
>> the
>> future Guix releases. Does it make sense?
>
> The problem is that OfflineIMAP is Internet software, and
> therefore, I
> believe, it is important to have security support for it
> (including its
> dependencies).
>
> Regards
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 519 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Does Guix provide security support for Python2? For how long?
2021-01-15 18:17 ` dario
@ 2021-01-15 18:28 ` Jorge P. de Morais Neto
0 siblings, 0 replies; 7+ messages in thread
From: Jorge P. de Morais Neto @ 2021-01-15 18:28 UTC (permalink / raw)
To: help-guix
Hi.
Em [2021-01-15 sex 19:17:41+0100], dario escreveu:
> I don't know the answer to your question and you are probably aware of
> that option, but I just wanted to mention that you could consider
> switching to mbsync, which (I think) also has better performance than
> offlineimap. It's a bit annoying to migrate the configuration, but it
> does not require that much time (I made that switch some time ago).
Continuing in OfflineIMAP would have the advantage of not having to
redownload 1.6GB of email, but I thank you for the recommendation. In
fact, a few minutes ago I have asked for mail fetcher recommendations on
the notmuch mailing list. I want to hear many recommendations and make
a final decision. I will take into account yours and any others I
receive in this thread.
Regards
--
- <https://jorgemorais.gitlab.io/justice-for-rms/>
- If an email of mine arrives at your spam box, please notify me.
- Please adopt free/libre formats like PDF, ODF, Org, LaTeX, Opus, WebM and 7z.
- Free/libre software for Replicant, LineageOS and Android: https://f-droid.org
- [[https://www.gnu.org/philosophy/free-sw.html][What is free software?]]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Does Guix provide security support for Python2? For how long?
2021-01-15 17:18 ` Jorge P. de Morais Neto
2021-01-15 18:17 ` dario
@ 2021-01-15 19:56 ` Leo Famulari
2021-01-15 20:06 ` zimoun
2 siblings, 0 replies; 7+ messages in thread
From: Leo Famulari @ 2021-01-15 19:56 UTC (permalink / raw)
To: zimoun, help-guix
[-- Attachment #1: Type: text/plain, Size: 1372 bytes --]
On Fri, Jan 15, 2021 at 02:18:09PM -0300, Jorge P. de Morais Neto wrote:
> Em [2021-01-15 sex 18:07:40+0100], zimoun escreveu:
>
> > As far as I know, Guix provides the security support that upstream
> > releases.
>
> I too suppose so in general. But I would like a more authoritative
> answer for the specific case of Python2. And, in fact, this should be
> publicly documented---in the manual or in the website, as well as the
> description of the python2 package and maybe also in the description of
> all python2-.* packages.
Because Python 2 is not supported upstream — at <https://python.org> —
we do not offer any security support for it.
If some other organization began supporting it, we might consider
switching to that source. But for now, the plan is to remove Python 2
from Guix before very long.
In general, Guix provides no security support for packages besides what
upstream provides. There may be exceptions but they are exceptional. I
don't agree that we should specifically document how much we support
certain packages. For every package, the best we can offer is what the
upstream developers provide. Guix is a distributor, and therefore we do
not do software development of packages.
Regarding offlineimap, if they do not port the software to Python 3, I
recommend switching to mbsync, from the isync package.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Does Guix provide security support for Python2? For how long?
2021-01-15 17:18 ` Jorge P. de Morais Neto
2021-01-15 18:17 ` dario
2021-01-15 19:56 ` Leo Famulari
@ 2021-01-15 20:06 ` zimoun
2 siblings, 0 replies; 7+ messages in thread
From: zimoun @ 2021-01-15 20:06 UTC (permalink / raw)
To: zimoun, help-guix
Hi,
On Fri, 15 Jan 2021 at 18:18, Jorge P. de Morais Neto
<jorge+list@disroot.org> wrote:
> Em [2021-01-15 sex 18:07:40+0100], zimoun escreveu:
>
> > As far as I know, Guix provides the security support that upstream
> > releases.
>
> I too suppose so in general. But I would like a more authoritative
> answer for the specific case of Python2. And, in fact, this should be
> publicly documented---in the manual or in the website, as well as the
> description of the python2 package and maybe also in the description of
> all python2-.* packages.
As far I know, Python 2 is End Of Life and not supported upstream.
Therefore, if your question is: will Guix people fix Python 2
security? Then the answer is no.
However, please indicate if an organization is still maintaining
Python 2 and maybe Guix could package their release.
> > Using the Guix time-machine, the code that works now should work
> > exactly the same in the future, even if Python 2 is removed in the
> > future Guix releases. Does it make sense?
>
> The problem is that OfflineIMAP is Internet software, and therefore, I
> believe, it is important to have security support for it (including its
> dependencies).
In this case, please consider to switch from OfflineIMAP to something else.
Guix is about packaging, not supporting security from deprecated upstream.
All the best,
simon
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-01-15 20:06 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-15 16:00 Does Guix provide security support for Python2? For how long? Jorge P. de Morais Neto
2021-01-15 17:07 ` zimoun
2021-01-15 17:18 ` Jorge P. de Morais Neto
2021-01-15 18:17 ` dario
2021-01-15 18:28 ` Jorge P. de Morais Neto
2021-01-15 19:56 ` Leo Famulari
2021-01-15 20:06 ` zimoun
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.