Python 2.7 -- bugfix or security before EOL?
I notice on https://devguide.python.org that Python 3.5 is in “security” status with an EOL of 2020-09-13 but Python 2.7 is in “bugfix” and has a likely earlier EOL. Will there be a period where Py2.7 is in security-only status before hitting EOL? Even if the EOL is set at the last possible date of 2020-12-31, it still is in the time period before EOL that other recent versions have gone to security only. (obviously recognizing that Py2.7 EOL is not just another EOL) I tried searching in archives for anything related to this status, but couldn’t find anything. apologies if I missed a discussion. - Michael Cuthbert
On 3/10/2018 4:59 PM, Michael Scott Cuthbert wrote:
I notice on https://devguide.python.org that Python 3.5 is in “security” status with an EOL of 2020-09-13 but Python 2.7 is in “bugfix” and has a likely earlier EOL.
There is no relation between the two, or between 2.7 and any other version. 2.7 is a completely special case.
Will there be a period where Py2.7 is in security-only status before hitting EOL?
https://www.python.org/dev/peps/pep-0373 gives the public status. When Benjamin Peterson want to add something, he will. Already, the main emphasis is on security, build, and test infrastructure fixes. Backporting bug and doc fixes is at developer discretion.
Even if the EOL is set at the last possible date of 2020-12-31,
Benjamin Peterson will decide when he decides. He has not yet announced a date for a 2018 release. People have mostly proposed either Jan 1 or sometime late spring related to PyCon. If you want something definite for your own planning, I recommend that you assume Jan 1.
it still is in the time period before EOL that other recent versions have gone to security only.
Again, not relevant. You might want to read http://python3statement.org/. Some major projects (like Django, I believe) have already put their last 2.x compatible version into bug-fix only mode and expect to stop patching it before 2020. -- Terry Jan Reedy
Let's not play games with semantics. The way I see the situation for 2.7 is that EOL is January 1st, 2020, and there will be no updates, not even source-only security patches, after that date. Support (from the core devs, the PSF, and python.org) stops completely on that date. If you want support for 2.7 beyond that day you will have to pay a commercial vendor. Of course it's open source so people are also welcome to fork it. But the core devs have toiled long enough, and the 2020 EOL date (an extension from the originally annouced 2015 EOL!) was announced with sufficient lead time and fanfare that I don't feel bad about stopping to support it at all. On Sat, Mar 10, 2018 at 5:36 PM, Terry Reedy <tjreedy@udel.edu> wrote:
On 3/10/2018 4:59 PM, Michael Scott Cuthbert wrote:
I notice on https://devguide.python.org that Python 3.5 is in “security” status with an EOL of 2020-09-13 but Python 2.7 is in “bugfix” and has a likely earlier EOL.
There is no relation between the two, or between 2.7 and any other version. 2.7 is a completely special case.
Will there be a period where Py2.7 is in security-only status before
hitting EOL?
https://www.python.org/dev/peps/pep-0373 gives the public status. When Benjamin Peterson want to add something, he will.
Already, the main emphasis is on security, build, and test infrastructure fixes. Backporting bug and doc fixes is at developer discretion.
Even if the EOL is set at the last possible date of 2020-12-31,
Benjamin Peterson will decide when he decides. He has not yet announced a date for a 2018 release.
People have mostly proposed either Jan 1 or sometime late spring related to PyCon. If you want something definite for your own planning, I recommend that you assume Jan 1.
it still is in the time period before EOL that other recent versions have
gone to security only.
Again, not relevant.
You might want to read http://python3statement.org/.
Some major projects (like Django, I believe) have already put their last 2.x compatible version into bug-fix only mode and expect to stop patching it before 2020.
-- Terry Jan Reedy
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/guido% 40python.org
-- --Guido van Rossum (python.org/~guido)
On 3/10/2018 8:54 PM, Guido van Rossum wrote:
Let's not play games with semantics. The way I see the situation for 2.7 is that EOL is January 1st, 2020, and there will be no updates, not even source-only security patches, after that date. Support (from the core devs, the PSF, and python.org <http://python.org>) stops completely on that date.
+1 from me. If so, then that should be added to the PEP and announced at PyCon, to end major questions* and speculation. * There are still minor details of when patches are cutoff (is that EOL, on Jan 1?) and when the rc and final releases appear (whenever ready after cutoff?) -- Terry Jan Reedy
Sounds good to me. I've updated the PEP to say 2.7 is completely dead on Jan 1 2020. The final release may not literally be on January 1st, but we certainly don't want to support 2.7 through all of 2020. On Sat, Mar 10, 2018, at 18:54, Guido van Rossum wrote:
Let's not play games with semantics. The way I see the situation for 2.7 is that EOL is January 1st, 2020, and there will be no updates, not even source-only security patches, after that date. Support (from the core devs, the PSF, and python.org) stops completely on that date. If you want support for 2.7 beyond that day you will have to pay a commercial vendor. Of course it's open source so people are also welcome to fork it. But the core devs have toiled long enough, and the 2020 EOL date (an extension from the originally annouced 2015 EOL!) was announced with sufficient lead time and fanfare that I don't feel bad about stopping to support it at all.
On Sat, Mar 10, 2018 at 5:36 PM, Terry Reedy <tjreedy@udel.edu> wrote:
On 3/10/2018 4:59 PM, Michael Scott Cuthbert wrote:
I notice on https://devguide.python.org that Python 3.5 is in “security” status with an EOL of 2020-09-13 but Python 2.7 is in “bugfix” and has a likely earlier EOL.
There is no relation between the two, or between 2.7 and any other version. 2.7 is a completely special case.
Will there be a period where Py2.7 is in security-only status before
hitting EOL?
https://www.python.org/dev/peps/pep-0373 gives the public status. When Benjamin Peterson want to add something, he will.
Already, the main emphasis is on security, build, and test infrastructure fixes. Backporting bug and doc fixes is at developer discretion.
Even if the EOL is set at the last possible date of 2020-12-31,
Benjamin Peterson will decide when he decides. He has not yet announced a date for a 2018 release.
People have mostly proposed either Jan 1 or sometime late spring related to PyCon. If you want something definite for your own planning, I recommend that you assume Jan 1.
it still is in the time period before EOL that other recent versions have
gone to security only.
Again, not relevant.
You might want to read http://python3statement.org/.
Some major projects (like Django, I believe) have already put their last 2.x compatible version into bug-fix only mode and expect to stop patching it before 2020.
-- Terry Jan Reedy
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/guido% 40python.org
-- --Guido van Rossum (python.org/~guido) _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/benjamin%40python.org
On 11 March 2018 at 11:54, Guido van Rossum <guido@python.org> wrote:
Let's not play games with semantics. The way I see the situation for 2.7 is that EOL is January 1st, 2020, and there will be no updates, not even source-only security patches, after that date. Support (from the core devs, the PSF, and python.org) stops completely on that date. If you want support for 2.7 beyond that day you will have to pay a commercial vendor. Of course it's open source so people are also welcome to fork it. But the core devs have toiled long enough, and the 2020 EOL date (an extension from the originally annouced 2015 EOL!) was announced with sufficient lead time and fanfare that I don't feel bad about stopping to support it at all.
+1 from me, as even if commercial redistributors do decide they want to collaborate on a post-2020 Python 2.7 maintenance branch, there's no technical reason that that needs to live under the "python" GitHub organisation, and some solid logistical reasons for it to live somewhere more explicitly vendor managed. For example, a 2.7 vendor branch would need its own issue tracker that's independent of bugs.python.org, since the ability to report bugs against 2.7 will be removed from bpo (and all remaining 2.7-only bugs will be closed). Cheers, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia
On 2018-03-12, 13:13 GMT, Nick Coghlan wrote:
+1 from me, as even if commercial redistributors do decide they want to collaborate on a post-2020 Python 2.7 maintenance branch, there's no technical reason that that needs to live under the "python" GitHub organisation, and some solid logistical reasons for it to live somewhere more explicitly vendor managed.
It would be good to have some email list of the commercial redistributors (Linux distro maintainers + people from Anaconda etc.). Could python.org host it? Best, Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mcepl@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 ..every Man has a Property in his own Person. This no Body has any Right to but himself. The Labour of his Body, and the Work of his Hands, we may say, are properly his. .... The great and chief end therefore, of Mens uniting into Commonwealths, and putting themselves under Government, is the Preservation of their Property. -- John Locke, "A Treatise Concerning Civil Government"
participants (6)
-
Benjamin Peterson -
Guido van Rossum -
Matěj Cepl -
Michael Scott Cuthbert -
Nick Coghlan -
Terry Reedy