On Tuesday, 26 March 2019 04:57:57 BST Glyph wrote:
Hi Barry!
Thanks for your feedback.
On Mar 25, 2019, at 10:22 AM, Scott, Barry <barry.scott@forcepoint.com> wrote:
We are stuck on python2.7 for the foreseeable future and you will not see us in the PyPi stats. We download your release tar ball and build an RPM from it. We also have to build python2.7 our selves as we are stuck on Centos 6.8. Given the nature of your product I'm curious: isn't the inability to maintain certifications like PCI / HIPAA due to the lack of upstream support for python 2.7 a problem for a security application?
So long as RedHat/Centos support 2.7 we should be fine and they will support it far beyond the python.org EOL date.
Having a legacy twisted with critical bugs and security fixes would work for us.
Apropos of the question in my other response - would you (or any of your colleagues) be willing to take responsibility for such a branch and do the security triage / backport work there?
I'll investigate from my end - no promises. Barry
-g