[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

"Martin v. Löwis" martin at v.loewis.de
Sat Mar 22 23:40:53 CET 2014


Am 22.03.14 23:33, schrieb Nick Coghlan:
> Hard to maintain legacy software is a fact of life, and way too much
> of it is exposed to the public internet. This PEP is about doing what
> we can to mitigate the damage caused both by other people's mistakes,
> and also the inherent challenges of migrating from the error prone
> POSIX text model to something more reasonable.
> 
> I *don't* think its reasonable to expect us to do this without support
> from the corporate users that caused the problem in the first place
> (by continuing to deploy older versions of Python without investing
> adequately in their upkeep), so I'd encourage everyone employed by a
> commercial user of Python to remind their management chains of the
> risks of failing to invest development time in any upstream
> dependencies that they expect to keep pace with the dynamic nature of
> the internet.

I hope indeed you are successful in activating resources. However,
putting them on this backporting project seems like a waste. They
should rather go into porting stuff to 3.x where people need it.

As responsible maintainers, we should just advise our users that
Python 2.7 is a dead horse, and that they should stop riding it.
More professionally, we should set an official end-of-life date
for 2.7 (alas, we should have done that two years ago).

I hope that the language summit can agree to stopping bug fix
releases for 2.7 in 2014.

Regards,
Martin




More information about the Python-Dev mailing list