Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 25 Mar 2021 17:26:36 +1100
From:      Dewayne Geraghty <dewayne@heuristicsystems.com.au>
To:        freebsd-ports@freebsd.org
Subject:   Re: Python 2.7 removal outline
Message-ID:  <e3b7ff6c-5114-a8fb-cd8c-f219741451e4@heuristicsystems.com.au>
In-Reply-To: <0e28fdd3-441b-e22d-e64e-65bd6b34e9da@quip.cz>
References:  <20210324130347.GA29020@freefall.freebsd.org> <0e28fdd3-441b-e22d-e64e-65bd6b34e9da@quip.cz>

next in thread | previous in thread | raw e-mail | index | archive | help
On 25/03/2021 4:01 am, Miroslav Lachman wrote:

> I really appreciate the work of ports team, committers and maintainers
> but I dislike double standards. All ports requiring Python 2.7 were
> marked deprecated the last year almost all of them removed according to
> expiration date 2020-12-31 but some of them are still there.
> If there is Python 2.7, if there is Chromium then any of removed ports
> can be there. If "we" want to get rid of them then "we" should remove
> all of them and not just some by sentiment.
> For example Iridium browser was removed because of Python 2.7 but
> Chromium is still there. They are both based on the same source with the
> same dependencies but Iridium cares more about privacy, yet it was
> slaughtered instead of Chromium.
> I really would like to see some policies for things like this next time.
> 
> Miroslav Lachman

Thanks Miroslav, I have the same view.  Though I agree with Rene about
the need to remove vulnerable ports and the interests of the FreeBSD
community, its worth considering those with both a need and an
understanding of the ramifications of using python2.7.

We've been disappointed having to digress from the ports infrastructure
to continue with python2.7 applications that we need, which were removed
(a year ago).  It could've been so much more pleasant had a
"restricted", or better option been employed.

No new ports requiring python2.7 is an excellent suggestion in terms of
maintaining a viable user-base (kudos Mathias).  For how long, is
another discussion.

Though after reading through
https://reviews.freebsd.org/D28665
are we expecting to keep KDE users on FreeBSD post June 23 (without
www/qt5-webengine, konqueror, kontact, kmail,...)?

And its incongruous to say talk about upstream abandoning applications,
as many continue to maintain "their" software with a now unsupported
product (py2.7).  Again the need outweighs the risk (for us) vs the
upstream cost of conversion.  It is an unpleasant though necessary  choice.

And for the fear-mongers, with a good FreeBSD firewall and strong
security mindset, vulnerabilities can be substantially mitigated; and it
really should be an option (for experienced folk) to be able to use what
is *needed* while properly comprehending the risk vs maintaining an
increasingly digressive ports infrastructure.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e3b7ff6c-5114-a8fb-cd8c-f219741451e4>