Date: Thu, 25 Mar 2021 17:26:36 +1100 From: Dewayne Geraghty <dewayne@heuristicsystems.com.au> To: freebsd-ports@freebsd.org Subject: Re: Python 2.7 removal outline Message-ID: <e3b7ff6c-5114-a8fb-cd8c-f219741451e4@heuristicsystems.com.au> In-Reply-To: <0e28fdd3-441b-e22d-e64e-65bd6b34e9da@quip.cz> References: <20210324130347.GA29020@freefall.freebsd.org> <0e28fdd3-441b-e22d-e64e-65bd6b34e9da@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25/03/2021 4:01 am, Miroslav Lachman wrote: > I really appreciate the work of ports team, committers and maintainers > but I dislike double standards. All ports requiring Python 2.7 were > marked deprecated the last year almost all of them removed according to > expiration date 2020-12-31 but some of them are still there. > If there is Python 2.7, if there is Chromium then any of removed ports > can be there. If "we" want to get rid of them then "we" should remove > all of them and not just some by sentiment. > For example Iridium browser was removed because of Python 2.7 but > Chromium is still there. They are both based on the same source with the > same dependencies but Iridium cares more about privacy, yet it was > slaughtered instead of Chromium. > I really would like to see some policies for things like this next time. > > Miroslav Lachman Thanks Miroslav, I have the same view. Though I agree with Rene about the need to remove vulnerable ports and the interests of the FreeBSD community, its worth considering those with both a need and an understanding of the ramifications of using python2.7. We've been disappointed having to digress from the ports infrastructure to continue with python2.7 applications that we need, which were removed (a year ago). It could've been so much more pleasant had a "restricted", or better option been employed. No new ports requiring python2.7 is an excellent suggestion in terms of maintaining a viable user-base (kudos Mathias). For how long, is another discussion. Though after reading through https://reviews.freebsd.org/D28665 are we expecting to keep KDE users on FreeBSD post June 23 (without www/qt5-webengine, konqueror, kontact, kmail,...)? And its incongruous to say talk about upstream abandoning applications, as many continue to maintain "their" software with a now unsupported product (py2.7). Again the need outweighs the risk (for us) vs the upstream cost of conversion. It is an unpleasant though necessary choice. And for the fear-mongers, with a good FreeBSD firewall and strong security mindset, vulnerabilities can be substantially mitigated; and it really should be an option (for experienced folk) to be able to use what is *needed* while properly comprehending the risk vs maintaining an increasingly digressive ports infrastructure.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e3b7ff6c-5114-a8fb-cd8c-f219741451e4>