Date: Wed, 24 Mar 2021 13:03:47 +0000 From: Rene Ladan <portmgr-secretary@freebsd.org> To: ports@freebsd.org Subject: Python 2.7 removal outline Message-ID: <20210324130347.GA29020@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, below is an outline continuing the Python 2.7 cleanup: - - all affected ports are now marked as deprecated, with an expiration date of either 2020-12-31 or 2021-06-23. - - we will have to wait for Chromium to fully switch to Python 3 before we can fully remove Python 2.7. This is work in progress on their side. Not waiting would imply removing www/chromium (obviously), editors/vscode (it escaped the recursive-deprecation dance of devel/electron*), but most importantly www/qt5-webengine which would drag half of KDE with it. However, lang/python27 will be marked as RESTRICTED so that all ports mentioned above can still be built and run, but Python 2.7 itself will not be available as a package. - - No more new ports having USES=python:2.7 or USES=python:2.7+ or existing ports reverting to that, no excuses. - - No usage of lang/tauthon by the framework or any port, no excuses. - - lang/tauthon will be removed on 2021-06-23 as noticed in the port itself, no excuses. Tauthon is not guaranteed to be compatible with any official Python version so keeping it would just unnecessarily complicate things. - - mail/mailman is being replaced by clusteradm@ with mlmmj. You can use `pkg lock` to stick with it after removal, if there is no other way. - - you are of course free to provide your own version of Python 2.7, Tauthon and any application using those languages in your local setup, by using overlays for example. Miscellaneous tidbits: - - WHY?!?!? Well, back in 2008, the Python Software Foundation planned to mark Python 2.7 end-of-life at 2015-01-01, see [1], but that date was pushed back to 2020-01-01 because a lot of downstream users had not converted yet. So Python 2.7 is already end-of-life for 1.5 years, which means that according to [1] the PSF is no longer fixing security issues for it. As can be seen on [2], multiple vulnerabilities already have been fixed for Python 3.6 to 3.9 this year. - - On a related note, most software using Python 2.7 was already removed from the Ports Tree last year, a lot of it being unmaintained or more or less abandoned upstream. - - Upstream Chromium is working on converting their codebase to Python 3 but there is no completion date. Interestingly, adridg@ is experimenting with converting www/qt5-webengine to Python 3 too. - - We are indeed faster with dropping Python 2.7 than e.g. Ubuntu, however more recent Debian/Ubuntu distributions are more and more dropping Python 2.7 too. This also has to do with how their branching model works, the package set of Ubuntu LTS is determined a few months before the release itself. [1] https://www.python.org/dev/peps/pep-0373/ [2] https://www.python.org/downloads/release/python-392/ René, on behalf of portmgr -----BEGIN PGP SIGNATURE----- iQGyBAEBCgCcFiEE+zdFyG8V6O2sgTL82ClOw7vE19UFAmBbOBpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZC Mzc0NUM4NkYxNUU4RURBQzgxMzJGQ0Q4Mjk0RUMzQkJDNEQ3RDUeHHBvcnRtZ3It c2VjcmV0YXJ5QGZyZWVic2Qub3JnAAoJENgpTsO7xNfVVB4IAIIzuJare4IiEpAs H+ro/OdZ8J9t+p/Vhv5pRUmN1fhL38gvlmvKSbnm/1HCfXQY8WjccX+9UUsIudLl kkI020DDSC4shESsCnsTGXTr13psS+DjCTdjpgRlaWb38yL8bSoPyyA12jJFVYDi doRkWGleIZrz9kh1lDOX4rzB9hui6B5VFNktcbkG2+h+xs1huhq9/VdyCVRJC6gM kss1yBH04VXqa3G5K2vj4w+sPRQi4gNKA9fkoLIJlpnNZ3QFVxLR+Xa1ySUEQhCE gIRYkZmjLiMoDJizN2d9CGAVSvDvvl+g3tGdP24DwRiHdnofaNijUV7xhNslYiE3 m7QBFbI= =2WOV -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210324130347.GA29020>