Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Mar 2021 13:03:47 +0000
From:      Rene Ladan <portmgr-secretary@freebsd.org>
To:        ports@freebsd.org
Subject:   Python 2.7 removal outline
Message-ID:  <20210324130347.GA29020@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

below is an outline continuing the Python 2.7 cleanup:

- - all affected ports are now marked as deprecated, with an expiration date
  of either 2020-12-31 or 2021-06-23.
- - we will have to wait for Chromium to fully switch to Python 3 before we
  can fully remove Python 2.7. This is work in progress on their side. Not
  waiting would imply removing www/chromium (obviously), editors/vscode
  (it escaped the recursive-deprecation dance of devel/electron*), but most
  importantly www/qt5-webengine which would drag half of KDE with it.
  However, lang/python27 will be marked as RESTRICTED so that all ports
  mentioned above can still be built and run, but Python 2.7 itself will
  not be available as a package.
- - No more new ports having USES=python:2.7 or USES=python:2.7+ or existing
  ports reverting to that, no excuses.
- - No usage of lang/tauthon by the framework or any port, no excuses.
- - lang/tauthon will be removed on 2021-06-23 as noticed in the port itself,
  no excuses. Tauthon is not guaranteed to be compatible with any official
  Python version so keeping it would just unnecessarily complicate things.
- - mail/mailman is being replaced by clusteradm@  with mlmmj. You can use
  `pkg lock` to stick with it after removal, if there is no other way.
- - you are of course free to provide your own version of Python 2.7, Tauthon
  and any application using those languages in your local setup, by using
  overlays for example.

Miscellaneous tidbits:
- - WHY?!?!? Well, back in 2008, the Python Software Foundation planned to
  mark Python 2.7 end-of-life at 2015-01-01, see [1], but that date was
  pushed back to 2020-01-01 because a lot of downstream users had not
  converted yet. So Python 2.7 is already end-of-life for 1.5 years, which
  means that according to [1] the PSF is no longer fixing security issues
  for it. As can be seen on [2], multiple vulnerabilities already have
  been fixed for Python 3.6 to 3.9 this year.
- - On a related note, most software using Python 2.7 was already removed
  from the Ports Tree last year, a lot of it being unmaintained or
  more or less abandoned upstream.
- - Upstream Chromium is working on converting their codebase to Python 3 but
  there is no completion date. Interestingly, adridg@ is experimenting with
  converting www/qt5-webengine to Python 3 too.
- - We are indeed faster with dropping Python 2.7 than e.g. Ubuntu, however
  more recent Debian/Ubuntu distributions are more and more dropping Python
  2.7 too. This also has to do with how their branching model works, the
  package set of Ubuntu LTS is determined a few months before the release
  itself.

[1] https://www.python.org/dev/peps/pep-0373/
[2] https://www.python.org/downloads/release/python-392/

René,
on behalf of portmgr
-----BEGIN PGP SIGNATURE-----

iQGyBAEBCgCcFiEE+zdFyG8V6O2sgTL82ClOw7vE19UFAmBbOBpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZC
Mzc0NUM4NkYxNUU4RURBQzgxMzJGQ0Q4Mjk0RUMzQkJDNEQ3RDUeHHBvcnRtZ3It
c2VjcmV0YXJ5QGZyZWVic2Qub3JnAAoJENgpTsO7xNfVVB4IAIIzuJare4IiEpAs
H+ro/OdZ8J9t+p/Vhv5pRUmN1fhL38gvlmvKSbnm/1HCfXQY8WjccX+9UUsIudLl
kkI020DDSC4shESsCnsTGXTr13psS+DjCTdjpgRlaWb38yL8bSoPyyA12jJFVYDi
doRkWGleIZrz9kh1lDOX4rzB9hui6B5VFNktcbkG2+h+xs1huhq9/VdyCVRJC6gM
kss1yBH04VXqa3G5K2vj4w+sPRQi4gNKA9fkoLIJlpnNZ3QFVxLR+Xa1ySUEQhCE
gIRYkZmjLiMoDJizN2d9CGAVSvDvvl+g3tGdP24DwRiHdnofaNijUV7xhNslYiE3
m7QBFbI=
=2WOV
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210324130347.GA29020>