[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements (original) (raw)

Benjamin Peterson benjamin at python.org
Sun Mar 23 00:02:36 CET 2014

On Sat, Mar 22, 2014, at 15:40, Martin v. Löwis wrote:

Am 22.03.14 23:33, schrieb Nick Coghlan: > Hard to maintain legacy software is a fact of life, and way too much > of it is exposed to the public internet. This PEP is about doing what > we can to mitigate the damage caused both by other people's mistakes, > and also the inherent challenges of migrating from the error prone > POSIX text model to something more reasonable. > > I don't think its reasonable to expect us to do this without support > from the corporate users that caused the problem in the first place > (by continuing to deploy older versions of Python without investing > adequately in their upkeep), so I'd encourage everyone employed by a > commercial user of Python to remind their management chains of the > risks of failing to invest development time in any upstream > dependencies that they expect to keep pace with the dynamic nature of > the internet.

I hope indeed you are successful in activating resources. However, putting them on this backporting project seems like a waste. They should rather go into porting stuff to 3.x where people need it. As responsible maintainers, we should just advise our users that Python 2.7 is a dead horse, and that they should stop riding it. More professionally, we should set an official end-of-life date for 2.7 (alas, we should have done that two years ago). I hope that the language summit can agree to stopping bug fix releases for 2.7 in 2014.

As (I believe) previously discussed and documented in PEP 373, this date currently will be May 2015.

More information about the Python-Dev mailing list