[Python-Dev] Supported versions of OpenSSL (original) (raw)

Nick Coghlan ncoghlan at gmail.com
Wed Aug 31 07:57:49 EDT 2016

On 31 August 2016 at 19:33, M.-A. Lemburg <mal at egenix.com> wrote:

On 31.08.2016 10:43, Antoine Pitrou wrote:

On Wed, 31 Aug 2016 10:31:12 +0200 "M.-A. Lemburg" <mal at egenix.com> wrote:

I am thinking of Python users out there who are running on LTS OS releases simply because their IT doesn't let them run anything else. There is a solution nowadays, which is to use Anaconda (or Miniconda). Sure, or use ActivePython or eGenix PyRun :-) But is that really what we want to tell people ?

I'm personally entirely comfortable with it, as large organisations running community supported code without investing back into the upstream community accordingly is currently a major problem in the Python ecosystem - many technical folks find it easier to reach out to the open source community for better support than they do to go into battle with their own Finance departments to argue for appropriate investment in managing their supply chain. Unfortunately, while that's an entirely understandable reaction to an all too common form of organisational dysfunction, it's also a major contributor to community volunteer burnout.

Accordingly, we need more of these organisations to either fund paid upstream development directly (e.g. by assigning their own staff to do it or hiring existing core developers), or else for them to start paying commercial redistributors, and making it clear that they expect those redistributors to fund ongoing upstream development and maintenance activities on their behalf. For folks that are already paying commercial redistributors, we need them to be asking pointed questions of their support managers, like "We're paying you for commercial CPython support, so why don't you have anyone assigned to work on it full time?"

Adopting that strategy isn't without its risks - some organisations may react by banning the use of Python entirely and go looking for a less assertive community (or one with better established funding sources), rather than finding ways to pay for suitable infrastructure support arrangements. However, hopefully folks within such organisations will understand their political environment well enough to know whether or not they need to stay under the executive radar.

Cheers, Nick.

-- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia

More information about the Python-Dev mailing list