On 2021-03-01 16:15:38 +1300 (+1300), Bailey, Josh wrote: > I'm a maintainer for a python based SDN network controller, FAUCET. One of > the platforms we've been supporting to-date is python3.5/oldstable. > > Of course, now, python3.5 is EOL. To some degree we can keep building our > package under python3.5, but now not all of our dependencies (like pyyaml) > build or are even released for 3.5 anymore. That's an issue as there are > security vulnerabilities that are now difficult to address. > > Given that oldstable will be around until 2022, does that mean python3 as > python3.5 will live on in oldstable until then? I can understand the case > for not adding a newer python3 version, but also OTOH addressing security > vulnerabilities over the LTS window will probably only get harder. > > Any advice appreciated,
If you're going to use the python3 packaged in oldstable, then can't you use the libraries (e.g. python3-yaml) packaged in oldstable as well and take advantage of whatever security fixes are backported by the package maintainers/security team? -- Jeremy Stanley
signature.asc
Description: PGP signature
