On Wed, Dec 26, 2018 at 02:33:55PM +0100, Pjotr Prins wrote: > A lot of software outside Guix still depends on Python2, for better or > worse. I don't believe EOL means they are going to drop security > updates. Leaf packages may well be in use today.
I do think it means that the current Python team at python.org will stop issuing security updates for Python 2. [0] Previously, Guido van Rossum said "The way I see the situation for 2.7 is that EOL is January 1st, 2020, and there will be no updates, not even source-only security patches, after that date. Support (from the core devs, the PSF, and python.org) stops completely on that date." [1] Well, Guido is no longer involved with Python, so maybe the situation has changed. In any case, I think we can expect third parties like Red Hat to keep maintaining Python 2 for some years, and we can use their work. > Is there a way we mark packages as DEPRECATED? I think we should not > just remove packages without a grace period. Deprecate for, say, 3 > months or even 6 months is the way to do this. A deprecation tag > should include a time stamp that gives the (planned) removal time. Not exactly, although there is a 'deprecated-package' procedure that accepts a replacement package to supersede the deprecated package. It doesn't do what you suggest. [0] Already, the status of Python 2 is 'bugfix'. If it reaches "end of life", the bugfixing activity will presumably cease, although they do describe another 'security' status that seems lesser than 'bugfix': https://devguide.python.org/#status-of-python-branches [1] https://mail.python.org/pipermail/python-dev/2018-March/152348.html
signature.asc
Description: PGP signature
