'Re: [opensuse-factory] Removal of Python2 from openSUSE Tumbleweed'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse-factory
Subject:    Re: [opensuse-factory] Removal of Python2 from openSUSE Tumbleweed
From:       Dominique Leuenberger / DimStar <dimstar () opensuse ! org>
Date:       2020-01-09 14:13:48
Message-ID: c04dc6ce228c4ce2556bd82d6554a8122b832741.camel () opensuse ! org
[Download RAW message or body]

On Thu, 2020-01-09 at 14:47 +0100, Adam Majer wrote:
> On 1/9/20 12:56 PM, Thorsten Kukuk wrote:
> > On Thu, Jan 09, Adam Majer wrote:
> > 
> > > I find it somewhat amusing how when someone mentions "EOL" and
> > > "unmaintained", then it suddenly becomes a semi-dogmatic emergency to
> > > remove anything and everything that is using this so called "EOL" and
> > > "unmaintained" code... while at the same time, we have all licenses that
> > > state "DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR
> > > FITNESS FOR ANY PARTICULAR PURPOSE"
> > 
> > Because legally, there is a big difference if you ship something with
> > a big security problem you are not aware of compared to shipping 
> > something with a security problem you are aware of. In the second 
> > case, all this disclaimers don't help you at all.
> 
> Maybe, not sure. But EOL upstream does not imply "big security hole".
> And even with security issues, we (or almost anyone) doesn't stop
> shipping of distributions because some component has an issue. This is
> true in OSS as well as closed software world.
> 
> Anyway, back to reality, if python2 ends up with future security issues,
> we can deal with it at the time instead of now.

If we have that large usage footprint as we have now (with packages
that would support py3 but were never switched) we just run into
issues.

Let's do the work NOW - before we have to rush it and can't really cope
with it.

Just a sample:
I am just busy switching the fail2ban package to use py3. Upstream had
support for it for years - yet our package was never switched.

Cheers,
  Dominique

["signature.asc" (application/pgp-signature)]
-- 
To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-factory+owner@opensuse.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic