devel:languages:python:legacy proposal

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

devel:languages:python:legacy proposal

todd rme
There are a lot of packages in devel:languages:python that are simply
unmaintained. Upstream will never update them to support python3. This
is both a maintenance burden and a potential security issue.

So I suggest wherever possible we move away from these packages. When
we can they should be removed from factory and removed as (optional)
dependencies for other packages.

I also suggest that we create a new subproject for
devel:languages:python, perhaps devel:languages:python:legacy, where
these packages can live.

Of course packages that are needed for other packages, or packages
that are maintained but python2-only, will remain as-is. This is only
for packages that have not seen upstream activity for, say, 3 years,
and don't support modern versions of python3 (3.4+).

I would be against dropping the packages entirely as long as they still work.
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: devel:languages:python:legacy proposal

Luigi Baldoni
todd rme wrote
There are a lot of packages in devel:languages:python that are simply
unmaintained. Upstream will never update them to support python3. This
is both a maintenance burden and a potential security issue.

So I suggest wherever possible we move away from these packages. When
we can they should be removed from factory and removed as (optional)
dependencies for other packages.
How do you find out if they are unmaintained or simply out of date?
Someone should create a script to check each of them against pypi.

Regards
Reply | Threaded
Open this post in threaded view
|

Re: devel:languages:python:legacy proposal

todd rme
On Sat, Aug 26, 2017 at 2:09 PM, Luigi Baldoni <[hidden email]> wrote:

> todd rme wrote
>> There are a lot of packages in devel:languages:python that are simply
>> unmaintained. Upstream will never update them to support python3. This
>> is both a maintenance burden and a potential security issue.
>>
>> So I suggest wherever possible we move away from these packages. When
>> we can they should be removed from factory and removed as (optional)
>> dependencies for other packages.
>
> How do you find out if they are unmaintained or simply out of date?
> Someone should create a script to check each of them against pypi.
>
> Regards

You check pypi and their github, bitbucket, etc. site if they have one.

We will pretty much have to do this for the singlespec conversion
anyway. This just provides a place to put the ones that will never be
converted.
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]