Skip to content

Drop support for insecure end-of-life Python <=3.7 #555

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Drop support for insecure end-of-life Python <=3.7 #555

wants to merge 1 commit into from

Conversation

hartwork
Copy link
Contributor

@hartwork hartwork commented Mar 3, 2024
edited
Loading

Hi!

I'm not sure how welcome this is, I just became aware that clustershell tries supporting some insecure end-of-life versions of Python, so I decided to offer this pull request to get rid of that baggage, and see what you think 🍻

Best, Sebastian

@hartwork hartwork force-pushed the drop-support-for-python-3-7 branch from 581e39f to fc28e1d Compare March 3, 2024 18:12
@hartwork hartwork mentioned this pull request Mar 3, 2024
Merged
@hartwork hartwork changed the title Drop support for Python <=3.7 Drop support for insecure end-of-life Python <=3.7 Mar 3, 2024
@hartwork hartwork force-pushed the drop-support-for-python-3-7 branch from fc28e1d to 677c035 Compare March 3, 2024 23:19
@degremont
Copy link
Collaborator

Hello

Thanks for your proposal but I don't think that's the right way to drop support. Except for the Display.py change, all the code is still fully functional under Python 2.7 and 3.6+, you're just removing the doc which says we support those changes, but the code base is not touched, so the code still work there.

I don't see any benefit of dropping this support is the code is still working fine there, for people who needs that.
There is still a large RHEL7 install base that needs Python 2 support.

What would be great when that support will be dropped is to get rid of all the compatibility code we have for Py2 and Py3 <= 3.7.

The plan is to drop that support for a next minor release (1.10 ?) . There we would drop Py2, and remove all the code we have which is there only to support Py2. That would be beneficial to us as the code to maintain will be simpler. We would prefer to see that kind of patch, dropping py2 support first. We have normal "py2" tag in the source code for that, but a real code audit would be useful to catch the places where py2 is not explicit.

@hartwork
Copy link
Contributor Author

hartwork commented Mar 4, 2024

Hi @degremont, thanks for your reply! I do not agree with your assessment — I don't consider systems without security updates worthy of support by anyone — but I accept your choice, and will close this pull request.

@hartwork hartwork closed this Mar 4, 2024
@thiell
Copy link
Collaborator

thiell commented Mar 4, 2024

@hartwork We really appreciate that you contacted us regarding this and thanks for the PR.

Some additional context: older versions of Python are still supported by some Linux distributions, like in RHEL and spinoffs, and critical security updates are available. Because clustershell is mainly used as a system-level tool, installed system-wide as distribution packages, we're a bit conservative when it's time to drop support for Python versions, and we prefer to not break support for older Python versions unless it is really needed. But I agree with you that it is time to make some changes in ClusterShell to focus on the newer versions of Python, and we plan to work on that soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hartwork @degremont @thiell