Page MenuHomePhabricator
Create Task
Maniphest T203471

Drop support for Python 2.7.6 and lower
Closed, DeclinedPublic
Actions

Description

The official life cycle of Python 2 exceeds on 2020-01-01 but few days ago we found some issues (T199959, T203435) caused by the Cryptography package. After py2.6 and py3.3 has been dropped and py2.7.2 and 2.7.3 is proposed to be dropped soon (T191192) I propose to abandon the support of Python from 2.7.4 to 2.7.6 too.

If someone cannot upgrade to a newer version of Python, the older Pywikibot releases are still available either via pypi package or the corresponding tag in our repository but one should be aware that these issues may still lead to problems with the Cryptography package.

Details

SubjectRepoBranchLines +/-
Show deprecation warning for Python 2pywikibot/coremaster+13 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

Dvorapa created this task.Sep 4 2018, 3:19 PM
Dvorapa added parent tasks: T199959: Cryptography is going to drop support for python 2.7.6 and before, T203435: 'cryptography' dependency reported as vulnerable.Sep 4 2018, 3:35 PM
Dvorapa added a subtask: T191192: Drop support for python 2.7.2 and 2.7.3.
Liuxinyu970226 unsubscribed.Sep 4 2018, 3:53 PM
JeanFred subscribed.Sep 4 2018, 3:54 PM

Note that python 2.7.6 is what is currently installed in the Toolforge environment, so that should likely depend on T199003.

Multichill added a comment.Sep 4 2018, 4:17 PM

I checked several systems and both run 2.7.6. . This task is way too soon. Come back in a couple of years. You're going way too fast on this dropping campaign.

Multichill triaged this task as Lowest priority.Sep 4 2018, 4:18 PM
MarcoAurelio added a comment.Sep 4 2018, 5:11 PM

I think that encouraging people to use updated versions that do not depend on vulnerable dependencies is a good idea. While I agree it can be hard or annoying to go system by system to do so, I feel this is not something we should wait a couple of years to accomplish. Thanks.

Framawiki subscribed.Sep 4 2018, 6:17 PM
Dvorapa added a comment.Sep 4 2018, 7:37 PM

@Multichill Per my point of view there are two possibilities:

  1. Depend on vulnerable version of Cryptography package
  2. Drop py2.7.6

PS: I would suggest to slowly move from Trusty, because in April 2019 the maintenance support period end is expected.

Xqt changed the task status from Open to Stalled.Oct 26 2018, 3:00 AM

Stalled until 2.7.3 is dropped

Xqt added a comment.Oct 26 2018, 3:06 AM
This comment was removed by Xqt.
Xqt changed the status of subtask T191192: Drop support for python 2.7.2 and 2.7.3 from Stalled to Open.Dec 3 2018, 9:44 PM
Xqt mentioned this in T213287: Drop support of Python 2.7.Jan 9 2019, 2:37 PM
Xqt added a parent task: T213287: Drop support of Python 2.7.
Xqt added a comment.Jan 15 2019, 12:02 PM

This release also shows a security warning:

urllib3\util\ssl_.py:160: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this.

The minimum version is 2.7.9 to stop this error from occuring.

JeanFred added a comment.Jan 15 2019, 12:21 PM
In T203471#4880681, @Xqt wrote:

This release also shows a security warning:

urllib3\util\ssl_.py:160: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this.

The minimum version is 2.7.9 to stop this error from occuring.

Can’t that be solved by installing the security extra for requests? (At least rTHERd2ff281 was enough in T200159)

Xqt changed the task status from Stalled to Open.Feb 13 2019, 3:29 PM
Xqt closed subtask T191192: Drop support for python 2.7.2 and 2.7.3 as Resolved.Feb 18 2019, 4:02 PM
gerritbot added a comment.May 4 2019, 6:57 PM

Change 508093 had a related patch set uploaded (by Xqt; owner: Xqt):
[pywikibot/core@master] Show deprecation warning for Python 2

https://gerrit.wikimedia.org/r/508093

gerritbot added a project: Patch-For-Review.May 4 2019, 6:57 PM
gerritbot added a comment.May 14 2019, 9:08 AM

Change 508093 merged by jenkins-bot:
[pywikibot/core@master] Show deprecation warning for Python 2

https://gerrit.wikimedia.org/r/508093

Xqt removed a project: Patch-For-Review.May 19 2019, 12:17 PM
Ricordisamoa subscribed.Dec 12 2019, 1:22 PM
Xqt raised the priority of this task from Lowest to Medium.Jan 5 2020, 8:47 AM
Xqt added a comment.Jan 7 2020, 6:46 AM

I propose not to have an intermediate release dropping Py2.7.6 or Py2.7.8 only but to desupport Python 2 as a whole in next few weeks or months after the next stable release when the tests passes. See parent task for this.

Dvorapa closed this task as Declined.Jan 7 2020, 9:03 AM

Agree. This minor step would require an extra work and extra time

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL