Page MenuHomePhabricator

Drop support for Python 2.7.6 and lower
Open, LowestPublic

Description

The official life cycle of Python 2 exceeds on 2020-01-01 but few days ago we found some issues (T199959, T203435) caused by the Cryptography package. After py2.6 and py3.3 has been dropped and py2.7.2 and 2.7.3 is proposed to be dropped soon (T191192) I propose to abandon the support of Python from 2.7.4 to 2.7.6 too.

If someone cannot upgrade to a newer version of Python, the older Pywikibot releases are still available either via pypi package or the corresponding tag in our repository but one should be aware that these issues may still lead to problems with the Cryptography package.

Details

Related Gerrit Patches:

Event Timeline

Dvorapa created this task.Sep 4 2018, 3:19 PM

Note that python 2.7.6 is what is currently installed in the Toolforge environment, so that should likely depend on T199003.

I checked several systems and both run 2.7.6. . This task is way too soon. Come back in a couple of years. You're going way too fast on this dropping campaign.

Multichill triaged this task as Lowest priority.Sep 4 2018, 4:18 PM

I think that encouraging people to use updated versions that do not depend on vulnerable dependencies is a good idea. While I agree it can be hard or annoying to go system by system to do so, I feel this is not something we should wait a couple of years to accomplish. Thanks.

@Multichill Per my point of view there are two possibilities:

  1. Depend on vulnerable version of Cryptography package
  2. Drop py2.7.6

PS: I would suggest to slowly move from Trusty, because in April 2019 the maintenance support period end is expected.

Xqt changed the task status from Open to Stalled.Oct 26 2018, 3:00 AM

Stalled until 2.7.3 is dropped

Xqt added a comment.Oct 26 2018, 3:06 AM
This comment was removed by Xqt.
Xqt changed the status of subtask T191192: Drop support for python 2.7.2 and 2.7.3 from Stalled to Open.Dec 3 2018, 9:44 PM
Xqt added a comment.Jan 15 2019, 12:02 PM

This release also shows a security warning:

urllib3\util\ssl_.py:160: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this.

The minimum version is 2.7.9 to stop this error from occuring.

This release also shows a security warning:

urllib3\util\ssl_.py:160: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this.

The minimum version is 2.7.9 to stop this error from occuring.

Can’t that be solved by installing the security extra for requests? (At least rTHERd2ff281 was enough in T200159)

Xqt changed the task status from Stalled to Open.Feb 13 2019, 3:29 PM

Change 508093 had a related patch set uploaded (by Xqt; owner: Xqt):
[pywikibot/core@master] Show deprecation warning for Python 2

https://gerrit.wikimedia.org/r/508093

Change 508093 merged by jenkins-bot:
[pywikibot/core@master] Show deprecation warning for Python 2

https://gerrit.wikimedia.org/r/508093