[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Does Guix provide security support for Python2? For how long?
|
From: |
Leo Famulari |
|
Subject: |
Re: Does Guix provide security support for Python2? For how long? |
|
Date: |
Fri, 15 Jan 2021 14:56:21 -0500 |
On Fri, Jan 15, 2021 at 02:18:09PM -0300, Jorge P. de Morais Neto wrote:
> Em [2021-01-15 sex 18:07:40+0100], zimoun escreveu:
>
> > As far as I know, Guix provides the security support that upstream
> > releases.
>
> I too suppose so in general. But I would like a more authoritative
> answer for the specific case of Python2. And, in fact, this should be
> publicly documented---in the manual or in the website, as well as the
> description of the python2 package and maybe also in the description of
> all python2-.* packages.
Because Python 2 is not supported upstream — at <https://python.org> —
we do not offer any security support for it.
If some other organization began supporting it, we might consider
switching to that source. But for now, the plan is to remove Python 2
from Guix before very long.
In general, Guix provides no security support for packages besides what
upstream provides. There may be exceptions but they are exceptional. I
don't agree that we should specifically document how much we support
certain packages. For every package, the best we can offer is what the
upstream developers provide. Guix is a distributor, and therefore we do
not do software development of packages.
Regarding offlineimap, if they do not port the software to Python 3, I
recommend switching to mbsync, from the isync package.
signature.asc
Description: PGP signature