Security support for pypy and jython

To: team@security.debian.org
Cc: debian-lts@lists.debian.org, Adrian Bunk <bunk@debian.org>, stefanor@debian.org
Subject: Security support for pypy and jython
From: Sylvain Beucler <beuc@beuc.net>
Date: Thu, 8 Aug 2024 12:10:32 +0200
Message-id: <[🔎] dcddcf63-cc2d-4ef3-a00e-f116585834a6@beuc.net>

Hello Security Team,

python2.7 was marked unsupported in bullseye.

We recently noted that pypy[v2] (included up to bullseye) and jython(all dists) include the python2 stdlib. Unlike pypy3, neither packagecurrently track the associated CVEs.

Do we want to mark pypy and jython as EOL, or limited-support, indebian-security-support?

Incidentally are there other packages that mass-embed python2 stdlibthat we should also consider (I checked data/embedded-code-copies)?


Cheers!
Sylvain Beucler
Debian LTS Team

Reply to:

Follow-Ups:
- Re: Security support for pypy and jython
  - From: Santiago Ruano Rincón <santiagorr@riseup.net>

Prev by Date: Re: gpac end-of-life in stretch (and recommendation for buster/bullseye)
Next by Date: Re: gpac end-of-life in stretch (and recommendation for buster/bullseye)
Previous by thread: Re: gpac end-of-life in stretch (and recommendation for buster/bullseye)
Next by thread: Re: Security support for pypy and jython
Index(es):
- Date
- Thread