[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security support for pypy and jython



On Thu, Aug 29, 2024 at 05:06:51PM -0300, Santiago Ruano Rincón wrote:
> 
> Following a discussion on IRC, it seems that for bullseye, it would make
> more sense to explicitly declare the python 2 ecosystem (python2.7,
> pypy, jython) as non supported. This is actually the current status,
> since python2.7 didn't receive any security update so far in bullseye.
> From the bullseye release notes, we can read: "Python 2 is already
> beyond its End Of Life, and will receive no security updates. [1]"
> 
> [1] https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#noteworthy-obsolete-packages
> 
> Also, the entries in the security tracker support this conclusion:
> 
>     [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
> 
> I think there is a confusion about what security-support-limited.* is
> meant for. At least, I had forgotten to take into account a comment by
> Moritz about how the security team understands the packages included in
> security-support-limited at the time of a debian release. I hope solving
> https://bugs.debian.org/1053462 would help to better understand the
> status of such packages.
> 
> If there are no objections, I will create a MR to move python2.7, pypy
> and jython from security-support-limited.deb11 to
> security-support-ended.11.
> 
I agree with moving python2.7, pypy, and jython from limited to ended.

Regards,

-Roberto

-- 
Roberto C. Sánchez


Reply to: