Re: Security support for pypy and jython
On Thu, Aug 29, 2024 at 05:06:51PM -0300, Santiago Ruano Rincón wrote:
>
> Following a discussion on IRC, it seems that for bullseye, it would make
> more sense to explicitly declare the python 2 ecosystem (python2.7,
> pypy, jython) as non supported. This is actually the current status,
> since python2.7 didn't receive any security update so far in bullseye.
> From the bullseye release notes, we can read: "Python 2 is already
> beyond its End Of Life, and will receive no security updates. [1]"
>
> [1] https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#noteworthy-obsolete-packages
>
> Also, the entries in the security tracker support this conclusion:
>
> [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
>
> I think there is a confusion about what security-support-limited.* is
> meant for. At least, I had forgotten to take into account a comment by
> Moritz about how the security team understands the packages included in
> security-support-limited at the time of a debian release. I hope solving
> https://bugs.debian.org/1053462 would help to better understand the
> status of such packages.
>
> If there are no objections, I will create a MR to move python2.7, pypy
> and jython from security-support-limited.deb11 to
> security-support-ended.11.
>
I agree with moving python2.7, pypy, and jython from limited to ended.
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: