Python 2.7 removal outline
Miroslav Lachman
000.fbsd at quip.cz
Thu Mar 25 10:32:01 UTC 2021
On 25/03/2021 07:26, Dewayne Geraghty wrote:
> On 25/03/2021 4:01 am, Miroslav Lachman wrote:
>
>> I really appreciate the work of ports team, committers and maintainers
>> but I dislike double standards. All ports requiring Python 2.7 were
>> marked deprecated the last year almost all of them removed according to
>> expiration date 2020-12-31 but some of them are still there.
>> If there is Python 2.7, if there is Chromium then any of removed ports
>> can be there. If "we" want to get rid of them then "we" should remove
>> all of them and not just some by sentiment.
>> For example Iridium browser was removed because of Python 2.7 but
>> Chromium is still there. They are both based on the same source with the
>> same dependencies but Iridium cares more about privacy, yet it was
>> slaughtered instead of Chromium.
>> I really would like to see some policies for things like this next time.
>>
>> Miroslav Lachman
>
> Thanks Miroslav, I have the same view. Though I agree with Rene about
> the need to remove vulnerable ports and the interests of the FreeBSD
> community, its worth considering those with both a need and an
> understanding of the ramifications of using python2.7.
From the security point of view I can agree with removing ports
requiring Python 2.7 as run dependency but if I have it right, Iridium
nor Chromium have it as run dependency. Python is needed for build only
so users of Chromium, Iridium and many other ports / packages do not
need to have vulnerable Python 2.7 installed. But these ports were
removed anyway even if there is not proper replacement. Or in case of
Chromium vs Iridium the better one was removed.
Kind regards
Miroslav Lachman
More information about the freebsd-ports
mailing list