Re: Bringing back lang/python27 with few modules?

From: Maxim Sobolev <>
Date: Sat, 20 Nov 2021 01:07:28 UTC
Well with regards to a language port, "vulnerability" has somewhat dubious
applicability. For sure there are many ways to write an insecure C program
allowed by the language itself. Shall we consider all C compilers
inheretedly bad based on just that?

Bottom line is that having well supported python 2 tools and environment
remains quite useful thing to have for a lot of FreeBSD users out there.
And this need is unlikely to go away in the next 2-3 years to come.


On Fri., Nov. 19, 2021, 2:41 p.m. Mel Pilgrim, <> wrote:

> On 2021-11-18 0:43, Eugene Grosbein wrote:
> > 17.11.2021 17:16, Rene Ladan wrote:
> >> On Wed, Nov 17, 2021 at 12:37:07AM -0800, Maxim Sobolev wrote:
> >>> P.S. AFAIK our documented criteria for removing a port is when one of
> the
> >>> following is true:
> >>>   o Port lacks maintaintership;
> >>>   o Port has issues building on supported releases;
> >>>   o Port clearly has no users/use;
> >>>   o Port has some serious security issues.
> >>>
> >>> The lang/python27 did not belong to either of those bins, IMHO.
> >>
> >> "Unmaintained upstream" is also a criterion, and Python 2.7 fits there.
> >
> > This is bad criterion for open source software and should not be
> considered without other reasons
> > like "unfetchable" or "has known critical vulnerabilities".
> It very likely has known critical vulnerabilities.  For example,
> CVE-2021-3177 is a potential RCE bug in Python 3.x.  It was officially
> fixed upstream, and the backported fix is found in Python 2.7 LTS
> contracts.