[gigatexal]

I’m of the opinion that one should only maintain python2 projects not actively develop and expand them. If your project needed http2 then it should be ported to python3.

Edit: would using python3 in a container make sense where the distribution only ships legacy python?

[harryf]

The current version of Redhat - RHEL 7 - which most banks, large enterprises etc. are using comes with a system python version of 2.7.5 and you need to jump through hoops to install Python 3.x ( e.g. https://stackoverflow.com/questions/8087184/problems-install... ), which may not even be possible if you're in an environment where security is tightly controlled.

There is the possibility of Python 3.x being default in RHEL 8 ( https://fedoraproject.org/wiki/Changes/Python_3_as_Default ) but right now RHEL 8 isn't released and there's no date for it being released. And even once it is released, it will be more years before big enterprises really start switching

TLDR ignore python 2.7 and alienate RHEL customers

[derefr]

Developers relying on OS scripting runtimes for their applications are misusing the OS; and environments that only allow the use of OS scripting runtimes are fundamentally misunderstanding their job.

OS scripting runtimes are there for the OS to use, in its system software and services. Such runtimes are not there for anyone else to use. They’re implementation details of the OS.

This is the reason that certain platform-bytecode libraries get packaged into OS packages, while most don’t. Those packages are also there strictly for the OS itself to use, with versioning allowing other OS packages to rely on them. If you’re not writing OS software (e.g. something that runs under init(8), speaks D-Bus, is part of minimal installs, etc.) then you shouldn’t be relying on those packages.

Consider the fact that a lot of “application software” OS packages—packages shipped by the distro!—actually vendor their own runtime and libraries. They do this because they have separate needs from the super-stable-but-minimal runtime provided by the OS.

If not even the distros themselves think it’s worthwhile to rely on the OS runtime for everything, you shouldn’t either.

Unless your software’s relationship with a daemon or library is “I expect that it was already here when I got here, because that exact ABI version of it is part of the definition of the platform we target”—just vendor the dang deps.

Yes, they become your responsibility to audit. The distro was never going to do that job for any software not required to run itself anyway.

[kevinmgranger]

Hoops? Enabling an SCL isn't hard. https://developers.redhat.com/blog/2014/02/18/migrate-to-pyt...

[Spiritus]

>you need to jump through hoops to install Python 3.x

What? You can install Python 3.6 from EPEL[1], takes 5 seconds.

[1] https://fedoraproject.org/wiki/EPEL

[rckclmbr]

Then you have to use scl, which kind of sucks. Better to just install the fedora packages. Or compile it yourself (but you should really package it if you're deploying it on a lot of servers)

[drb91]

Meh, RHEL customers can look after themselves and maintain a python2 fork. Unless they’re paying you it makes sense to target the most recent version of the language.

[gigatexal]

I’m not an enterprise developer but does RHEL 7 support docker? Run python3 in a container. Isn’t that the point of containers?

[nudpiedo]

you mean bringing code which has not been cleared as secure & authorized by corporation's legal experts? BigCorp makes all those easy things hard (usually after lessons learnt).

[gigatexal]

Even if you run official builds by the python foundation from the library on docker hub? That seems like a business opportunity: certify software for RHEL by all the government bodies and pay RH for sign off and then be the only vendor to be sanctioned to run “third party but vetted” python3.

[rspeer]

If a group has a security policy that makes it hard for them to install Python 3, of course there's no way in hell they're installing Docker.

[gigatexal]

fair enough i didn't know these things; learned something new today.

[coldtea]

What if a company has a large codebase that's in Python 2 and wants http2? Will those suggesting porting help them bear the costs and manhours it takes?

(Google, for one, still uses 2. As does Dropbox. And both companies had Guido Van Rossum working for them at some point).

[ellisv]

> What if a company has a large codebase that's in Python 2 and wants http2? Will those suggesting porting help them bear the costs and manhours it takes?

This is why banks still use COBOL and Fortran.

[coldtea]

More power to them!

[goatlover]

Companies are going to have to port at some point.

[brudgers]

Google has Grumpy. Because writing a compiler is easier than porting. https://github.com/google/grumpy

[enitihas]

Not sure about that. Some companies may have codebases as complicated as the python codebase itself. For them it may make more sense to maintain python2 than to upgrade. Granted, there will be very few such companies.

[CJefferson]

Python 2 is popular enough that someone will keep up support for decades to come. Just making sure it supports new OS releases, and fixing the occasional bug, will not be a significant overhead.

[kbutler]

Unjustifiable assertion.

  - they could continue to maintain python2
  - they could move to a non-python platform
  - they could go out of business
  - they could hold out for Python4 (Python3 was only 8 years after Python2)
  ...

[kevinmgranger]

GVR has already said that Python 4 (if it's even ever called that) will not have the same kind of breaking changes 3 did.

[kbutler]

And 3 had different changes than 2 (https://docs.python.org/3/whatsnew/2.0.html) though it is interesting that Unicode support was a big feature in both, and that many people still find Python3’s Unicode support problematic (e.g., http://lucumr.pocoo.org/2014/5/12/everything-about-unicode/)

But if an individual or organization does not find the python 3 updates and ecosystem a compelling upgrade over 2, “don’t update until the next big change” is definitely one option.

[kevinmgranger]

The whole point of my comment is that there won't be a "next big change", just lots of smaller ones.

[devy]

All aforementioned large companies have a diverse tech stack rather than a single stack, let alone programming language versions. Having Python BDFL working for them doesn't necessarily mean they will follow Python community consensus. Neither was Guido tasked to help them upgrade their python stack to 3.x AFAIK.

Python core team will eventually cease support 2.x support at some point[1], so the ones who uses 2.x will be on their own. Will the cost of self-patching python 2.x lower than rewrite the software application you developed on 2.x? Well, that's on them to decide. After 2.x being officially deprecated, what's the point of having a Async HTTP/2 client working (mostly back-porting features that's already on 3k) on 2.x?

[1]: https://pythonclock.org/

[always_good]

> After 2.x being officially deprecated, what's the point of having a Async HTTP/2 client working (mostly back-porting features that's already on 3k) on 2.x?

Once again, the point is that software will continue working beyond that deprecation event.

As you said, the cost/benefit analysis of a rewrite isn't always in favor of a rewrite at that point in time. So what must follow is that there will be Python 2 software out in the wild for some time regardless of support. What other possibility is there?

[devy]

> Once again, the point is that software will continue working beyond that deprecation event.

Yes, python 2.x code will work - but in the event major CVEs for a piece of software stack that's deprecated, you are left to no choice but to fix on your own. Those sometime are by no means no small feat! And mind you this is an ongoing battle to patch up security holes.

[k1ns]

Posted an issue here: https://github.com/vladmunteanu/th2c/issues/27