On Mon, Mar 16, 2015 at 10:43 AM, Roy Smith <r...@panix.com> wrote: > The big problem continues to be the legacy projects. People made > decisions years ago about what packages to use, and those decisions are > hard to get away from. There is a lot of production code out there > which still uses third-party packages that are effectively abandonware > by now. But the code still runs, and there's little incentive to mess > with it. Rather than migrate to p3, it's more likely those systems will > continue to run for years to run on p2, until eventually somebody turns > out the lights.
At some point, the fact that those third-party packages aren't being maintained will _itself_ be a problem. To be sure, no individual one is likely to be as big a target as to attract attention, but all it takes is one good exploit and you're completely stuck. What do you do once someone discovers that they can compromise your server, not through Python itself, but through some library that nobody supports *at all* any more? How much downtime will it take to re-secure your system? If compromises and outages aren't a concern to you, then there's no problem, stick to the abandoned packages. But if they are - if your code is internet-facing in any way - then you'll eventually need to upgrade to a newer bugfix version of everything you're using, and that means switching out those abandonware packages for some that are actively maintained. Notice how nothing in the above two paragraphs mentions Python 2 vs 3 at all? The problem you're looking at is abandoned modules, not Python 3. Py3 just helps you to notice it sooner. It's entirely possible that you have a Red Hat system running Python 2.3/2.4 and you can't even upgrade as far as 2.7 because you have a dep that's incompatible with 2.7. This problem will _always_ come up. Either you depend on something that gets upgraded periodically, or you carry the maintenance burden yourself (fix the code yourself, or stick with the old versions). ChrisA -- https://mail.python.org/mailman/listinfo/python-list
