From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: Fwd: Dropping Python 2 (python-mechanize + knock on effects) Date: Thu, 13 May 2021 14:13:05 +0200 Message-ID: <27d69b91-0dee-179c-fe5f-8bad6c1ddf1b@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2462532773852812119==" List-Id: --===============2462532773852812119== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Jonatan, On 12/05/2021 20:26, Jonatan Schlag wrote: > Forgot to add the list :-( > > *Von:* Jonatan Schlag >> *Datum:* 12. Mai 2021 um 20:25:24 MESZ >> *An:* Adolf Belka >> *Betreff:* *Aw: Dropping Python 2 (python-mechanize + knock on effects)* >> >> =EF=BB=BFHi, >> >>> Am 12.05.2021 um 14:31 schrieb Adolf Belka : >>> >>> =EF=BB=BFHi All, >>> >>> I went to have a look at updating python-mechanize to python3. This can b= e done, there is a release from end of 2019 which is python3 compatible. >>> >>> Noticed that it has a dependency of python-clientform. This turns out to = have been obsoleted in 2008 and mechanize now provides the same API as client= form did. So clientform can be removed. >>> >>> Then noticed that python-mechanize is a dependency in python-feedparser a= nd both are dependencies for python-rssdler. >>> >>> feedparser has a more up to date version which is also python compatible = but I noticed that it's purpose is to parse Atom and RSS feeds in python and = I wonder if this is really something we want in a firewall. >>> >>> Looking at python-rssdler it is from the google code archive and the vers= ion was released in 2008. The most current version is from 2009 and nothing h= as been done since then with it. The purpose of this module is to automatical= ly download enclosures and other objects linked to various RSS feeds such as = podcasts, videocasts and torrents. >>> >>> Again this doesn't seem to be the sort of module to have in a firewall an= d especially when it is 12 years old. >>> >> I checked this and my conclusion are the same so I would suggest to drop a= ll four packages. >> Thanks very much. Full clean build with all of these packages removed gave no= problems. Patch has been submitted. >> Jonatan >> >>> >>> My proposal would be to remove python-rssdler, python-feedparser and pyth= on-clientform. python-mechanize could be updated to a python3 version if it i= s believed to be required but my view would be to also remove this. It's purp= ose is to provide stateful, programmatic web browsing, including ftp,http and= file:URL schemes etc. More can be found at https://pypi.org/project/mechaniz= e/ >>> >>> >>> I would appreciate your feedback before I do anything further here as I m= ay not have the whole picture of what these addons are being used for. >>> >>> >>> Regards, >>> >>> Adolf. >>> >>> >>>> On 05/05/2021 16:27, Michael Tremer wrote: >>>> Hello, >>>> >>>> I would like to talk about what has been discussed at the last developer= conference call this week: Dropping Python 2 >>>> >>>> This version of Python has reached its end of life and will no longer re= ceive any security fixes. Hence we need to get rid of it as soon as possible. >>>> >>>> However, there is lots of software that still depends on it which has to= be migrated away first. >>>> >>>> There are at least the following packages: >>>> >>>> boost >>>> fetchmail >>>> fireinfo >>>> iotop >>>> ipaddr >>>> libxml2 >>>> libxslt >>>> newt >>>> nmap >>>> python >>>> python-clientform >>>> python-daemon >>>> python-distutils >>>> python-distutils-extra >>>> python-docutils >>>> python-feedparser >>>> python-inotify >>>> python-ipaddress >>>> python-m2crypto >>>> python-mechanize >>>> python-optional-src >>>> python-pyparsing >>>> python-rssdler >>>> python-setuptools >>>> python-six >>>> python-typing >>>> >>>> We also have the following scripts: >>>> >>>> config/ca-certificates/certdata2pem.py >>>> config/unbound/unbound-dhcp-leases-bridge >>>> >>>> Fireinfo is written by us and has a lot of C which will make it a little= bit more difficult to migrate. We would also have to be very careful to not = change any behaviour of the current implementation. >>>> >>>> The rest is probably either software that is entirely written in Python = 2 or software that brings bindings for Python. The latter case is easy becaus= e we can either force it to build with Python 3 or we just disable the bindin= gs. >>>> >>>> Ultimately we might need to keep Python around in the build system if th= ere are other packages that rely on it. However, it would be great if we were= able to remove it from the distribution very soon. Looking at his list, it d= oes not seem to be too difficult. >>>> >>>> Would anyone be up to help and remove Python from any of those packages = above? I would like to aim for Core Update 158 and remove as much stuff as po= ssible - if we can everything - and then remove Python 2 in the update after = that. If anyone has any custom scripts or applications, people will have some= time to migrate away. >>>> >>>> Best, >>>> -Michael --===============2462532773852812119==--