Forgot to add the list :-(
Von: Jonatan Schlag jonatan.schlag@ipfire.org
Datum: 12. Mai 2021 um 20:25:24 MESZ An: Adolf Belka adolf.belka@ipfire.org Betreff: Aw: Dropping Python 2 (python-mechanize + knock on effects)
Hi,
Am 12.05.2021 um 14:31 schrieb Adolf Belka adolf.belka@ipfire.org:
Hi All,
I went to have a look at updating python-mechanize to python3. This can be done, there is a release from end of 2019 which is python3 compatible.
Noticed that it has a dependency of python-clientform. This turns out to have been obsoleted in 2008 and mechanize now provides the same API as clientform did. So clientform can be removed.
Then noticed that python-mechanize is a dependency in python-feedparser and both are dependencies for python-rssdler.
feedparser has a more up to date version which is also python compatible but I noticed that it's purpose is to parse Atom and RSS feeds in python and I wonder if this is really something we want in a firewall.
Looking at python-rssdler it is from the google code archive and the version was released in 2008. The most current version is from 2009 and nothing has been done since then with it. The purpose of this module is to automatically download enclosures and other objects linked to various RSS feeds such as podcasts, videocasts and torrents.
Again this doesn't seem to be the sort of module to have in a firewall and especially when it is 12 years old.
I checked this and my conclusion are the same so I would suggest to drop all four packages.
Jonatan
My proposal would be to remove python-rssdler, python-feedparser and python-clientform. python-mechanize could be updated to a python3 version if it is believed to be required but my view would be to also remove this. It's purpose is to provide stateful, programmatic web browsing, including ftp,http and file:URL schemes etc. More can be found at https://pypi.org/project/mechanize/
I would appreciate your feedback before I do anything further here as I may not have the whole picture of what these addons are being used for.
Regards,
Adolf.
On 05/05/2021 16:27, Michael Tremer wrote:
Hello,
I would like to talk about what has been discussed at the last developer conference call this week: Dropping Python 2
This version of Python has reached its end of life and will no longer receive any security fixes. Hence we need to get rid of it as soon as possible.
However, there is lots of software that still depends on it which has to be migrated away first.
There are at least the following packages:
boost fetchmail fireinfo iotop ipaddr libxml2 libxslt newt nmap python python-clientform python-daemon python-distutils python-distutils-extra python-docutils python-feedparser python-inotify python-ipaddress python-m2crypto python-mechanize python-optional-src python-pyparsing python-rssdler python-setuptools python-six python-typing
We also have the following scripts:
config/ca-certificates/certdata2pem.py config/unbound/unbound-dhcp-leases-bridge
Fireinfo is written by us and has a lot of C which will make it a little bit more difficult to migrate. We would also have to be very careful to not change any behaviour of the current implementation.
The rest is probably either software that is entirely written in Python 2 or software that brings bindings for Python. The latter case is easy because we can either force it to build with Python 3 or we just disable the bindings.
Ultimately we might need to keep Python around in the build system if there are other packages that rely on it. However, it would be great if we were able to remove it from the distribution very soon. Looking at his list, it does not seem to be too difficult.
Would anyone be up to help and remove Python from any of those packages above? I would like to aim for Core Update 158 and remove as much stuff as possible - if we can everything - and then remove Python 2 in the update after that. If anyone has any custom scripts or applications, people will have some time to migrate away.
Best, -Michael
Hi Jonatan,
On 12/05/2021 20:26, Jonatan Schlag wrote:
Forgot to add the list :-(
*Von:* Jonatan Schlag jonatan.schlag@ipfire.org
*Datum:* 12. Mai 2021 um 20:25:24 MESZ *An:* Adolf Belka adolf.belka@ipfire.org *Betreff:* *Aw: Dropping Python 2 (python-mechanize + knock on effects)*
Hi,
Am 12.05.2021 um 14:31 schrieb Adolf Belka adolf.belka@ipfire.org:
Hi All,
I went to have a look at updating python-mechanize to python3. This can be done, there is a release from end of 2019 which is python3 compatible.
Noticed that it has a dependency of python-clientform. This turns out to have been obsoleted in 2008 and mechanize now provides the same API as clientform did. So clientform can be removed.
Then noticed that python-mechanize is a dependency in python-feedparser and both are dependencies for python-rssdler.
feedparser has a more up to date version which is also python compatible but I noticed that it's purpose is to parse Atom and RSS feeds in python and I wonder if this is really something we want in a firewall.
Looking at python-rssdler it is from the google code archive and the version was released in 2008. The most current version is from 2009 and nothing has been done since then with it. The purpose of this module is to automatically download enclosures and other objects linked to various RSS feeds such as podcasts, videocasts and torrents.
Again this doesn't seem to be the sort of module to have in a firewall and especially when it is 12 years old.
I checked this and my conclusion are the same so I would suggest to drop all four packages.
Thanks very much. Full clean build with all of these packages removed gave no problems. Patch has been submitted.
Jonatan
My proposal would be to remove python-rssdler, python-feedparser and python-clientform. python-mechanize could be updated to a python3 version if it is believed to be required but my view would be to also remove this. It's purpose is to provide stateful, programmatic web browsing, including ftp,http and file:URL schemes etc. More can be found at https://pypi.org/project/mechanize/
I would appreciate your feedback before I do anything further here as I may not have the whole picture of what these addons are being used for.
Regards,
Adolf.
On 05/05/2021 16:27, Michael Tremer wrote: Hello,
I would like to talk about what has been discussed at the last developer conference call this week: Dropping Python 2
This version of Python has reached its end of life and will no longer receive any security fixes. Hence we need to get rid of it as soon as possible.
However, there is lots of software that still depends on it which has to be migrated away first.
There are at least the following packages:
boost fetchmail fireinfo iotop ipaddr libxml2 libxslt newt nmap python python-clientform python-daemon python-distutils python-distutils-extra python-docutils python-feedparser python-inotify python-ipaddress python-m2crypto python-mechanize python-optional-src python-pyparsing python-rssdler python-setuptools python-six python-typing
We also have the following scripts:
config/ca-certificates/certdata2pem.py config/unbound/unbound-dhcp-leases-bridge
Fireinfo is written by us and has a lot of C which will make it a little bit more difficult to migrate. We would also have to be very careful to not change any behaviour of the current implementation.
The rest is probably either software that is entirely written in Python 2 or software that brings bindings for Python. The latter case is easy because we can either force it to build with Python 3 or we just disable the bindings.
Ultimately we might need to keep Python around in the build system if there are other packages that rely on it. However, it would be great if we were able to remove it from the distribution very soon. Looking at his list, it does not seem to be too difficult.
Would anyone be up to help and remove Python from any of those packages above? I would like to aim for Core Update 158 and remove as much stuff as possible - if we can everything - and then remove Python 2 in the update after that. If anyone has any custom scripts or applications, people will have some time to migrate away.
Best, -Michael
-
Adolf Belka -
Jonatan Schlag