Reconsider PyPy 3.7, and 3.8 removal in 0.23.x series

[Ousret]

Hello,

I am writing to ask for a revert of recent change introduced in 0.23.x releases.
The change I am referring to is located at #4582

I far as I can understand, no API / Bridge change occurred in the PR. No code simplification occurred, only the check for minimal version was patched.

While this change appear straightforward, it induce friction for integrators.
We want to publish new versions, but we are stuck/embarrassed due to the high level constraint (namely python_requires >= 3.7). There is no easy way to mark PyPy 3.7 and 3.8 excluded defacto so that pip or alike wouldn't pick the newer version.

I also understand that the change was motivated due to CI flakyness.

My proposal is as follow:

• Revert the change drop support for PyPy 3.7 and 3.8 #4582
• Add a warning that PyPy 3.7, 3.8 might not work, not tested upstream any more. due to constraints in PyO3 developments. Use at own risk.
• Remove CI pipelines for them OR marks them as success anyway (ignore non-zero exits).

This would be greatly appreciated.
Regards,

[davidhewitt]

Thanks for the request and I appreciate the pain. The problem is that without CI testing we cannot guarantee that outdated PyPy versions will not simply just crash. We prevent install on these versions for safely.

Can you explain how exactly the current situation is a problem? As far as I can see, it will only affect users running PyPy 3.7 or 3.8. the PyPy team does not support those versions any more nor encourage users to use them, so I don't see why we should be making it easier for users to continue to try to use these out of support versions.

[Ousret]

The problem is that without CI testing we cannot guarantee that outdated PyPy versions will not simply just crash. We prevent install on these versions for safely.

I understand that. Can we have a reduced (in terms of success definition) CI for them?

Can you explain how exactly the current situation is a problem? As far as I can see, it will only affect users running PyPy 3.7 or 3.8.

It is simple really. Doing a pip install trustme on PyPy 3.8 will crash while it succeed on PyPy 3.7. Normal users can't debug this easily.

Each project (from trustme and dependencies) have a python_require >= 3.7 which pip understand as "it will work on CPython 3.7, PyPy 3.7, CPython 3.8, PyPy 3.8, and so on.

We cannot, using simple means, exclude PyPy 3.7, and PyPy 3.8 due to what is exposed.

the PyPy team does not support those versions any more nor encourage users to use them

That I understand also. But there is an issue that is often underrated or ignored by maintainers. A lot of companies are still bound to EOLs CPython or PyPy, and they are massively abandoned by us. Big corporations may have slow upgrade scheme to upgrade their interpreters.

so I don't see why we should be making it easier for users to continue to try to use these out of support versions.

CPython 3.7 and 3.8 are both EOL but statistics shows that they are still massively used. See https://pypistats.org/packages/__all__
It's not about encouraging, it's about saying we trust them to know to update as soon as they can. Trust me when I say this, I worked in several companies where we had every developers wanting to upgrade, but we couldn't due to obsolete politics.

I hope you will consider that request.
Regards,

[mejrs]

Can you not use an older pyo3 version? 0.22 still supports them, I believe.

[Ousret]

We would need to give up on freethreaded builds for that, and every bit of improvements served in 0.23.x releases.
If the answer is no, we would have to consider dropping building for PyPy altogether, which would be unfortunate. We can't keep python_require >= 3.7 when it cause crashes, especially when it is about a dependency of a dependency.

[LilyFoote]

Each project (from trustme and dependencies) have a python_require >= 3.7 which pip understand as "it will work on CPython 3.7, PyPy 3.7, CPython 3.8, PyPy 3.8, and so on.

The latest release of trustme has requires-python = ">=3.9".

Looking at the Python Packaging User Guide I think you should be able to control which version of trustme is installed using environment markers. Something like:

# pyproject.toml

dependencies = [
    "trustme>=1.2.0; python_version>='3.9'",
    "trustme~=1.1.0; python_version=='3.8'",
]

[alex]

FWIW, we (pyca/cryptography) have been able to drop older PyPy's without incident.

…

On Wed, Dec 25, 2024 at 9:34 AM TAHRI Ahmed R. ***@***.***> wrote: We would need to give up on freethreaded builds for that, and every bit of improvements served in 0.23.x releases. If the answer is no, we would have to consider dropping building for PyPy altogether, which would be unfortunate. We can't keep python_require >= 3.7 when it cause crashes, especially when it is about a dependency of a dependency. — Reply to this email directly, view it on GitHub <#4799 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAAGBDON5EP72L2Q74TWUD2HK663AVCNFSM6AAAAABTUK6EJGVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTCNRWGQYDAMQ> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

-- All that is necessary for evil to succeed is for good people to do nothing.