Consider dropping support for Python 3.6 #604
Comments
|
Ubuntu 18.04 still uses python3.6 |
Which I see is still supported until April 2023. So let's keep 3.6 support for now, and deal with it if it ever becomes a significant problem for IRRD. |
A bunch of additional dependencies are pinned lower for #604
Due to #604, we are stuck to a number of old dependencies. Some of these have vulnerabilities that do not affect us, but PyUp does not support dismissing them, causing the badge to always show as "insecure".
|
Our dependencies are removing 3.6 support fairly fast. Out of 44 direct dependencies, I have had to pin the versions of 9 already to keep 3.6 compatibility. Two of those have vulnerabilities, but so far none that affect us. If one has a vulnerability or critical bug that does affect IRRd, our only option is to vendor the package into IRRd or fork it and fix it manually, which can take considerable time and effort. This will also become an increasing issue with ongoing development too. We can only drop Python versions in minor (4.x.0) releases, as we need to be able to patch older releases. Although I generally prefer keeping upgrades easy, I propose we drop 3.6 support starting 4.3.0, before it starts to hurt more. |
|
Would 3.8 still be in play ? |
Definitely. At least for another 2.5 years. |
Python 3.6 has passed end of life. It's currently blocking an upgrade to the latest ujson and setuptools dependency. That should be ok for now, but eventually the 3.6 support will start hurting more. Dropping 3.6 also allows a bit of cleanup. Some OS vendors may still be supporting 3.6 for a while though, so main question is whether there are any major IRRD deployments that are running on 3.6.
The text was updated successfully, but these errors were encountered: