Python 2 to 3 conversion - embrace the pain
Chris Angelico
rosuav at gmail.com
Sun Mar 15 20:00:50 EDT 2015
On Mon, Mar 16, 2015 at 10:43 AM, Roy Smith <roy at panix.com> wrote:
> The big problem continues to be the legacy projects. People made
> decisions years ago about what packages to use, and those decisions are
> hard to get away from. There is a lot of production code out there
> which still uses third-party packages that are effectively abandonware
> by now. But the code still runs, and there's little incentive to mess
> with it. Rather than migrate to p3, it's more likely those systems will
> continue to run for years to run on p2, until eventually somebody turns
> out the lights.
At some point, the fact that those third-party packages aren't being
maintained will _itself_ be a problem. To be sure, no individual one
is likely to be as big a target as to attract attention, but all it
takes is one good exploit and you're completely stuck. What do you do
once someone discovers that they can compromise your server, not
through Python itself, but through some library that nobody supports
*at all* any more? How much downtime will it take to re-secure your
system?
If compromises and outages aren't a concern to you, then there's no
problem, stick to the abandoned packages. But if they are - if your
code is internet-facing in any way - then you'll eventually need to
upgrade to a newer bugfix version of everything you're using, and that
means switching out those abandonware packages for some that are
actively maintained.
Notice how nothing in the above two paragraphs mentions Python 2 vs 3
at all? The problem you're looking at is abandoned modules, not Python
3. Py3 just helps you to notice it sooner. It's entirely possible that
you have a Red Hat system running Python 2.3/2.4 and you can't even
upgrade as far as 2.7 because you have a dep that's incompatible with
2.7. This problem will _always_ come up. Either you depend on
something that gets upgraded periodically, or you carry the
maintenance burden yourself (fix the code yourself, or stick with the
old versions).
ChrisA
More information about the Python-list
mailing list