On Thu, Aug 29, 2024 at 05:06:51PM -0300, Santiago Ruano Rincón wrote: > > Following a discussion on IRC, it seems that for bullseye, it would make > more sense to explicitly declare the python 2 ecosystem (python2.7, > pypy, jython) as non supported. This is actually the current status, > since python2.7 didn't receive any security update so far in bullseye. > From the bullseye release notes, we can read: "Python 2 is already > beyond its End Of Life, and will receive no security updates. [1]" > > [1] > https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#noteworthy-obsolete-packages > > Also, the entries in the security tracker support this conclusion: > > [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included > to build a few applications) > > I think there is a confusion about what security-support-limited.* is > meant for. At least, I had forgotten to take into account a comment by > Moritz about how the security team understands the packages included in > security-support-limited at the time of a debian release. I hope solving > https://bugs.debian.org/1053462 would help to better understand the > status of such packages. > > If there are no objections, I will create a MR to move python2.7, pypy > and jython from security-support-limited.deb11 to > security-support-ended.11. > I agree with moving python2.7, pypy, and jython from limited to ended.
Regards, -Roberto -- Roberto C. Sánchez