Hi Christian, On 03/10/2015 01:44 PM, Christian Hammond wrote: > According to > https://docs.djangoproject.com/en/1.7/internals/release-process/#supported-versions, > it appears that when Django 1.8 is released, Django 1.6 will no longer > receive security updates. I wanted to verify that this is true, and ask > whether there's a possibility of an extension on this timeframe.
It is true, and I don't think it should be extended. > I'll explain the situation we're in. > > I manage Review Board, a code review tool currently in use by several > thousand companies/organizations, many of whom (according to stats we > have available) are on Python 2.6. From conversations we've had, many of > these companies are on LTS releases of Linux distributions that bundle > Python 2.6 by default (including their mod_wsgi support, etc.), and are > likely to remain on it for the next year or two. Not to mention Amazon > Linux and other variants are all sticking with 2.6 for now as well. > > This puts us in a difficult position where we are unable to drop Python > 2.6 support without affecting a large number of installs out there (12% > of our base, or over 700 installs), meaning we haven't yet been able to > make the transition to Django 1.7/1.8 (as much as we want it). (It also > makes the lives of packagers easier who are trying to support software > stuck in this situation, from what I'm being told, as they're > responsible for security updates.) > > As Django 1.6 is the last release to support Python 2.6, it would be > very nice to have a longer-term security release plan while companies > transition over. We see this happening, but slowly. > > Is there any possibility of treating Django 1.6 as a special LTS release? I sympathize with your situation, but Python 2.6 reached end-of-life on October 29, 2013 (a year and a half ago now), and since then has been unsupported and not receiving security updates. I don't think the Django core team should set a precedent of extended support for Python versions which are themselves unsupported by the core Python developers. If some Linux distributions are backporting Python security patches to 2.6 themselves in order to extend its lifetime in their distribution, perhaps it would make sense to ask them whether they will also backport Django security patches to Django 1.6. (I would guess that some of them may already be planning to do so, and may even have already done so for previous Django releases in the past.) Carl -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/54FF6991.7080909%40oddbird.net. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
