On 2021-11-18 0:43, Eugene Grosbein wrote:
17.11.2021 17:16, Rene Ladan wrote:
On Wed, Nov 17, 2021 at 12:37:07AM -0800, Maxim Sobolev wrote:
P.S. AFAIK our documented criteria for removing a port is when one of the
following is true:
o Port lacks maintaintership;
o Port has issues building on supported releases;
o Port clearly has no users/use;
o Port has some serious security issues.
The lang/python27 did not belong to either of those bins, IMHO.
"Unmaintained upstream" is also a criterion, and Python 2.7 fits there.
This is bad criterion for open source software and should not be considered
without other reasons
like "unfetchable" or "has known critical vulnerabilities".
It very likely has known critical vulnerabilities. For example,
CVE-2021-3177 is a potential RCE bug in Python 3.x. It was officially
fixed upstream, and the backported fix is found in Python 2.7 LTS contracts.
