| 1 |
On Sat, Jun 20, 2020 at 1:36 PM Aaron Bauman <bman@g.o> wrote: |
| 2 |
> |
| 3 |
> On Sat, Jun 20, 2020 at 10:32:28AM +0200, Ulrich Mueller wrote: |
| 4 |
> > >>>>> On Sat, 20 Jun 2020, Aaron Bauman wrote: |
| 5 |
> > |
| 6 |
> > >> # Aaron Bauman <bman@g.o> (2020-06-20) |
| 7 |
> > >> # Py2 only |
| 8 |
> > >> # Removal in 14 days |
| 9 |
> > |
| 10 |
> > I see these short deadlines quite often recently. Any reason why this |
| 11 |
> > can't be the usual 30 days? |
| 12 |
> > |
| 13 |
> |
| 14 |
> Hi, Ulrich. Yes, the deadlines are meant to speed up the process as we |
| 15 |
> have *roughly* 1000+ pkgs which must be converted to py3 or removed |
| 16 |
> before we can drop the interpreter. |
| 17 |
> |
| 18 |
|
| 19 |
Wouldn't it make more sense to just file bugs on ALL the impacted |
| 20 |
packages, wait a few weeks, and then makes ALL of them at once, with |
| 21 |
the regular 30d deadline? |
| 22 |
|
| 23 |
Or if filing bugs is administratively difficult then just post a list |
| 24 |
with packages and maintainers on -dev - this has been done for changes |
| 25 |
in the past. |
| 26 |
|
| 27 |
Right now it seems like some maintainers are finding out that their |
| 28 |
packages are impacted for the first time by having their packages |
| 29 |
masked. That means that end-users get a package mask notice and start |
| 30 |
taking action. Then a few days later the package is unmasked. Of |
| 31 |
course, by then half the users have probably started migrating to |
| 32 |
other packages - perhaps ones that are less suitable for them. |
| 33 |
|
| 34 |
You seem to think that maintainers should know if they're maintaining |
| 35 |
a v2-only package. I suspect that most maintainers don't pay that |
| 36 |
close attention to what versions of python are supported by their |
| 37 |
various packages, and neither do most users. If it runs then it runs, |
| 38 |
and most don't care which interpreter is being used. I get that it |
| 39 |
impacts the python team but we need to make these issues more visible |
| 40 |
to maintainers. |
| 41 |
|
| 42 |
Maintainers often have an assortment of packages, and probably don't |
| 43 |
realize when any particular one has a particular python compatibility |
| 44 |
issue. |
| 45 |
|
| 46 |
If it is difficult for you to identify all the impacted packages, why |
| 47 |
would it be any easier for a maintainer who has probably spent less |
| 48 |
time than you hunting down v2-only packages? |
| 49 |
|
| 50 |
It seems like we really need a better solution here. And just masking |
| 51 |
a package without filing any bug beforehand doesn't really seem |
| 52 |
in-line with policy. We don't even do that for serious security |
| 53 |
vulnerabilities. |
| 54 |
|
| 55 |
-- |
| 56 |
Rich |
Archives