This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author mgorny
Recipients Joel Croteau, Julian, christian.heimes, docs@python, eric.smith, gc2, lukasz.langa, mgorny, ncoghlan, ned.deily, pmoody, serhiy.storchaka, steve.dower, vstinner
Date 2021-05-01.07:36:51
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
> If it takes years for users to get to 3.10, we should reevaluate our 
> release cycle, not whether we aggressively break maintenance releases.

I don't really understand how that would help.  The problem is that users have major inertia for switching to newer Python versions.  A part of it is that a lot of people just don't care about deprecation warnings, and don't fix stuff until it's actually broken.  In the end, your projects are blocked from using new major Python version by broken dependencies with long release cycles.

I can't imagine deliberately leaving 3.8 and 3.9 vulnerable when 3.10 isn't going to reach final release in the next half year.  Gentoo stable is only switching to 3.9 next month.  I'm pretty sure some of our (few) corporate users are still on 3.7 or earlier.  Then, there are projects that literally include a vulnerable copy of Python 2.7 to get around distributions removing it.

I dare say this has less breakage potential than the &/; change.  It should be fixed on all affected versions.  If you don't do that, distributions will have to patch it anyway, and this will only lead to incompatibility between different Python package vendors.
Date User Action Args
2021-05-01 07:36:51mgornysetrecipients: + mgorny, ncoghlan, vstinner, eric.smith, christian.heimes, ned.deily, pmoody, docs@python, lukasz.langa, Julian, serhiy.storchaka, steve.dower, Joel Croteau, gc2
2021-05-01 07:36:51mgornysetmessageid: <>
2021-05-01 07:36:51mgornylinkissue36384 messages
2021-05-01 07:36:51mgornycreate