Drop Python 2 and 3.6 support

AzureAD / microsoft-authentication-library-for-python

Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".

https://stackoverflow.com/questions/tagged/azure-ad-msal+python

Other

788 stars 194 forks source link

Drop Python 2 and 3.6 support #406

Open jiasli opened 2 years ago

jiasli commented 2 years ago

Describe the bug

Python 2 has been deprecated long time ago: https://www.python.org/doc/sunset-python-2/

We have decided that January 1, 2020, was the day that we sunset Python 2.

Customers asked Azure CLI to drop Python 2 since 2019-11-23 in https://github.com/Azure/azure-cli/issues/11362 and Azure CLI finally dropped Python 2 in https://github.com/Azure/azure-cli/pull/11363.

As there is no security maintenance for Python 2 anymore. Running MSAL on Python imposes security risks: https://www.activestate.com/products/python/python-2-end-of-life-security-updates/

rayluo commented 2 years ago

We will label this issue as "Internal" (rather than an "Enhancement"), because the only difference of MSAL dropping Python 2 is we the MSAL maintainers can use Python 3 in our code base. Our customers would not feel any difference.

By the way, dropping Python 2 is technically a removal of a behavior, so it would only happen with a major version bump. Libraries will announce the end of support in a stable release with a changelog entry like "this is the last version to support 2.7". The next stable release will require Python 3.7+. Bugfixes and new features will assume 3.7.

Also, core libraries like identity will move more slowly because they should be the last to drop 2.7 support. Same applies to MSAL.

lmazuel commented 2 years ago

@rayluo if that helps, SDK world dropped Python 2 on Jan 1st 2022: https://github.com/Azure/azure-sdk-for-python/issues/20691

jiasli commented 2 years ago

I saw MSAL's CI still has tests for Python 2.7, 3.5 and 3.6:

Azure CLI (https://github.com/Azure/azure-cli/issues/19858) and Azure Python SDK (https://github.com/Azure/azure-sdk-for-python/issues?q=is%3Aissue+is%3Aopen+drop+3.6) have now dropped Python 3.6.

Python 3.6 is out of security fixes since December 2021, meaning it’s not recommended to run Python code 3.6 anymore for customers. MSAL on Python 3.6 is potentially insecure as well.

yrro commented 1 year ago

FYI, RHEL 8 comes with Python 3.6, which will be maintained until May 2029.

rayluo commented 1 year ago

FYI, RHEL 8 comes with Python 3.6, which will be maintained until May 2029.

Thanks for the information. That same link indicates that RHEL even supports Python 2.7 until June 2024.

Regardless, most of the libraries in the ecosystem would probably, if they haven't already, drop old Python support in their release X.Y, long before those dates above. I guess someone in RHEL will then somehow pin their environment dependency as library Foo X.Y-1.