Open a-detiste opened 3 months ago
vmwclabot
commented
3 months ago @a-detiste, we have received your signed contributor license agreement. The review is usually completed within a week, but may take longer under certain circumstances. Another comment will be added to the pull request to notify you when the merge can proceed.
mtsvetanov
commented
3 months ago Hello @a-detiste, could you please elaborate the motivation about this change?
I know that python 2 was EOL-ed 4 and a half years ago and that the six module itself hasn't been maintained/supported after 2021. However what are the concrete reasons for cleaning it up here? Are there known CVEs that affect it? Or it is the inconvenience (and risk) of having an extra dependency?
Thanks!
a-detiste
commented
3 months ago I posted a little write up here: https://wiki.debian.org/Python3-six-removal
My fear of having things mysteriously start to break back then was real.
For example pytest depends on requests which depends on urllib3 which dependend on six.
So when Urllib3 was updated from 1.x to 2.x we had in the whole Debian distro like 30 packages that had an undeclared dependency on six which all started failing building on the same day.
We have since identified a longish list of deprecated library that needs to be slowly & carefully removed.
The new emergency is distutils remove which hinders the upgrade to Python3.12.
https://wiki.debian.org/Python/Dead%20Batteries
So your little contribution would be greatly appreciated.
a-detiste
commented
3 months ago six is only a polyfilm that enable to write Python2.x compatible code, it doesn't have any other purpose
a-detiste
commented
3 months ago On your side it's a -63 +38 diff, so it means less code to maintain. The knoweledge of what six was and what was it's purpose is quickly fading away. Some upstreams have already started a cargo cult around it :-(
vmwclabot
commented
2 months ago @a-detiste, VMware has approved your signed contributor license agreement.
@a-detiste, you must sign our contributor license agreement before your changes are merged. Click here to sign the agreement. If you are a VMware employee, read this for further instruction.