Open a-detiste opened 3 months ago
@a-detiste, we have received your signed contributor license agreement. The review is usually completed within a week, but may take longer under certain circumstances. Another comment will be added to the pull request to notify you when the merge can proceed.
Hello @a-detiste, could you please elaborate the motivation about this change?
I know that python 2 was EOL-ed 4 and a half years ago and that the six module itself hasn't been maintained/supported after 2021. However what are the concrete reasons for cleaning it up here? Are there known CVEs that affect it? Or it is the inconvenience (and risk) of having an extra dependency?
Thanks!
I posted a little write up here: https://wiki.debian.org/Python3-six-removal
My fear of having things mysteriously start to break back then was real.
For example pytest
depends on requests
which depends on urllib3
which dependend on six
.
So when Urllib3 was updated from 1.x to 2.x we had in the whole Debian distro like 30 packages that had an undeclared dependency on six
which all started failing building on the same day.
We have since identified a longish list of deprecated library that needs to be slowly & carefully removed.
The new emergency is distutils
remove which hinders the upgrade to Python3.12.
https://wiki.debian.org/Python/Dead%20Batteries
So your little contribution would be greatly appreciated.
six
is only a polyfilm that enable to write Python2.x compatible code, it doesn't have any other purpose
On your side it's a -63 +38 diff, so it means less code to maintain. The knoweledge of what six
was and what was it's purpose is quickly fading away. Some upstreams have already started a cargo cult around it :-(
@a-detiste, VMware has approved your signed contributor license agreement.
@a-detiste, you must sign our contributor license agreement before your changes are merged. Click here to sign the agreement. If you are a VMware employee, read this for further instruction.