Re: Python 3.x vs 2.7


Kento Yoshida
 

Thank you for your feedback, Iwamatsu-san.

-----Original Message-----
From: nobuhiro1.iwamatsu@toshiba.co.jp <nobuhiro1.iwamatsu@toshiba.co.jp>
Sent: Friday, April 3, 2020 8:19 AM
To: Kento Yoshida <kento.yoshida.wz@renesas.com>; cip-dev@lists.cip-project.org
Cc: cip-security@lists.cip-project.org
Subject: RE: Python 3.x vs 2.7

Hi,

As you may know, some of other packages we selected are dependent on python
3.x, so we may have the below options:

1. Maintain python 2.7 as well
2. Backport the upper duplicity which migrated python 3.x in bullseye
archive 3. Others

What do you think is best?
I hope we can decide the policy within the CIP core group because there shall be
similar problems for the others of python.

In my opinion, it is difficult to support Python2 for a super long term. And I think
it is difficult to support each library using Python2.
Therefore, I think Option2 is good. And if necessary, we can use
backposts.debian.org.
Actually, option-2 is dominant in the security team as well.

However, packages with large dependencies can be difficult to backports. For
example Kbuckup is difficult, I think.
Agree. We are not going to select the package which is GPL-3 or has a lot of dependent package, so the duplicity is only one candidate for us substantially.

Best regards,
Nobuhiro

From: cip-dev [mailto:cip-dev-bounces@lists.cip-project.org] On Behalf Of Kento
Yoshida
Sent: Thursday, April 2, 2020 6:59 PM
To: cip-dev@lists.cip-project.org
Cc: cip-security@lists.cip-project.org
Subject: [cip-dev] Python 3.x vs 2.7

Hi CIP core group,

The security package proposal is suspended now, but I'd like to discuss about the
python version which is suitable to maintain.

We selected "duplicity" for the requirement of system backup according to the
functionality, license, the number of dependencies and so on.
However, the duplicity in the Debian buster [1] dependent on python 2.7, which is
not maintained anymore [2].

[1] https://packages.debian.org/source/buster/duplicity
[2] https://pythonclock.org/

As you may know, some of other packages we selected are dependent on python
3.x, so we may have the below options:

1. Maintain python 2.7 as well
2. Backport the upper duplicity which migrated python 3.x in bullseye archive 3.
Others

What do you think is best?
I hope we can decide the policy within the CIP core group because there shall be
similar problems for the others of python.

FYI, unfortunately we couldn't find the alternative package for system backup. The
duplicity is the best package for us from the license and num of dependencies
point of view.
See the following.

<Rsync>
Encryption: No
Schedule backup: No
Incremental backup: Yes
License: GPL v3
Dependencies count (aprox): 24
Reference: https://rsync.samba.org/features.html

<duplicity>
Encryption: Yes
Schedule backup: No
Incremental backup: Yes
License: GPL v2
Dependencies count (aprox): 80
Reference: http://duplicity.nongnu.org/features.ht

<Backuppc>
Encryption: No
Schedule backup: Yes
Incremental backup: Yes
License: GPL-2+, X11
Dependencies count (aprox): 132
Reference: http://backuppc.sourceforge.net/info.html

<Amanda>
Encryption: Yes
Schedule backup: Yes
Incremental backup: Yes
License: GPL-2+
Dependencies count (aprox): 289
Reference: https://www.zmanda.com/amanda-community-edition.html

<Kbackup>
Encryption: Yes
Schedule backup: Yes
Incremental backup: Yes
License: GPL-2, LGPL-2.1, GFDL-1.2+, KDEeV Dependencies count (aprox): 414
Reference: https://kde.org/applications/utilities/org.kde.kbackup

Best regards,
Kent

Join cip-dev@lists.cip-project.org to automatically receive all group messages.