Post AUSf2danZGCC1bUElc by lauren@mastodon.laurenweinstein.org
(DIR) More posts by lauren@mastodon.laurenweinstein.org
(DIR) Post #AUSdB63TQePShxnyqm by lauren@mastodon.laurenweinstein.org
2023-04-09T01:56:09Z
0 likes, 0 repeats
**** The Painful Python Pip Paradox, or: How to get a working "pip" for 2.x Python ****If you work with the Python programming language, you know that for all its benefits, it also has some, uh, faults.I would argue that among the worst of these is the split between the 2.x and 3.x python environments, with 3.x incompatible in key ways with 2.x.Worse, while many common applications and libraries still are based on 2.x today (e.g. 2.7.x), the python maintainers have moved aggressively for years to deprecate 2.x, with all manner of warnings and some years ago, removing 2.x support for the critical "pip" python package installer application.Without getting into the complexities of pip in 2.x and 3.x (and shared 2.x/3.x environments), let me cut to the chase and say that if you need to install python 2.x on a system today for crucial apps, you'll likely find that it no longer includes pip, and 3.x pip won't work with 2.x either.This is, to be blunt, really a pain in the you-know-what, and I have many bad words for the sensibilities of software engineers who think that this sort of evolution is friendly to anyone at all.Be that as it may, I found myself in this situation recently, and after much Google searching found a savior's webpage with what amounts to a standalone pip solution for exactly this situation. And damned -- it works! You can (if you choose) ignore the discussion of virtual environments, the "payload" you're looking for is "the 2.7 version of get-pip.py."Now, since the script contains a binary blob, there's a certain leap of faith involved in this -- and while I've satisfied myself of its legitimacy, all responsibility for using it is of course your own.So if you ever find yourself in this unenviable python pit of despair, be sure to check out this URL, and heed well the advice contained therein! Better yet, download the "get-pip.py" wonderful script right now from the page and save it for a "rainy day" when you really will need it. It could happen to you! -Lhttps://utcc.utoronto.ca/~cks/space/blog/python/Python2VirtualEnvIn2023
(DIR) Post #AUSdxCM1JP6691PtlQ by TruthSandwich@toad.social
2023-04-09T02:05:02Z
0 likes, 0 repeats
@lauren The shift from Python 2 to 3 was, uhm, not managed well. At all.
(DIR) Post #AUSerrsm67f39ulA2q by jannem@fosstodon.org
2023-04-09T02:15:18Z
0 likes, 0 repeats
@lauren Python 2 has been eol for a couple of years now, after a ten year window of moving to 3. No upstream updates, no upstream security patches. Also, packages are gradually bitrotting from lack of maintenance, or actively disappearing as the maintainers yank them from the repo.If you still must have Python 2, then relying on a binary pip blob is likely the least of your worries.
(DIR) Post #AUSf2danZGCC1bUElc by lauren@mastodon.laurenweinstein.org
2023-04-09T02:17:17Z
0 likes, 0 repeats
@jannem You are correct. It is also correct that there are an immense number of heavily used packages still dependent on 2, and new code still being written in 2. That's the reality. And another reality is that the 2->3 evolution was not well handled in terms of backwards compatibility.
(DIR) Post #AUSg5CqpY2X3uWm40m by jannem@fosstodon.org
2023-04-09T02:28:54Z
0 likes, 0 repeats
@lauren You can still get a level of support and security updates from Canonical for instance. But all those third party packages are going away. If you rely on a Python 2 application it is well past time to plan a migration path away. Writing new code in Python 2 today is frankly irresponsible.
(DIR) Post #AUSgkhRGjDuueLbTtI by lauren@mastodon.laurenweinstein.org
2023-04-09T02:36:26Z
0 likes, 0 repeats
@jannem Tell ya' what. If you got the funding, you can help find people to do the migrations for all those packages that still are important and for whom there is nobody around with enough volunteer time to work on them. You game?
(DIR) Post #AUSkXUCj1SnXehkujw by jannem@fosstodon.org
2023-04-09T03:18:52Z
0 likes, 0 repeats
@lauren How long does somebody legally and morally have to support a piece of open source software? With paid software it's easy: until the end of the support contract or you go bankrupt. For open source? Are Python maintainers obligated to support it forever? Giving a five year heads-up is not enough?No software is forever. No company or org supports the same version indefinitely - not unless you're ready to pay for it. You will always need an upgrade and migration plan.
(DIR) Post #AUSkxGWUVm72klIGPI by lauren@mastodon.laurenweinstein.org
2023-04-09T03:23:32Z
0 likes, 0 repeats
@jannem I didn't say anything about "obligations" or "forever support". And who is this "you" that you're speaking of? Because in reality lots of important equipment depends on software for which there is no migration plan. And this was all made MUCH worse by the way Python 3 was made so incompatible with 2. Typical software engineering "we don't care" think. We want our tools better, but screw anybody depending on the old versions.I've seen this attitude in software engineering since the start of my career many, many years ago. It sucked then and it sucks now. And you seem to be singing the same old song.
(DIR) Post #AUSmlNBE8QGXphnvns by seanm@infosec.exchange
2023-04-09T03:43:19Z
0 likes, 0 repeats
@lauren I found it pretty wild when pipenv maintainers deprecated support for Python 3.6 a year or two ago. The system default for Ubuntu 18.04 LTS that is only now reaching EOL. Broke one of our services until I pinned the older pipenv package that supported 3.6.It boggles my mind that the pipenv team thought it was appropriate to stop supporting a major OS and that Canonical didn't step in to figure something out.