You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Brad Schoening (Jira)" <ji...@apache.org> on 2022/01/07 16:52:00 UTC

[jira] [Comment Edited] (CASSANDRA-17242) Remove Python 2.x support from CQLSH

    [ https://issues.apache.org/jira/browse/CASSANDRA-17242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17470748#comment-17470748 ] 

Brad Schoening edited comment on CASSANDRA-17242 at 1/7/22, 4:51 PM:
---------------------------------------------------------------------

The Cassandra 4.0.x CQLSH code is still backwards compatible with python 2.7.  This Jira is to suggest remove support for python 2.x entirely.

   " cqlsh support of 2.7 is deprecated and will warn when running with Python 2.7" in cqlsh.py

This is undesirable for several reasons

a) Python 3 features can't be used unless they've been backported to python 2.7, so the Cassandra python code base can't be modernized while still supporting 2.7

b) Changes require testing with both python 3.x and 2.7; most contributors don't have a python 2.x environment anymore by default.

c) There are known security vulnerabilities in python 2.7 which are not being patched now that it is EOL.  Some of the known ones are [CVE-2021-23336|https://nvd.nist.gov/vuln/detail/CVE-2021-23336], [CVE-2021-3177|https://nvd.nist.gov/vuln/detail/CVE-2021-3177], [CVE-2020-27619|https://nvd.nist.gov/vuln/detail/CVE-2020-27619], [CVE-2020-26116|https://nvd.nist.gov/vuln/detail/CVE-2020-26116], [CVE-2019-20907|https://nvd.nist.gov/vuln/detail/CVE-2019-20907], [CVE-2020-8492|https://nvd.nist.gov/vuln/detail/CVE-2020-8492] (according to a list at [Python 2 Security Vulnerability (CVE) Updates - Extended Support (activestate.com) )|https://www.activestate.com/products/python/python-2-end-of-life-security-updates/]


was (Author: bschoeni):
The Cassandra 4.0.x CQLSH code is still backwards compatible with python 2.7.  

   " cqlsh support of 2.7 is deprecated and will warn when running with Python 2.7" in cqlsh.py

This is undesirable for several reasons

a) Python 3 features can't be used unless they've been backported to python 2.7, so the Cassandra python code base can't be modernized while still supporting 2.7

b) Changes require testing with both python 3.x and 2.7; most contributors don't have a python 2.x environment anymore by default.

c) There are known security vulnerabilities in python 2.7 which are not being patched now that it is EOL.  Some of the known ones are [CVE-2021-23336|https://nvd.nist.gov/vuln/detail/CVE-2021-23336], [CVE-2021-3177|https://nvd.nist.gov/vuln/detail/CVE-2021-3177], [CVE-2020-27619|https://nvd.nist.gov/vuln/detail/CVE-2020-27619], [CVE-2020-26116|https://nvd.nist.gov/vuln/detail/CVE-2020-26116], [CVE-2019-20907|https://nvd.nist.gov/vuln/detail/CVE-2019-20907], [CVE-2020-8492|https://nvd.nist.gov/vuln/detail/CVE-2020-8492] (according to a list at [Python 2 Security Vulnerability (CVE) Updates - Extended Support (activestate.com) )|https://www.activestate.com/products/python/python-2-end-of-life-security-updates/]

> Remove Python 2.x support from CQLSH
> ------------------------------------
>
>                 Key: CASSANDRA-17242
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17242
>             Project: Cassandra
>          Issue Type: Task
>          Components: CQL/Interpreter
>            Reporter: Brad Schoening
>            Priority: Normal
>
> Python 2 has now reached EOL and should be removed from CQLSH and other Cassandra components.
> "We are volunteers who make and take care of the Python programming language. We have decided that January 1, 2020, was the day that we sunset Python 2. That means that we will not improve it anymore after that day, even if someone finds a security problem in it. You should upgrade to Python 3 as soon as you can.
> And if many people keep using Python 2, then that makes it hard for [the volunteers who use Python to make software|https://python3statement.org/#sections50-why]. They can't use the good new things in Python 3 to improve the tools they make.
> As of January 1st, 2020 no new bug reports, fixes, or changes will be made to Python 2, and Python 2 is no longer supported.
> "
> [https://www.python.org/doc/sunset-python-2/]
>  
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org