osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The Incredible Growth of Python (stackoverflow.blog)


On Tue, Sep 12, 2017 at 9:34 PM, Leam Hall <leamhall at gmail.com> wrote:
> On 09/12/2017 07:27 AM, Chris Angelico wrote:
>>
>> On Tue, Sep 12, 2017 at 9:20 PM, Leam Hall <leamhall at gmail.com> wrote:
>>>
>>> Hey Chris,
>>>
>>> This is an area the Python community can improve on. Even I would
>>> encourage
>>> someone new to Python and wanting to do webdev to use Python 3.
>>>
>>> But if someone comes onto the list, or IRC, and says they need to stay on
>>> Python 2 then please drop the dozens of e-mails and comments about
>>> upgrading. Help the person learn; that makes them happier with Python and
>>> when the time comes to switch to Python 3 they probably will.
>>
>>
>> If you read back in my emails, you may find that I actually wasn't
>> telling you to upgrade to Python 3 - just to Python 2.7, which is an
>> easy upgrade from 2.6, and gives you the security fixes and other
>> improvements that come from using a supported version of the language.
>> Is it "hostile" to tell people to upgrade like that? If someone is
>> using Python 3.2 today, I'm going to strongly recommend upgrading to
>> the latest 3.x. If someone's using Windows 98, I'm not going to say
>> "well, here's how to get everything working under Win98", I'm going to
>> say "upgrade to a better OS".
>>
>> If that's hostile, I am not sorry to be hostile. At some point, you
>> have to either get onto something supported, or do all the support
>> work yourself.
>>
>> ChrisA
>>
>
> Hey Chris; only some folks were overtly hostile.  :)
>
> Yet look at your answer; "upgrade". For a person working on a server there's
> usually no economic choice to do. The OS python must stay in place and the
> newly installed upgrade must be personally maintained, updated, and tested
> when security patches come out. For one desktop that's not an issue. For
> dozens, or hundreds, or thousands, its not likely to happen.

Until you get hit by a vulnerability that was patched four years ago,
but you didn't get the update. Now your server is down - or, worse,
has been compromised. What's the economic cost of that?

You might choose to accept that risk, but you have to at least be
aware that you're playing with fire. Laziness is not the cheap option
in the long run.

ChrisA