> No one told me someone had put an arbitrary countdown on the Internet. Well that's completely different.

No idea what I did to deserve that tone. That site also gives a high level overview of the change, which is why I linked it.

> What’s to stop someone else from backporting security fixes as needed ad infinitum?

Who? I haven’t heard anyone express a willingness to take up that mantle. “Someone will probably support it by the end of the year” is not the most robust security model.

I think the point is just because there's an EOL doesn't mean everyone will be ready or even willing to jump the ship. Companies run all sorts of old software. In 2017 7% of PCs were running Windows XP[1], which had EOL in 2014[2]. Why do you think an EOL will magically stop people using python 2.7? I'm sure even new code will be written after its EOL.

[1] https://www.businessinsider.com/how-many-people-use-windows-... [2] https://www.microsoft.com/en-us/WindowsForBusiness/end-of-xp...

Sorry, I didn't mean to direct harshness at you. It's more my continued amazement at the Python 3 debacle that drove my response.

You can tell a lot about how a project is run and the people running it by their attitude to breaking changes.

Java, for example, has taken this very seriously. I mean it also explains why generics are kind of the mess they are but they didn't really have a lot of good choices here. What's more, people can compile older code with newer compilers by setting the language version.

Rust seems to be making the right noises. Since 1.0 I'm not sure if there has been any and their plan is to save those for major versions.

Perl 6... is an interesting one. Perl 5 actually had a lot of momentum but Perl 6 pretty much drove Perl into irrelevancy.

C# did make breaking changes but did it sufficiently early and they benefitted from the second mover advantage learning from Java's mistakes. IIRC C# added generics without type erasure in 2.0?

Python 3 was I think almost Python's Perl 6 moment. The only thing that probably saved Python from sliding into history was things like numpy/scipy, ML (eg pytorch), etc. Here's where the GIL doesn't really matter and Python's interface to C modules works really well.

For other applications people have (IMHO) started to move away from dynamic languages, something I personally support. The way I like to describe dynamic languages is you end up writing unit tests for spelling mistakes.

>> What’s to stop someone else from backporting security fixes as needed ad infinitum?

>Who? I haven’t heard anyone express a willingness to take up that mantle.

Tauthon [0] kind of fits the bill here. It's a fork of 2.7 with some backported features from the 3 branch, so they're in a position to backport security fixes as well. How well that arrangement holds up once the PSF officially drops 2 remains to be seen, but if anybody is in a position to keep providing support it's probably them.

[0] https://github.com/naftaliharris/tauthon

> Who? I haven’t heard anyone express a willingness to take up that mantle.

There are many companies and projects who claims to maintain an internal version of Python 2.7. Maintaining after all is not so hard, at the end you only must make sure it compiles and connects to the neccessary APIs.

> What's to stop someone else backporting security patches and necessary fixes as needed ad infinitum?

Nothing, it may even prove to be a business model, and vendors like Red Hat may be forced to do that anyway.

But back-porting security fixes to core Python 2.7 is one thing, but for many 3rd party libraries? Especially if they're GPL'd? That would take a coordinated effort, which again might happen, but hasn't materialized yet. So betting on that seems risky at the moment.

Python 2.7 EOL has been public knowledge for quite a while (and even pushed out once before). True, it is very convenient to forget about, and hope somebody else will sort out your tech debt.