| From: | Steven Pousty <steve(dot)pousty(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Switching PL/Python to Python 3 by default in PostgreSQL 12 |
| Date: | 2019-07-06 19:02:28 |
| Message-ID: | CAKmB1PGDAy9mXxSTqUchYEi4iJAA6NKVj4P5BtAzvQ9wSDUwJw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings:
I am not sure if this has been brought up before but Python 2 is EOL on Jan
1 2020. After that time there will not be any security fixes or patches.
According to our most recent official documentation:
https://www.postgresql.org/docs/11/plpython-python23.html
*" The default will probably be changed to Python 3 in a distant future
release of PostgreSQL, depending on the progress of the migration to Python
3 in the Python community."*
I know we are late in the Postgresql 12 cycle but I think switching the
default to Python 3 is warranted given:
1. The serious nature of not having a default supported Python version soon
after the PostgreSQL 12 release
2. The next opportunity to change the default will be late 2020
If we do not switch our default version and a vulnerability arises in
Python 2 then we will end up either
1. Telling our users to run the default PL/Python with a known security
vulnerability
2. The PostgreSQL community patching it's python
I know there are implications for swapping the default version but I think
that is outweighed by the seriousness of the situation.
Thanks
Steve
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Davis | 2019-07-06 19:13:08 | Re: range_agg |
| Previous Message | Bruce Momjian | 2019-07-06 16:05:14 | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) |