annoyance with Python 3.2 support in Django 1.8

543 views
Skip to first unread message

Tim Graham

unread,
Nov 25, 2015, 7:36:53 PM11/25/15
to Django developers (Contributions to Django itself)
Django 1.8 is the last version to support Python 3.2. Python 3.2 is scheduled to be end of life at February 2016 [1] while Django 1.8 is scheduled to be supported until April 2018. The latest security release for the 3.2 series, Python 3.2.6 contained a regression that causes 30 admin test failures in the Django test suite related to parsing of httponly cookies. I'm not sure if this problem is limited to the test client or if it has the potential to cause problems in a web server context (if anyone is using Python 3.2.6, I'd be interested to know). I submitted a patch to Python to correct the issue [2], but it appears unlikely that the patch will be applied along with a new release (no response from Python 3.2 release manager in 1 year).

Due to the test failures, we cannot run the Django test suite with Python 3.2 on the Ubuntu 14.04 CI machines which use the deadsnakes PPA [3] to install the latest version of Python (3.2.6). Therefore the tests are limited to running on our one remaining Ubuntu 12.04 CI machine which includes Python 3.2.3 (deadsnakes doesn't bundle versions of Python that would override the one included by the distribution). Support for Ubuntu 12.04 ends April 2017, so we shouldn't keep that machine longer than that.

Options:
1. Drop Python 3.2 support for Django 1.8 sometime before Django 1.8 EOL
2. Keep Python 3.2 support until Django 1.8 EOL:
  a. Don't worry about CI support and rely on local testing of security fixes (we had the same situation with Django 1.4 and Python 2.5)
  b. Install the latest non-broken Python 3.2 release (3.2.5) "manually" (without using deadsnakes) on the newer CI servers
3. Your idea

Thanks for your feedback!

[1] https://www.python.org/dev/peps/pep-0392/
[2] https://bugs.python.org/issue22758
[3] https://launchpad.net/~fkrull/+archive/ubuntu/deadsnakes

Asif Saifuddin

unread,
Nov 25, 2015, 11:22:33 PM11/25/15
to Django developers (Contributions to Django itself)
Python 3.2 should be removed as if any one use py3 should use 3.3+ or better the latest stable.

best

Asif

Aymeric Augustin

unread,
Nov 26, 2015, 8:41:45 AM11/26/15
to django-d...@googlegroups.com
2015-11-26 5:22 GMT+01:00 Asif Saifuddin <auv...@gmail.com>:
Python 3.2 should be removed as if any one use py3 should use 3.3+ or better the latest stable.

Hi Asif,

Your email sounds like the answer is obvious. It doesn't show that you thought about the use cases, especially those you don't have yourself and may be less familiar with. As such it's hard to take it at face value.

More generally, I've noticed that your contributions, either on this mailing list or on the bug tracker, tend to be very terse, not to bring new information, and not to be open for further debate. You'll be more convincing if you show that you took the time to understand the problem at hand and explain why you suggest a trade-off. When a question is being debated, there are usually at least two sides and any choice results from a trade-off e.g. X matters, but Y matters more.

Thanks,

-- 
Aymeric.

Raphael Michel

unread,
Nov 26, 2015, 9:26:44 AM11/26/15
to Tim Graham, Django developers (Contributions to Django itself)
Hi,

Am Wed, 25 Nov 2015 16:36:52 -0800 (PST)
schrieb Tim Graham <timog...@gmail.com>:
> b. Install the latest non-broken Python 3.2 release (3.2.5)
> "manually" (without using deadsnakes) on the newer CI servers

While it would only really hurt the people in charge with the bugfix
releases, as Django 1.8 will be around for another 2.5 years, I think
dropping CI is not a good idea, considering that is comparatively easy
to compile specific python versions by oneself.

However, we should definitely document somewhere that there are
possbile unknown problems with 3.2.6 and the django admin.

Cheers
Raphael

Aymeric Augustin

unread,
Nov 26, 2015, 9:36:32 AM11/26/15
to django-d...@googlegroups.com
Hello Tim,

Did you consider marking affected tests as expected failures on Python 3.2.6?

I've done that on one of my projects which faced this exact issue (or a closely related one):

Best regards,

-- 
Aymeric.

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/34dd15c4-dba5-46fe-9ac0-6d5a426db2df%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
Aymeric.

Tim Graham

unread,
Nov 26, 2015, 9:50:10 AM11/26/15
to Django developers (Contributions to Django itself)
The thing that makes me a little uncomfortable is promoting the use of possibly insecure Python 3.2 well after it's end-of-life. I guess there might be some Linux distributions that will backport security fixes to their own versions of Python 3.2, but it seems that Ubuntu 12.04's version of Python 3.2 didn't incorporate the security fix which caused breakage.

Is there anyone reading this planning a long-term deployment of Python 3.2? If so, how long?

Yes, we could mark the tests as expected failure if needed.

Donald Stufft

unread,
Nov 26, 2015, 9:53:51 AM11/26/15
to django-d...@googlegroups.com

On Nov 26, 2015, at 9:50 AM, Tim Graham <timog...@gmail.com> wrote:

The thing that makes me a little uncomfortable is promoting the use of possibly insecure Python 3.2 well after it's end-of-life. I guess there might be some Linux distributions that will backport security fixes to their own versions of Python 3.2, but it seems that Ubuntu 12.04's version of Python 3.2 didn't incorporate the security fix which caused breakage.

FTR the next major version of pip does not support Python 3.2.

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

signature.asc

Tim Graham

unread,
Dec 2, 2015, 2:05:01 PM12/2/15
to Django developers (Contributions to Django itself)
I ran into another snag trying to put the Python 3.2 tests on the 14.04 machines and that's that the unittest-xml-reporting package we use on Jenkins to collect the test results isn't compatible with Python 3.2 (the Ubuntu 12.04 machine uses an older fork of unittest-xml-reporting but I removed that hack on the 14.04 machines). Maybe I could find an older official version of unittest-xml-reporting that would work, but I don't think I'm adding any value with this exercise.

Given that no one reading this indicated that they plan a long-term deployment of Python 3.2, how about if in the next 1.8.x release we advertise that Python 3.2 support for Django 1.8 will end January 1, 2017? (we won't break anything intentionally after that, but we won't have to worry about testing and can spin down our 12.04 machine before it's EOL a few months later)

Shai Berger

unread,
Dec 2, 2015, 5:22:46 PM12/2/15
to django-d...@googlegroups.com
On Wednesday 02 December 2015 21:05:00 Tim Graham wrote:
>
> Given that no one reading this indicated that they plan a long-term
> deployment of Python 3.2, how about if in the next 1.8.x release we
> advertise that Python 3.2 support for Django 1.8 will end January 1, 2017?
> (we won't break anything intentionally after that, but we won't have to
> worry about testing and can spin down our 12.04 machine before it's EOL a
> few months later)
>

Since you brought the issue up yourself -- shouldn't we "swap" PyPy3 for
Python 3.2? Would that make running tests on ubuntu 14.04 easier?

Just a half-baked thought,

Shai.

Tim Graham

unread,
Dec 3, 2015, 10:50:24 AM12/3/15
to Django developers (Contributions to Django itself)
No, using pypy3 doesn't make things easier. There are a handful of test failures with pypy3 and it doesn't solve the issue that unittest-xml-reporting doesn't work with Python 3.2.

Issues aside, the main thing I'm trying to find out is, are we providing any substantial value supporting Django on an unsupported version of Python? So far no one has indicated "yes". If you care about Django security updates, shouldn't you care about Python security updates too?

Josh Smeaton

unread,
Dec 3, 2015, 5:18:53 PM12/3/15
to Django developers (Contributions to Django itself)
I agree with Tim. Unless someone puts their hand up to say they definitely require python 3.2 support for 1.8, I think it makes sense to drop support in the next dot release of 1.8. 3.2 isn't an easy python to find in the wild as far as I know, so I'd be surprised if there was any real support for it on 1.8 by users.

Chris Streeter

unread,
Dec 3, 2015, 6:30:42 PM12/3/15
to django-d...@googlegroups.com
Donald could probably provide more information, but this post from April shows the Python 3.2 numbers downloading from PyPI are constant, and pretty small [https://caremad.io/2015/04/a-year-of-pypi-downloads/] His take was that CI systems (like Django's!) were doing most of the Python 3.2 package downloading.

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.

Dan Stephenson

unread,
Dec 3, 2015, 8:08:12 PM12/3/15
to Django developers (Contributions to Django itself)
Do we currently raise any warnings/exceptions in cases where Python support has / or is about to be dropped (particularly mid LTS)..   As a suggestion, I was thinking it could be helpful to people affected we raised exception msg indicating the last Django version to support their current Python version?    I'd be happy to build if thought useful.

Tim Graham

unread,
Dec 5, 2015, 6:42:18 PM12/5/15
to Django developers (Contributions to Django itself)
No we haven't done that before. I think advertising it in the blog post and release notes would be enough. In particular, I'd like to advertise it as a tentative plan just in case someone comes along after we advertise the plan more widely and offers a compelling reason to continue Python 3.2 support.

Tim Graham

unread,
Dec 7, 2015, 2:33:53 PM12/7/15
to Django developers (Contributions to Django itself)
Here's a documentation proposal: https://github.com/django/django/pull/5783
Reply all
Reply to author
Forward
0 new messages