Mea culpa...corrected my former posting.
1 Like
Hi @Juron
I've been watching this discussion over its various parts for a few weeks now, but without saying anything. Firstly, I'm not sure we've spoken before? I'm Matt, I've been involved with Plone for fifteen years now. During that time I've served on the foundation board, the membership committee, the framework team and the security team, as well as various other informal roles. During my time working with Plone I've been (jointly with my friends and colleagues) responsible for Plone's legal protection, for community engagement and for ensuring the best technical decisions are taken. I flatter myself that I know the community and the software quite well by this point.
There are a few specific points you've made that I'd like to respond to.
The EOL of Python 2.7 leads to migration issues and work overload. Unsolicited work needs to be done. Furthermore this work is experienced as needless. Without value being added.
This is not true. Moving to a future version of Plone that does not support Python 2 brings advantages, as every new version of Plone has advantages over the previous one. If you don't want to upgrade to a later version of Plone you can stay with the same version running on the same interpreter.
Furthermore I like Plone Legacy more than I like Plone Current. So I do not only have to migrate to Python 3. I also have to migrate to Plone versions I do not like to use
It is not the case that you have to migrate. Yes, Python 2 is out of security support now, but that doesn't mean it's any less secure. Rather, it means that the way you mitigate problems in future will be different. For any Python security problems (I think we might have had 1 or 2 exploitable Python bugs in Plone's history so far) you will not be mitigating them by updating your interpreter but by applying mitigations to the application or applying third party patches, such as distro patches.
Upgrading to the latest Plone version and therefore the latest Python version is not your only option.
This betrays one of the core misunderstandings in this process. Plone is a sponsor of the Python Software Foundation. Plone does not make significant donations to the Python Software Foundation. Plone has no votes in the PSF's decision making process and has little influence on the PSF. The general opinion of Python developers is that Plone is behind-the-times and makes questionable software engineering decisions.
Even if it were the honestly held belief of the Plone community that Python 2 should be revived (which it is not), it would be beyond our ability.
This may be true (although I think it's false), but just because there's no need for something doesn't mean that we can ignore it. The fact is that Python 3 exists and is generally considered to be a good thing. We as a project depend on the ability to gain new developers and new users. Maintaining Python 2 compatibility is directly harmful to the objective of gaining new developers. Not having Python3 compatibility would be directly harmful to being able to gain new users.
Regardless of what should have happened, Python 3 is here now and we have no choice but to support it as a project. The fact that we want to support it is a bonus.
There are few, if any, opportunities that come with Python 2 support for new versions of Python. There are plenty of opportunities for you, as a professional, to support older Python 2 sites but Python 2 compatibility is not a major differentiator for adopting new software.
All versions of Plone 3.x are out of security support, maintaining Python 2 support would not change that. The amount of work to keep a version in security support is huge and we have no volunteers who want to support such old versions.
This is not the case. Many of us have spent hundreds or thousands of hours of our own time on migrating Plone and Zope code to Python 3 without ever being paid to do any commercial upgrade work. What benefit is there to end-users of updating your server's kernel? Or nginx version? There is always a cost in maintaining software, but we've worked hard on minimising it for this migration and such migrations are very rare indeed.
This is the final misunderstanding, I think. Watching over Python is the goal of the Plone Foundation, but it's not anybody's job. We're all volunteers, working in our own time and doing what we think is best. Thank you for submitting a PLIP, it's a type of volunteering, but it seems that all you're willing to volunteer for is to demand others do difficult work that they disagree with because you think it'd be beneficial in the long run.
So, in summary:
- Nobody is forcing you to use Python 3
- We appreciate your concern, but we disagree with your view of Python 2 and Python 3
- A vibrant future for Plone is what's most important to us, and it's our sincere belief that maintaining Python 2 support will hinder that from a marketing and developer retention standpoint, regardless of the quality of Python 2 vs Python 3
- As the investment to Python 3 has already happened the burden of proof does not lie with us to convince you of why it's a good idea. It's done now. If you want to reverse our decision you need to prove that it was a mistake. Nothing you have said contains a convincing argument to Python 2 being better than Python 3.
- This is not software that you've purchased. It's free software maintained by volunteers. The only way to get us to change our minds is with polite, well-reasoned arguments. Being rude to respected members of this community and accusing them of committing crimes makes it unthinkable that people would want to work with you, even if they agreed with what you are saying.
7 Likes
@Juron Your proposal is too late. Just yesterday I accepted the pull request to remove the six package as Zope dependency. It was necessary to run on both Python versions. (See https://github.com/zopefoundation/Zope/pull/724)
This way the upcoming Zope 5 (on which newer Plone versions will run) no longer will support Python 2 for the same maintenance burden reasons Plone will drop Python 2 support. It requires enough time to maintain support for 4 Python 3 versions (3.5 up to 3.8).
5 Likes
Hi @MatthewWilkes thank you for your extended reply. I think we never met.
You are right. Moving to a newer version of Plone brings advantages. In the same time not all advantages are experienced as advantage. There are advantages in Plone 5.2 I do not like. That is mostly a matter of preference.
But this is not about Plone. It is about Python 3. Python 3 does not add value. The value that is being added to Plone 5.2 by Plone can be achieved with Python 2 because Plone 5.2 runs both on Python 2 and 3.
It is just a matter of saying "no". First Python (TM) fooled Big Tech to migrate. And now others have to follow. When you look in to the statistics there is reluctance of the market to accept Python 3. Even today 50% is still using Python 2. If it wasn't for the EOL of Python 2.7, Python 3 would not have a chance on the open and free market.
Is that so. My opinion is that Python (TM) makes questionable EOL decisions.
With respect to the distro's this means I have to change my distro. When I want to use an other Py2-supplier there are issues with RestrictedPython, virtualenv and the installer.
And, does this mean that Plone 4.3 users can -as long Plone 4.3 is supported- rely on Plone-securityfixes in case there are security issues with Python 2?
The argument that the EOL of Python 2.7 is based on economical grounds is not about Zope/Plone. You explain clearly that Plone has no votes in the PSF's decision making process and has little influence on the PSF. And that the general opinion of Python developers is that Plone is behind-the-times and makes questionable software engineering decisions. To be honest about this: I would not buy from a supplier with this much contempt to its sponsors/users. I first started this discussion at the forum of the Python Community. I asked nicely to undo the EOL of Python 2. The only thing I got was insults and hostility from the sysadmin of that forum. To me that is the attitude of a supplier I wish to disappear.
I bet some devs are paid well by Big Tech to do the migration to Python 3 for Google or Dropbox etc. Didn't Guido van Rossum do the work himself? When it comes to server's kernel or Nginx version I only have use the upgrade function on my distro. Sometimes I need to make a small change to make.conf to set DEFAULT_VERSIONS or reinstall all ports to upgrading something like Perl for example. That is just part of the normal upgrading procedure on my distro. Nginx sometimes makes small changes needed in the server-configuration, but I never have to re-do everything again to get what I had before upgrading. I also never have to change disto because of server's kernel or Nginx upgrade. That change of disto is needed is part of the unfair competition that comes with the EOL of Python 2.
With the EOL of Python 2.7 is something totally different going on because this time I can not follow the normal upgrade procedures. I have to learn coding and migrating first. Then I have to migrate to Plone 5.2 and than I have to migrate to Python 3 and I even have to migrate the database to Python 3. This migration to Plone 5.2 is a big thing because of the third party products. Of course I started to upgrade to experiment with Plone 5.2 but I have to do and rethink everything over again I made on Plone 4.3.
Meaning it is a job I do not want to give priority to because it will only give me changes that are cosmetic to me. I am happy with Plone 4.3.x IMO it good enough to last for years to come.
Yes it would. Now both Plone 3.x and Python 2 are out of security support. Meaning that there is less chance that someone else is going to take care of Plone 3.x security.
The EOL of Python 2.7 is closing markets.
You are missing my point. I do not want people to do difficult work that they disagree with. First of all the PLIP is about lifting work. Second of all: difficult work needs to be done, and other difficult work needs to end. This PLIP is about a shift that needs to be made in the difficult work that needs to be done with the result that less work is done and new things happen in a natural manner. The goal is to get the best out off all worlds. And yes I think it'd be beneficial in the long run. I even think it'd be more beneficial in the long run than using Python 3. Now with the EOL of Python 2 I need to do difficult work to stay mainstream. Or I have to put money on the table for others to do the job. That is IMO not what FOSS is about.
It is not about being better. It is about necessity. There must be a real big security issue or any other technical problem with Python 2 that can not be solved otherwise to legitimize such a big investment from the market to migrate to Python 3. There are no security issues with Python 2 that are solved with Python 3. Nothing is solved with Python 3. Python 3 is just on other Python-dialect. The changes in Python 3 are about subjective likes and dislikes. Those changes can be made to Python 2 too because of the __future__ module. This module proves that there is no need for Python 3. I have not seen one valide argument against that.
It is IMO a childish and unprofessional argument to say that Python 3 is superior so that migration is needed. Python 2 is doing its job very well.
This I also do not believe. I think that Plone Legacy is a winner. Economics is a matter of demand and supply. Almost all (experienced) Python developers today know Python 2.7. If it wasn't for the EOL of Python 2 I would choose Plone Legacy over Plone Current because of all the third party products that are available today.
Sorry if people on this forum have the impression that I accuse Ploners of committing crimes. That is not what I want to say. I do not accuse anyone of the Plone Community of committing crimes. I am saying that the EOL of Python 2.7 is a scam and that the Python-users at large are accepting this against there own interest. I also say that customers can hold there contractors accountable for that. That is a risk that is put on others by the EOL of Python 2.
And again you prove my point because many of the Plone Community have spent hundreds or thousands of hours of there own time on migrating Plone and Zope code to Python 3 without ever being paid to do any commercial upgrade work. What new things would have happened if all those hours were spent in other work? I would make enhancements to the buildout I have or spend time on sales instead of migrating.
Again you prove my point. Python (TM) choose a migration strategies that is out of the ordinary. That is way we have this discussion. I bet that if Plone 2.7 wasn't EOL'ed the migration of Plone 5.2 to Python 3 would not have happened (yet).
.oO( need to stack up my strategic popcorn reserve )
3 Likes
https://stxnext.com/blog/2019/04/16/python-3-migration-guide/ seems helpful!
"This guide will show you how to upgrade to Python 3 quickly, easily, and cost-effectively."
1 Like
@Juron If you're going to reply to my message please do my the courtesy of replying to what I say, not using it as a platform to rant.
This forum is not an appropriate place to discuss things that are not about Plone. Kindly stop it.
Yes.
Nobody is forcing you to change your distro. It is an option available to you to get a supported version of Python 2.
I'm glad, so we can drop this now? You're happy with the software you have and it works.
I can guarantee you, as a member of the Plone security team, we do not take care of Plone 3 security. Nobody is looking for bugs. If bugs are reported they will go unfixed unless they affect modern versions of Plone.
.
And you have not bought anything. You're using something that is freely available and complaining that the people donating their time didn't do exactly what you (with the benefit of hindsight) wished they would have done. You can buy Python 2.7 support. I'm sure you would be able to buy extended Plone 4.x support after that is EOLed. You will not be getting either for free from the Plone community.
I'm afraid this is exactly what FOSS is about. You have free softwate provided with no warranty. You are free to modify it. You are free to commission people to improve it on your behalf. You do not have a right to have work done for you for free.
Yes, but they weren't. It doesn't matter at all that you disagree with what happened, the fact is it happened. Imagine we've built a bike shed and painted it red. You come along after and say that we could have just varnished it. Maybe you're right. Maybe you're not. But even if you are right, the question is no longer "should we paint or varnish the shed?" it's "should we strip off all that paint and varnish the shed?".
You're too late. The work for Python 3 has been done. Many thousands of people have spent years on it. It's simply too late to say that the work wasn't needed and have anything happen. It's done. If you want to argue that Python 3 should be abandoned and Python 2 should be revived, this is not the place.
You may still choose to run old versions of Plone. They still work.
I think you owe some people a real apology, not a "sorry if you have the impression" half-apology.
You are welcome to. We can't tell you how to spend your time any more than you can tell us how to spend ours.
Now, please stop this disruptive intervention. We understand that you disagree with the process that has happened. We understand that you're upset. Reiterating why you're upset and what you would have done differently are not appropriate. The draft PLIP you've written above is utterly unacceptable in its current state.
You have a number of options, as I see it. They are, in order of what I'd recommend:
- Pick an alternate vendor of Python 2 that does not require changes to the Plone 4.3 codebase to work. Switch to that vendor. Make community posts asking about hardening Plone so you can be confident that your sites will continue to be secure after Plone 4.3 leaves security support.
- Continue using Plone 4.3 and Python 2 using the official releases, even after they fall out of security support, with no mitigation of potential problems.
- Write a PLIP suggesting a final 4.x release that supports an alternate Python 2 vendor. In this case, you should make the case why a final release that adds support for this alternate vendor will be useful to our end users. You should explain the technical challenges involved and why this is helpful. There should be no emotive language in this PLIP at all, just stick to the facts. If people agree that Tauthon support for a final point release of Plone 4.3 is worth the effort we can talk about how it can be achieved.
- Migrate to later versions of Plone and Python, despite the fact that you disagree.
- Migrate to another content management system
Whichever of the options you choose, you need to understand that we will not be reversing the decision to move onto Python 3. That ship has sailed. If you choose not to move forwards with us onto newer versions of Plone that's your decision, but we will not be changing our plans to accommodate you.
Nothing you can say will change our minds. Sorry.
The choice you have now is between engaging with us in good faith and talking about what your options are in the full knowledge that you will not get your preferred option, or you can stop bringing this up.
Matthew
4 Likes
If people agree that Tauthon support for a final point release of Plone 4.3 is worth the effort and when it is achieved, you are gone drop Python (TM) and keep on doing your Python 3 code on the same Py-stack as I use for Plone Legacy.
Perfect. So, your next steps are to present the relevant information in a dispassionate way. I know people have told you that the next steps are to try running code for each package on Tauthon to get an idea of how much breaks.
If you can make a post that details what things are broken using Tauthon then it'll be easier for people to decide if they think it's worthwhile to add compatibility.
As you've seen, most people on this forum are not enthusiastic, but we have no data right now.
Follow the documentation on building a development environment for Plone and run the tests and report back.
1 Like
@polyester called me sea-lioning first. And it was not about @polyester. What I said about fraud and extortion is about Python (TM). And @polyester fooling himself about it. Python (TM) owe us all a real apology for its EOL-scam.
I am really sorry @polyester, I do not mean you, I meant Python (TM) is fraud.
I never start about scams and fraud when upgrading. I always follow upstream. But this EOL really hurts. I really think there can be a case build against Python (TM) because of the EOL of Python 2.7. There is so much proof of willingly and knowingly fooling customers with technical arguments that have no objective ground. That the __future__ module is not used by Python (TM) for further development is an other proof of malpractice. Python (TM) also must change its user-terms. Python (TM) has to warn customers that they have to pay after several years of free use for doing difficult work migrating to the next version, or die. The do or die methodology for Python migration is in fact extortion. That is what I am talking about.
Python (TM) can repair this fault by 1) making a really apology to all Python users and 2) undo the EOL of Python 2.7 and 3) use the __future__ module for further development, or 4) die.
Thanks. I will,
1 Like
To clarify, after re-reading that previous post, we will not be abandoning Python 3 even if you get Tauthon working.
And, for the last time, stop accusing people of fraud. In a message that was ostensibly an apology the majority was accusing Python's development team of fraud.
You will not accuse anyone of fraud, extortion or any form of malicious behaviour over the Python 3 migration again. Even as an attempt to explain past statements. Is that clear?
1 Like
I advice you to not start this argument. I am not the right person for that. I have warned you for serious legal problems you have with Python (TM). Your customers can sue your ass of if they understand. We are gone investigate the use of Tauthon now. So you are taking precautions. But the problem with Python (TM) is still there. If you are gone fight me on this you are supporting things you must not support if you do not want the risk of legal actions from others against you as professional. It is totally normal in FOSS-society to warn others for viruses and hacks and exploits. This is the same thing. I must tell you. And I must tell others. Do not be emotional about it. Tauthon is on its way.
This is not an argument. You will not use Plone community message boards as a venue for libel. You will receive no more warnings.
Don't argue with me on this if you do not want to make yourself liable. I will shut up about it in the Plone-fora. And if anyone want me to I can explain the public prosecutor very well how the above facts need to be seen with respect to the penal code and good practice in trade and commerce.
Seriously. No. There is no question at all here. Nobody is going to be intimidated by you about this. The Python community has done nothing wrong and we vehemently object to anything that categorises their actions as in any way malicious.
No threats. No bogus legal advice. The things you've said are not the position of this community and we condemn any suggestion that the PSF and its contributors have done anything wrong.
2 Likes
Why do you keep on brining this up? If you think it is a bogus legal advice than think again. I do not intimidate anybody. Why would you be intimidated by me? I only explain that if I have to fight about this the other is going to loose. That is all. The case is already made. Do you want me to write the letter to the public prosecutor? Some people making decisions messing up my projects. That is a no go.
People can become bankrupted because of this. Or even jailed. Just saying.
I do not agree with you with respect to the Python Community. I think it is a dangerous game it is playing. Like they never had proper legal advice. I also think the Python Community must accept its responsibility and undo the EOL of Python 2.7.
I do not want to get in to a fight about this in this discussion we had. Best thing is not to keep on brining it up. I know now you do not agree with the facts. That is called denialism. Do the words "chain liability" mean anything to you?
I relaxed with the interim score of this new PLIP. I have told you I'll shut up about it in the Plonefora. I am not gone sue anybody. Only if I am made to. If I am made to I will and the other will feel sorrow. Just saying.
And I hope that everybody noticed that this new PLIP really works because new things already start happening in a natural manner.
And thank you all for the discussion so far. And the attention you all gave to this proposal.
J.
This topic is now locked and your account has been restricted.
This forum is not for insinuating that people have broken the law. I gave you plenty of chances to apologise and, if not retract your comments, to let it fall by the wayside.
Your comments in this thread and previous threads constitute sustained disruption to our community. If you want to accuse someone of a crime do it to the police, not on our forums.
You're still very welcome to submit a Tauthon compatibility PLIP according to our process, but it must not be a rant like this has been.
Plone will not be a vehicle for your accusations. Any future messages you submit (here or elsewhere) must be strictly on topic. If I see you making unfounded accusations, harassing Plone or Python developers or trolling on other platforms I will block you there, too.
5 Likes
Can we please stop yelling at each other, or calling bad things.
I think there is a serious misunderstanding here. I see @Juron wants to continue working on Plone 4.x, which is perfectly fine for him. You could run that with your favorite operating system on Python 2.7 or maybe Thautron. You will just not recieve any free feature or security support for Python by the Python community, and after release of Plone 6 from the Plone Community. Does that mean that the Plone instances needs to be taken down immedatly? No it is just a question of risk and support. There are People out in the Internet that run much older Versions of Plone or other Software without official Support.
Will Plone continue to support Python 2 in any Plone Version higher Plone 6: No
There are several good reasons to not do this. First of all, compatibility for different incompatible base versions needs special work and extra testing. That is not benefical to the large majority in the community. The Plone Communityis fully voluntary, so no one of us gets paid for developing the free Plone Product. Some work as Consultance and get Paid for doing Support or Contract Work ontop of Plone, but not for work on Plone itself.
Also you asked what makes Python 3 better than Python 2, or the other way around, what could not be done by Python 2 or a Thautron with __future__ imports that can be done by Python 3:
As a computer scientist I can say both Languages are Turing complete, so everything could be done on both versions. But that is not the question to aband Python 2 for Plone 6.
To understand the benifits of Python 3 you might also need the understand the history of Zope and Plone.
Zope, The Application Server, Plone depends on was in the early days of Python the killer application that made Python more known. Plone then became the killer application on-top of Zope.
So if Zope & Plone did need some more generic feature, some of these dependencies were implemented in the Python standard library.
But as always not all first attemps where successful or the best implementation. So there are a lot of Lessons learnd from Zope, Plone and the general Python Community for the Language Python and the Python Standard Library.
So beside deprected some language elements like the print-Statement Python 3 is a huge Cleanup of the Standard Library. Deprecation of severaly Standard Library Modules and change of imports is always a hard and lot of work for developers and will bring a lot of anger in the community. But also the benefits of a much cleare Library helps afterwards.
Working on the changes of the Python 3 Standard Library makes it much easier to develop and maintain additional FOSS Software like Plone. Also now much more developer could more easyly start working on Plone as Plone also adopts more general Python community tools and workflows.
The Problem you have with "Plone Legacy" which I guess is a Plone 4.3.x is, that you prefer it over Plone 5 because of some design decissions and the larger eco-system of working add-ons.
Well as stated, you could continue to run a Plone Legacy without problems, you could even develop on that base yourself. But at a certain point you will not get any support, anymore.
As the technical foundation of Plone 4.3 and Plone 5 is very modular, it might even be possible to lift a Plone 4.4 to work on Python 3. but that also brings no benefits for the Plone community in large, as Plone 4 is almost 10 years old and Plone 5 already 5 years.
That are normal update and renewal cycles.
So for Zope/Plone Community, focusing just on Python 3 does make a lot of sense, as the workload now after upgrade, will extremely decline. Also all external dependencies that are maintained and aband Python 2, would need to be forked and so on. That is something we could not lift.
We could not maintain the whole Legacy Python eco-system.
On the other hand, working on Python 3, enables us to reuse code and modules writen for Pyramid, WSGI, pytest and much much more, so that the overal work for us decreases and we could focus on feature improvements of Plone itself.
So for @Juron you could continue to work on Plone Legacy as is, but with no community support, or work to run Plone 4 on Python 3. The other alternative to maintain a fork of Plone 4 that runs on Thautron will not work, as the very base dependency on Zope and Plone RestrictedPython 3.6 is so extremely dependend on interals of the CPython implementation, that it would be to hard for you to get it run. RestrictedPython 4 and 5 might be able to run on Thautron, but then you already half the way to get a Plone 4 run on Python 3, so no real benefit for you. And almost all add-ons are easy to port.
So could we please close this thread. There will not be any other answer to your request to keep Python 2 support forever in the Plone code, than: "NO THAT WILL NOT HAPPEN". Keeping up with the official Python Releases is the way to go.
7 Likes