Python 2 Support Update 2022: Even if you’re only running Python 2 in non-production environments, it is still vulnerable. The increasing threat of supply chain attacks makes it more important than ever to secure your Python 2 code.
ActiveState continues to provide Python 2 support to help organizations safely run their Python 2 applications, services, and systems, at a fraction of the cost they spend in developer hours maintaining them.
ActiveState surveyed >1200 developers at the end of 2019 to better understand their plans for Python 2’s impending End Of Life (EOL). The results are now in, and have been compiled into a synopsized report that’s currently available for download. If you haven’t started to deal with the EOL issue yet, you’re not alone. The report can help you:
- Gauge where your EOL efforts stand relative to your peers
- Plan for migration to Python 3
- Understand your options if your migration efforts are blocked
This blog post will dive into a few more details, and give you some insight as to whether or not the industry as a whole is ready for the transition.
Python 2 EOL? Why Worry?
So, the Python 2 EOL date (January 1, 2020) has come and gone and as you may have noticed, the world failed to end, the apocalypse did not happen, and your Python 2 applications are still running.
In fact, Python users as a whole seem to be pretty unfazed. Take the most popular Python package by downloads, for example: urllib3. According to pypistats.org, the trend is toward less downloads of the Python 2 version than the Python 3 version post-EOL, but on some days downloads are split roughly 50/50:
Figure 1: Source = https://pypistats.org/packages/urllib3
This is reflected in ActiveState’s survey, which found that:
- 53% of respondents either have no EOL plan at all, or are unsure their organization has a plan in place.
- 50% of respondents feel somewhat prepared, or else have yet to start preparing for EOL.
So what’s the big deal?
The Real Issues with Python 2 EOL
The problem isn’t the fact that the Python Software Foundation and most package maintainers will now no longer provide support for Python 2. The real problem is the fact that existing Python 2 applications will become less reliable and more vulnerable over time as bugs, security issues and CVEs crop up – issues that will no longer be fixed by the community as they focus their efforts on Python 3 instead.
As a result, each organization needs to evaluate the risk for themselves. Some will feel it’s necessary to deal with the EOL fallout sooner rather than later. In fact, our survey shows that most respondents have already stopped developing new Python 2 applications in favor of Python 3:
Figure 2: How Many of Your Python Apps are Python 2?
But that still leaves more than one third of organizations with a sizable liability on their hands.
Where Does The Industry Go From Here?
The dollar cost of rewriting an application in a new language (or new version of a language) is non-trivial, but for any commercial application in a competitive market the real problem is opportunity cost. In other words, spending your resources on migration instead of building out new features and functionality may end up putting you months behind your competitors.
Despite the costs, 66% of survey respondents are either currently migrating their Python 2 applications to Python 3, planning to do so, or have already done so. In fact, pypistats.org currently lists a migration library called six (which enables Python 2 code to work on both Python 2 and Python 3), as the second most downloaded package for the past day, week and month:
While six is a key tool, it doesn’t solve all the migration issues organizations are likely to face, which include:
Figure 3: Respondents checked all issues that applied
Finding replacement packages was cited as the top concern in our survey. For example, some respondents reported a dependency on a commercial package that had yet to provide support for Python 3 as the key blocker in their migration efforts. Others are still in the process of ramping up their skills and preparing key systems, like test suites.
But with only 3% of respondents indicating that they’ve completed their migration efforts by the close date of our survey (November 30, 2019), the industry still has a long way to go. It’s no wonder that one of their key concerns is the need to continue supporting their Python 2 applications until their migration effort is complete.
Support Beyond Python 2 EOL
And that’s where ActiveState comes in. ActiveState can support your existing Python 2 deployments while you’re in the process of migrating, or even if you don’t intend to migrate. ActiveState’s Python 2 support offering addresses many of the key concerns of our survey respondents, including resolving Python 2 core language vulnerabilities, as well as security issues in third-party packages.
To learn more about ActiveState and our efforts around Python 2 EOL, you can: