Merge pull request #201859 from LibreCybernetics/mark-python2-unsecure

This commit is contained in:
Martin Weinelt 2023-01-07 23:21:36 +00:00 committed by GitHub
commit 3a208b41ca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -351,8 +351,14 @@ in with passthru; stdenv.mkDerivation ({
license = lib.licenses.psfl;
platforms = lib.platforms.all;
maintainers = with lib.maintainers; [ fridh thiagokokada ];
# Higher priority than Python 3.x so that `/bin/python` points to `/bin/python2`
# in case both 2 and 3 are installed.
priority = -100;
knownVulnerabilities = [
"Python 2.7 has reached its end of life after 2020-01-01. See https://www.python.org/doc/sunset-python-2/."
# Quote: That means that we will not improve it anymore after that day,
# even if someone finds a security problem in it. You should upgrade to
# Python 3 as soon as you can. [..] So, in 2008, we announced that we
# would sunset Python 2 in 2015, and asked people to upgrade before
# then. Some did, but many did not. So, in 2014, we extended that
# sunset till 2020.
];
};
} // crossCompileEnv)