Created attachment 1541032 [details] build.log of python34 with openssl-devel 1.1.1 compat-openssl10 will likely get orphaned before Fedora 31. Source: https://bugzilla.redhat.com/show_bug.cgi?id=1673419#c2 Since we don't want to deal with maintaining it ourselves, we need to invent a workaround. python34 does not build with openssl 1.1.1: Failed to build these modules: _hashlib _md5 _sha1 _sha256 _sha512 _ssl Those are quite impotatn, the test suite doesn't even run without them: + /builddir/build/BUILD/Python-3.4.10rc1/build/optimized/python -m test.regrtest --verbose --findleaks -x test_distutils -x test_venv BUILDSTDERR: ERROR:root:code for hash md5 was not found. BUILDSTDERR: Traceback (most recent call last): BUILDSTDERR: File "/builddir/build/BUILD/Python-3.4.10rc1/Lib/hashlib.py", line 240, in <module> BUILDSTDERR: func = __get_hash(__func_name) BUILDSTDERR: File "/builddir/build/BUILD/Python-3.4.10rc1/Lib/hashlib.py", line 118, in __get_builtin_constructor BUILDSTDERR: raise ValueError('unsupported hash type ' + name) BUILDSTDERR: ValueError: unsupported hash type md5 BUILDSTDERR: ERROR:root:code for hash sha1 was not found. ... BUILDSTDERR: ImportError: cannot import name 'sha512' Possible workaround is to bundle openssl 1.1.0 or beg for a compat package.
Can we just get moved to python36 by then and drop python34?
Maybe getting a list of where python 3.4 is used on the wild, would be beneficial to determine if we want to retire the package.
This is not EPEL, but Fedora. We have Python 3.4, 3.5, 3.6, 3.7 and 3.8. We don't "move" from 3.4 to 3.6, we offer all used versions for developers to test their software. Python 3.4 will EOL upstream quite soon: 2019-03-16 [0], yet I don't feel confident removing it yet. As long as 3.4 is used by developers, we'd like to keep it for them to test their SW on. It is still used in: * EPEL6 - EOLs November 2020 (AFAIK) * EPEL7 - might be superseded by 3.6 but 3.4 is not going away, stays to at least 2024 (AFAIK) (we can theoretically work on retiring it there) * Ubuntu 14.04 LTS - EOLs soon (2019-04-30), but has 3 more years ESM [1][2] * Debian jessie (oldstable) - not sure how much developers care about oldstable [0] https://devguide.python.org/#status-of-python-branches [1] https://blog.ubuntu.com/2018/09/19/extended-security-maintenance-ubuntu-14-04-trusty-tahr [2] April 2022
[2] https://wiki.ubuntu.com/Releases
Ah right, misunderstood.
Victor will look at the changes between 3.4 and 3.5 in SSL and try to assess if backporting makes sense.
I proposed a backport downstream of the 3.5 change which adds support for OpenSSL 1.1.0 (and 1.1.1): https://github.com/python/cpython/pull/12211
> I proposed a backport downstream of the 3.5 change which adds support for OpenSSL 1.1.0 (and 1.1.1): > https://github.com/python/cpython/pull/12211 I had been rejected by Python 3.4 Release Manager (Larry Hastings) which was afraid of merging such non trivial change in the *last* Python 3.4.10 release. I created a PR for python34 in Fedora Rawhide: https://src.fedoraproject.org/rpms/python34/pull-request/32
I updated my Python 3.4 PR based on the Python 3.5 downstream change. https://src.fedoraproject.org/rpms/python34/pull-request/32