Python "fully supported" vs "security fixes only" stages about endoflife.date HOT 7 CLOSED

I agree with you @hugovk, but I also think this should be clearly documented on https://endoflife.date/python. Knowing this, and whether an "official" installer is available for the latest version, are valuable information for endoflife.date users.

from endoflife.date.

Thank you for opening your first issue here 👍. Be sure to follow the issue template if you chose one.

from endoflife.date.

from endoflife.date.

Personally, I’m surprised at this stance to actively distribute insecure software.

Are you suggesting deleting the old, insecure downloaders from the python.org server?

Security fixes are source only, but that's after 18 months of full support with installers.

Looking at 3.9, the final bugfix with installers was 2022-05-17. By this time, 3.10 had been out for seven months (since 2021-10-04), was the fully supported release with installers, and was already up to 3.10.4 (2022-03-24). People should really have been upgrading to 3.10, not a 3.9 micro.

And especially today, you shouldn't be installing 3.9, because 3.11 has been out for nine months, since 2022-10-24, with 3.11.5 set for release any moment now.

I think the idea for source-only releases of security-only fixes is to reduce the maintenance cost of building installers, while at the same time letting those people who can't or won't upgrade (for whatever reason) be able to patch their systems. And third parties, such as Linux distros and pyenv for Mac, do create installers of security-only releases.

(More info and links to release schedules: https://devguide.python.org/versions/)

from endoflife.date.

from endoflife.date.

Thanks @presidento !

from endoflife.date.

Thanks!

By the way, from 3.13 (due October 2024), it's switching from 1.5 years bugfix + 3.5 years security, to 2 years bugfix + 3 years security.

from endoflife.date.