DEV Community

Why are there still so many downloads for EOL Python 3.7?

Hugo van Kemenade on August 22, 2023

Python 3.7 was first released on 2018-06-27 and recently reached end-of-life on 2023-06-27 (PEP 537). This means it is no longer receiving securit...

Read full post

Jay Palotes • Aug 22 '23

What about doing a little bit more of effort and research what level of support have those distros for those python versions? Packagers do backport security fixes for those versions. (I'm mostly talking about Debian and Ubuntu, WhoTheFsck knows what Amazon does).

Also, 3 captchas and gazillion offers just to open a fake account to come and write this comment? At least it doesn't use dark patterns, and everything is opt-in, so thanks for that. And of course I already have a notification...

Hugo van Kemenade • Aug 23 '23 • Edited

As requested, I've done a little bit more of effort and researched what level of support those distros have for those Python versions.

Let's first check which distro versions are involved:

$ pypinfo --days 1 --limit 20 --percent --markdown "" distro distro-version pyversion
Served from cache: False
Data processed: 55.26 GiB
Data billed: 55.26 GiB
Estimated cost: $0.27

distro_name	distro_version	python_version	percent	download_count
Ubuntu	20.04	3.8	17.82%	116,535,011
Amazon Linux	2	3.7	16.18%	105,802,489
Ubuntu	20.04	3.9	10.60%	69,342,091
Ubuntu	22.04	3.10	10.24%	66,990,412
Ubuntu	18.04	3.7	4.75%	31,040,621
Debian GNU/Linux	11	3.9	3.51%	22,921,615
Ubuntu	22.04	3.9	3.31%	21,648,253
Debian GNU/Linux	10	3.6	3.28%	21,430,314
Debian GNU/Linux	11	3.10	3.11%	20,352,943
Debian GNU/Linux	10	3.8	2.88%	18,819,267
Ubuntu	22.04	3.11	2.87%	18,753,941
Debian GNU/Linux	10	3.7	2.85%	18,666,349
Amazon Linux	2	3.9	2.71%	17,703,580
Ubuntu	22.04	3.8	2.69%	17,611,194
Ubuntu	18.04	3.8	2.45%	16,046,708
CentOS Linux	7	3.6	2.28%	14,882,487
Debian GNU/Linux	11	3.8	2.26%	14,762,141
Debian GNU/Linux	12	3.10	2.19%	14,308,355
Amazon Linux	2	3.8	2.06%	13,441,033
Debian GNU/Linux	12	3.9	1.97%	12,897,299
Total				653,956,103

Some of those distro versions are themselves EOL, let's ignore those.

Of the supported distro versions with EOL Python:

Amazon Linux 2: EOL 2025-06-30
- Python 3.7: 2023-06-27 (16.18%)
Debian 10: EOL 2024-06-30
- Python 3.6: 2021-12-23 (3.28%)
- Python 3.7: 2023-06-27 (2.85%)
CentOS 7: 2024-06-30
- Python 3.6: 2021-12-23 (2.28%)

As we can see, Amazon Linux 2 again accounts for a large share.

However, the point I'd like to make is if distro packagers wish to support Python versions beyond EOL, that is fine, and if they wish to support Python packages for those EOL versions, that is also fine.

But orthogonally, I suggest upstream Python package maintainers may give up the burden of supporting EOL releases and spend their time and resources on other features and fixes.

PS Thank you for the feedback on the process of opening a fake account. Sorry it's a hassle to sign up, but good to hear about the lack of dark patterns.

Stewart Smith • Aug 23 '23

Amazon Linux does indeed backport security fixes to versions of Python we continue to support beyond the upstream End of Life.

For Amazon Linux 2, this includes Python 2.7 and 3.7. Below are some of the advisories we've issued from the start of 2020 onwards that relate to the python (as in Python 2.7) and python3 (as in Python 3.7) packages in Amazon Linux 2:

We got asked a lot about Python 2.7, and we added items to the Amazon Linux 2 FAQ up at aws.amazon.com/amazon-linux-2/faqs/ explaining why there is still Python 2.7 in Amazon Linux 2:

Q. Why is Python 2.7 still part of Amazon Linux 2?
We will continue to provide critical security patches for Python 2 as per our LTS commitment for Amazon Linux 2 core packages (until June, 2025) even though the upstream Python community declared Python 2.7 End Of Life in January 2020.

Q. Should I migrate my code to Python 3 and away from Python 2.7?
We strongly recommend our customers install Python 3 on their Amazon Linux 2 systems and migrate their code and applications to Python 3.

Q. Is Amazon Linux 2 moving away from Python 2.7?
There are no plans to change the default Python interpreter. It is our intention to retain Python 2.7 as the default for the lifetime of Amazon Linux 2. We will backport security fixes to our Python 2.7 packages as needed.

Q. Why does Amazon Linux 2 not switch away from Python 2.7 for the 'yum' package manager, or move to DNF, which is Python 3 based?
During a LTS release of the Operating System, the risk of making fundamental changes to, replacing, or adding another package manager is extremely high. Thus, in planning our Python 3 migration for Amazon Linux, we made the decision to do this across a major release boundary rather than within Amazon Linux 2. This is an approach shared by other RPM based Linux distributions, even ones without LTS commitments.

Hugo van Kemenade • Sep 21 '23

Thanks for the reply @stewartsmith!

Do you have a plan/schedule for updating from Python 3.7 to something newer?

Stewart Smith • Sep 21 '23

There’s two parts to moving to something newer for Python on Amazon Linux (and any other Linux distribution): 1) when can/do you offer something newer for customers to opt-in to for their code, 2) when do you switch the default (ie what /usr/bin/python3).

One of the challenges is that Python has been successful! People like writing things in Python, thus a non-trivial amount of functionality in a modern Linux distribution is written in Python.

Within a stable version of the OS such as AL2, it’s not really possible to update the system python (/usr/bin/python3) without breaking a lot of things (including customer workloads), so it’s something we need to do across major release boundaries. Which is why we have offered options to customers to be able to move their workloads to newer versions of Python without breaking system components. We offered multiple versions on AL2, and now do in AL2023 as well.

In Amazon Linux 2023, we have Python 3.9 as the system Python, and 3.11 as an option that customers can choose to run their workloads on.