Why is Python 2 included in openSUSE 15.2?

Just installed openSUSE 15.2 from DVD today. Lovely experience.

However I was both surprised and dismayed to see not only Python 2 included, but the default python symlinks to Python 2. Python 2 was EOL 1/1/20. It’s March 2021. As a Python 3 programmer, it’s not a big issue for me. But the absence of Python 2 bug fixes, security patches, and vulnerability fixes for over 12 months must surely be of concern, or am I missing something?

Read the changelog, there are some bugs backported:

rpm -q --changelog python

It’s still under maintenance, so security fixes, bug fixes are backported… have a peruse of the changelog?

It looks as if you have not a good idea about the version policy in Leap.

Thanks - interesting read and reassuring there’s some backported changes! (although there’s not much on security)

I’m sure the SUSE software engineers know the best balance is between fully migrating to Python 3 and legacy support Python 2.

From the deep learning programming perspective however, it’s rather discomforting to install the latest version of a GNU/Linux developer environment, such as openSUSE 15.2, to find the default python symlink maps to /usr/bin/python2.7 in 2021!

From Henk:
>> It looks as if you have not a good idea about the version policy in Leap.

Probably not, I’ll be happy to read the version policy, but suspect I’ll disagree with it… but I’m sure many others won’t share my opinion!

On Tumbleweed;

cat /etc/os-release | grep VERSION_ID

ls -la `which python`
lrwxrwxrwx 1 root root 9 Feb 11 09:10 /usr/bin/python -> python2.7

I am to lazy to search for an “official” page about this, but it is rather simple. There are two tastes of openSUSE: Tumbleweed and Leap.

Tumbleweed is the rolling one and thus changes to newer versions of packages (after thouroughly testing it in openQA) all of the time.

Leap, on the other hand, is frozen from it’s moment of release (in fact even a bit earlier). No newer version, only back-ported security and recommended patches (as hinted by others above). This to give a stable version to those who like stability above the newer (and no, that does not mean “better”) versions of things. Stable not only in the meaning of “not breaking”, but also in the meaning of "no changing of working, user interfaces, etc. The fact that a program one uses daily, will, most probably at the worst moment, changes by having a button moved from left to right, is a nightmare for many that use a system for things they think it is designed: banking, writing documents, using spread-sheets, all things an end-user needs.

I understand fully that you, when designing/programming have different needs. Maybe Leap is not for you.

And thus yes, the DVD ISO is still the same as at release date. And yes, there is no upgrade to a newer version of a package in the Update repos, just new builds due to back-ported, mostly security, patches.

Thanks Henk for your conscientious reply; and I’m well aware of the differences between Tumbleweed and Leap. But let me carefully answer your points (which are not intended as criticisms):

When Leap 15.2 was announced (https://en.opensuse.org/Release_announcement_15.2), Machine Learning (which 99% is currently done in Python 3) was touted as exciting inclusion (I’d say openSUSE excels in this - at least when the NVIDIA repo works!). But now you’re suggesting designing/programming have different needs? I’m not sure you can have it both ways, I’d gently suggest. I don’t want to make a particular issue of this because I don’t think there’s a big problem, since I’m happy to write python3 rather than python (which refer to the same thing in every other modern GNU/Linux distro!).

True, but when Leap 15.2 was released in on 2nd July 2020, Python 2 was already post-EOL (01/01/20) for over half a year. If I was to release a software product that supports a developer technology that’s already been obsolete for over 6 months, I’d except a programming developer to at least raise an eyebrow. That’s all I’m doing.

I didn’t realise the contents of the Python changelog indicating that some fixes were being backported. That’s reassuring - it might buy a bit more time. But both eyebrows will definitely be raised if 15.3 is no different!

My story was a generalisation. On all details of what I explained there might be exceptions and deviations. After all the openSUSE people are thinking humans and they will adapt to situations that require it.

I do not know anything about the versions, etc. of Python, so the details about Python may be a bit different, but you saying " I was both surprised and dismayed" about something that seemed to fit perfectly in the Leap policy, triggered me into asking if you understand (or are aware of) that policy.

I did not suggest that designers/programmers have different needs (from home workers), but I said I can understand that when it is the case. It is up to you to choose for Leap, Tumbleweed or something different that fits your needs.

I think, for using python 2.7 depends also on SLED 15.

They still backport important fixes, SLE15SP2 a while back received fixes for multiple CVE’s in Python2 as did openSUSE. RHEL for example will support Python2 until 2024.

You can’t simply remove or change the default of python without breaking a lot of software people still use on a daily basis, it’s simply not a realistic option.

I think Sauerland and Miuku’s answers hit the nail on the head answering the question of the subject title:

Agreed: https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15-SP2/

Agreed: https://access.redhat.com/support/policy/updates/rhel8-app-streams-life-cycle

So I suppose the development of a community GNU/Linux distribution based on an Enterprise version comes with a few downsides along with many (more!) upsides.

A big story, but without ideas