For nearly 20 years, the open source Python 2 programming language has been updated, enhanced and supported with bug and security fixes. That all came to an end on April 20, with the release of Python 2.7.18, the last officially supported milestone of Python 2.x.
The end of life for Python 2 is no surprise to anyone as it has been a transition a dozen years in the making. In December 2008, Python 3 was released as the successor to Python 2; two years later in 2010, the Python 2.7.0 milestone was released with the warning that it would be the last branch of Python 2.x. As it turns out, Python 2.7.x was supported longer than initially expected as developers continued to use Python 2 instead of Python 3.
"Python 2.7 has been under active development since the release of Python 2.6, more than 11 years ago," Python 2.7 release manager Benjamin Peterson wrote. "Over all those years, Python's core developers and contributors sedulously applied bug fixes to the 2.7 branch, no small task as the Python 2 and 3 branches diverged."
The open source Python programming language is one of the most widely used and popular programming languages according to multiple lists, including one from the IEEE. An inconvenient side effect of Python's popularity is that a lot of work was completed in Python 2, which means there is a lot of Python 2 code in use by organizations of all sizes.
Who Is Still Running Python 2
Jeff Rouse, vice president of product at ActiveState, told ITPro Today that there are numerous statistics and resource that show that developers are continuing to work with Python 2, including the Python Package Index.
"That's a problem because many organizations' Python 2 applications will become less reliable and more vulnerable over time as bugs, security issues and vulnerabilities crop up," Rouse said. "For many enterprises, that means they may no longer be in compliance with internal support policies or even, in some cases, external regulations such as the need for commercial support and security fixes for PCI [Payment Card Industry]-compliant payment systems."
Donald Fischer, CEO and co-founder of Tidelift, said that from his vantage point, the issue with Python 2 projects is less that open source maintainers haven’t updated key community packages to Python 3. At this point, much of that work has been done.
"The more common, more painful problem is that large enterprises have written millions of lines of custom code for their own applications," Fischer told ITPro Today. "They’re looking at needing to execute all-at-once forklift upgrades."
Doing full-code rewrites is a real challenge for any organization that doesn't have the resources to refactor internally developed packages and applications at scale, Fischer said.
Why Moving to Python 3 Has Been So Hard for So Many
The move to Python 3, even though it was signaled long ago, has been difficult in large part due to Python’s enormous popularity, according to Fischer.
With more than 200,000 Python libraries, it’s impractical for any one company to drive all of the changes in the ecosystem necessary to have everyone support Python 3, he said. Many Python packages are maintained by volunteers who are doing this in their spare time and as a labor of love, he added.
"It's a perfect example of why we need to pay the maintainers of the open source libraries that all of our applications depend upon," Fischer said. "Solving this problem requires that businesses using community-developed Python packages find a way to cooperate and align with open source maintainers."
Some business users are also struggling with the migration to Python 3. ActiveState conducted a Python 2 End of Life survey in 2019, identifying a number of key challenges that enterprise users face when migrating to Python 3. The study was conducted in October and November 2019 and included input from 1,252 participants.
Among the migration challenges identified by the survey is the ability of organizations to find Python 3 packages that offer the same functionality they currently obtain from their Python 2 counterparts. Also, organizations are finding that supporting Python 2 applications while undertaking a migration to Python 3 is an issue, as is testing of migrated code.
Suggestions for Organizations Still on Python 2
There are a number of choices for migrating from Python 2 to Python 3, according to Rouse.
"The recommended course of action is to modernize incrementally in order to address failures progressively, rather than being overwhelmed by the task and errors all at once," he said.
In addition, Rouse suggested that organizations map out the level of risk they may face if they continue to use Python 2 code. Key actions to take or things to consider include conducting a security review of the code, as well having an understanding of where and how the code is deployed. He noted that an internal utility that’s manually run a few times a year within a single department on static data is a very different risk compared with code that processes volumes of user data as part of an ongoing workflow.
Rouse also recommends that organizations consider running Python 2 code in restricted environments to help reduce the risk.
"Make sure that people understand that the code is deprecated so that it isn't more widely deployed than needed," he said.
Enterprise Support for Python 2 Remains
Just because the open source Python project is no longer supporting Python 2 doesn't mean that organizations are entirely on their own.
There are multiple options from different vendors for extended support for Python 2, even after the community project has reached its end of life. One of the ways that many users run Python is on Linux, where there are a number of commercial vendors that will still have support.
IBM's Red Hat software division will be supporting Python 2 for at least the next four years. Red Hat Enterprise Linux (RHEL) version 8 is set to support Python 2.7 until June 2024.
"We have a Python team at Red Hat that includes many upstream members who are committed to providing Python 2.7 support," Brian Gollaher, product manager with the Platforms Business Unit within Red Hat, told ITPro Today.
ActiveState also has a commercial version of Python 2 that it will continue to support.
"Numerous new customers have come to us in just the past few months to help them support and ensure the security of their mission-critical Python 2 applications," Rouse said. "Some of these customers are currently unable to migrate for a variety of market or technical reasons, but others are not intending to migrate at all."