OpenVPN AS still using Python 2 after EOL date?

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
chilinux
OpenVPN Power User
Posts: 156
Joined: Thu Mar 28, 2013 8:31 am

OpenVPN AS still using Python 2 after EOL date?

Post by chilinux » Fri Jan 03, 2020 6:05 am

The Python Software Foundation has indicated the 20 year long support life cycle for Python 2.x has ended.

A document posted back in September 2019 from PSF titled "Sunsetting Python 2" brings up security as a reason users should upgrade to Python version 3 a couple times.

At the beginning of the document they state:
"We are volunteers who make and take care of the Python programming language. We have decided that January 1, 2020, will be the day that we sunset Python 2. That means that we will not improve it anymore after that day, even if someone finds a security problem in it. You should upgrade to Python 3 as soon as you can."

Later in the FAQ part of the document is:
"What will happen if I do not upgrade by January 1st, 2020?
If people find catastrophic security problems in Python 2, or in software written in Python 2, then volunteers will not help you. If you need help with Python 2 software, then volunteers will not help you."

Other third party python modules used by OpenVPN AS also seem to be discontinuing updates for Python 2.

To be clear, I do not know of any known vulnerability or active exploit in the wild for OpenVPN AS. I am not encouraging anyone to stop using OpenVPN AS.

However, I can't find any details about an official stance on Python 2 End of Life from the OpenVPN AS maintainers. Given the context from PSF of upgrading being important to security, it is disappointing to not be able to easily find a prominent statement about the direction OpenVPN AS is going in.

Some questions I have at this point is:

Is other third-party sources for security updates than the PSF now being used for security updates to the Python 2 used by OpenVPN AS?

What third party sources for security patches is being used?

Why should users be able to expect those third parties to maintain it to the same standards the the mainstream project maintainers had been?

Most importantly, how long is remaining on Python 2 still part of the expected roadmap for OpenVPN AS releases and what is the expected date for migration to a Python 3 based OpenVPN AS to be released?
Top
User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenVPN AS still using Python 2 after EOL date?

Post by novaflash » Mon Feb 17, 2020 10:02 am

The release 2.9.0 will be on Python3.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
Top
Post Reply

Return to “The OpenVPN Access Server”