As stated on python.org, the Python core development team sunset Python 2.x on January 1, 2020 and moving forward, will support only Python 3.x. This announcement means that the Python organization will no longer provide security updates, bug fixes, or other improvements going forward. Read on for information about what this means for you as a user of the DNAnexus Platform.
The Fine Print
As mentioned above, any new security vulnerabilities discovered in Python 2 after January 1, 2020, will remain unpatched. The DNAnexus execution environment isolates the execution of apps in a secure Linux container, and mitigates the impact of potential Python 2 security vulnerabilities. Given the lack of support after Python 2 goes End-of-Life (EOL), significant security vulnerabilities may cause the DNAnexus Platform to disable execution of Python 2 or have you assume full liability for execution of your Python 2 code.
As of December 2019, we provide an Ubuntu 16.04 app execution environment, “Python 2 AEE,” which includes the following:
- The dx-toolkit package (including the “dx” command-line client and the “dxpy” python module), configured in a way that requires Python 2.
- The stock Ubuntu python2.7 interpreter, available at /usr/bin/python.
- The stock Ubuntu python3.5.2 interpreter, available at /usr/bin/python3.
To facilitate the migration to Python 3, we plan to provide a new Ubuntu 16.04 AEE in the first quarter of 2020. This new “Python 3 AEE” will include the dx-toolkit package configured in a way that makes “dxpy” compatible with both Python 2 and Python 3. The “dx” command-line client will use Python 3.
Furthermore, we will introduce a new configuration option to dxapp.json so that you can select between “Python 2 AEE” and the new “Python 3 AEE.” In addition, we will introduce a new “python3” value for the “interpreter” dxapp.json configuration option.
In summary, while it’s possible to use both Python 2.x or Python 3, to prevent any security issues, we strongly encourage you to review your code for Python 2.7 dependencies and consider migrating to Python 3.0.
For More Information
To help with your planning and to further explain what this means, we’ve put together an FAQ.