diff options
author | Fabián Heredia Montiel <fabianhjr@protonmail.com> | 2022-11-18 23:48:21 -0600 |
---|---|---|
committer | Fabián Heredia Montiel <fabianhjr@protonmail.com> | 2023-01-07 16:25:35 -0600 |
commit | d9fbb33f9296d7ee11ac40be190f0d739b3f1f58 (patch) | |
tree | 204fdfd2e3ec1e65ba9240ba1e4b7210bbc65463 /pkgs | |
parent | eb45903a251728e63842ede3911b7415191b0c4e (diff) |
python27: mark as vulnerable/insecure due to EOL on 2020-01-01
More information: https://www.activestate.com/products/python/python-2-end-of-life-security-updates/
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/development/interpreters/python/cpython/2.7/default.nix | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/pkgs/development/interpreters/python/cpython/2.7/default.nix b/pkgs/development/interpreters/python/cpython/2.7/default.nix index a702f9fd3f353..c3c0687d2cfc5 100644 --- a/pkgs/development/interpreters/python/cpython/2.7/default.nix +++ b/pkgs/development/interpreters/python/cpython/2.7/default.nix @@ -351,8 +351,14 @@ in with passthru; stdenv.mkDerivation ({ license = lib.licenses.psfl; platforms = lib.platforms.all; maintainers = with lib.maintainers; [ fridh thiagokokada ]; - # Higher priority than Python 3.x so that `/bin/python` points to `/bin/python2` - # in case both 2 and 3 are installed. - priority = -100; + knownVulnerabilities = [ + "Python 2.7 has reached its end of life after 2020-01-01. See https://www.python.org/doc/sunset-python-2/." + # Quote: That means that we will not improve it anymore after that day, + # even if someone finds a security problem in it. You should upgrade to + # Python 3 as soon as you can. [..] So, in 2008, we announced that we + # would sunset Python 2 in 2015, and asked people to upgrade before + # then. Some did, but many did not. So, in 2014, we extended that + # sunset till 2020. + ]; }; } // crossCompileEnv) |