pyvmomi icon indicating copy to clipboard operation
pyvmomi copied to clipboard
verified publisher icon vmware

trim six usage

Open a-detiste opened this issue 1 year ago • 8 comments

a-detiste avatar Jul 06 '24 22:07 a-detiste

@a-detiste, you must sign our contributor license agreement before your changes are merged. Click here to sign the agreement. If you are a VMware employee, read this for further instruction.

vmwclabot avatar Jul 06 '24 22:07 vmwclabot

@a-detiste, we have received your signed contributor license agreement. The review is usually completed within a week, but may take longer under certain circumstances. Another comment will be added to the pull request to notify you when the merge can proceed.

vmwclabot avatar Jul 06 '24 22:07 vmwclabot

Hello @a-detiste, could you please elaborate the motivation about this change?

I know that python 2 was EOL-ed 4 and a half years ago and that the six module itself hasn't been maintained/supported after 2021. However what are the concrete reasons for cleaning it up here? Are there known CVEs that affect it? Or it is the inconvenience (and risk) of having an extra dependency?

Thanks!

mtsvetanov avatar Jul 07 '24 12:07 mtsvetanov

I posted a little write up here: https://wiki.debian.org/Python3-six-removal

My fear of having things mysteriously start to break back then was real.

For example pytest depends on requests which depends on urllib3 which dependend on six.

So when Urllib3 was updated from 1.x to 2.x we had in the whole Debian distro like 30 packages that had an undeclared dependency on six which all started failing building on the same day.

image

We have since identified a longish list of deprecated library that needs to be slowly & carefully removed.

The new emergency is distutils remove which hinders the upgrade to Python3.12.

https://wiki.debian.org/Python/Dead%20Batteries

So your little contribution would be greatly appreciated.

a-detiste avatar Jul 07 '24 12:07 a-detiste

six is only a polyfilm that enable to write Python2.x compatible code, it doesn't have any other purpose

a-detiste avatar Jul 07 '24 12:07 a-detiste

On your side it's a -63 +38 diff, so it means less code to maintain. The knoweledge of what six was and what was it's purpose is quickly fading away. Some upstreams have already started a cargo cult around it :-(

a-detiste avatar Jul 07 '24 12:07 a-detiste

@a-detiste, VMware has approved your signed contributor license agreement.

vmwclabot avatar Aug 01 '24 19:08 vmwclabot

Unfortunately, pyVmomi is used in various non-distro setups that still rely on Python 2.x This is why Python 2.7 is still officially supported by pyVmomi. When we drop this support - or fork pyVmomi for Python 3 only, we will gladly drop the usage of "six".

StefanHristov-Broadcom avatar Oct 28 '24 13:10 StefanHristov-Broadcom

I see some of six.py was vendored as five.py ;-)

https://github.com/vmware/pyvmomi/blob/master/pyVmomi/five.py

a-detiste avatar Jun 21 '25 13:06 a-detiste

The (direct) six usage is removed in the latest pyVmomi, so this PR is no longer relevant.

StefanHristov-Broadcom avatar Jun 23 '25 08:06 StefanHristov-Broadcom