Python2 is being deprecated; freeipa should compile under python3 instead
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| freeipa (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
When installing ipa-client on ubuntu, it pulls in python2 packages on LTS servers. IPA is an authentication service, and while ubuntu 18.04+ uses python3 by default for system services and software installs (no python2 installed by default), IPA is still being built using python2. This isn't necessary (you can compile all the packages using just python3 with not much effort), and creates the problem that in a year while the LTS server is still supported, the underlying python interpreter will not be supported for security updates for an authentication service.
Building these packages to use the python3 dependencies instead of the python2 versions would be better for everyone, and almost no code change is needed to do so.
This is not yet a security vulnerability; but it might be one waiting to happen.
| Timo Aaltonen (tjaalton) wrote | #1 |
| Timo Aaltonen (tjaalton) wrote | #2 |
| Changed in freeipa (Ubuntu): | |
| status: | New → Fix Released |
Are you saying that this should be done in 18.04? Not going to happen, besides there are missing dependencies which don't have python3 version packaged yet, like talloc, ldb, samba etc...