DEV Community

Cover image for Why are there still so many downloads for EOL Python 3.7?
Hugo van Kemenade
Hugo van Kemenade

Posted on • Edited on

Why are there still so many downloads for EOL Python 3.7?

Python 3.7 was first released on 2018-06-27 and recently reached end-of-life on 2023-06-27 (PEP 537).

This means it is no longer receiving security updates and you should upgrade to a newer version (at least 3.8, but preferably 3.11):

Chart showing when different Python versions reached end-of-life

Source: Python Developer's Guide

However, if you look at download numbers from PyPI, 3.7 still accounts for a large share. 3.7 accounted for 25% of all downloads from PyPI in July 2023, compared with 27% for 3.8:

Python download share over time

Source: pypi-tools

But why does such an old Python version have so many downloads?

All downloads

Let's dig into the numbers using a handy tool called pypinfo, which helps us analyse the PyPI data from Google BigQuery.

This command fetches all of yesterday's downloads per Python version:

pypinfo --days 1 --percent --markdown "" pyversion

Python version percent download count
3.8 25.00% 189,678,872
3.7 23.35% 177,150,010
3.9 20.25% 153,663,903
3.10 15.52% 117,751,108
3.11 6.90% 52,381,884
3.6 6.29% 47,749,879
2.7 2.32% 17,602,650
3.5 0.23% 1,778,388
3.4 0.10% 770,135
3.12 0.03% 224,223
3.13 0.00% 3,920
3.3 0.00% 1,165
2.8 0.00% 57
3.2 0.00% 35
None 0.00% 3
Total 758,756,232

All downloads by OS

But what happens if we check which distros are responsible for those downloads?

This command gives us the top 20:

pypinfo --days 1 --limit 20 --percent --markdown "" system distro pyversion

system name distro name Python version percent download count
Linux Ubuntu 3.8 18.87% 128,991,062
Linux Amazon Linux 3.7 14.44% 98,738,952
Linux Ubuntu 3.9 12.14% 83,019,828
Linux Ubuntu 3.10 9.66% 66,019,309
Linux Ubuntu 3.7 5.89% 40,257,060
Linux Debian GNU/Linux 3.8 5.70% 38,958,367
Linux Debian GNU/Linux 3.9 5.63% 38,482,436
Linux Debian GNU/Linux 3.7 4.25% 29,035,532
Linux Debian GNU/Linux 3.10 4.15% 28,348,346
Linux Debian GNU/Linux 3.6 3.14% 21,441,883
Linux Ubuntu 3.11 3.01% 20,570,619
Linux Debian GNU/Linux 3.11 2.72% 18,588,584
Linux Amazon Linux 3.9 2.43% 16,593,595
Linux CentOS Linux 3.6 1.70% 11,605,142
Linux Amazon Linux 3.8 1.47% 10,035,087
Linux Amazon Linux 3.10 1.46% 9,969,514
Linux Ubuntu 2.7 1.02% 6,960,697
Linux Amazon Linux AMI 3.6 0.79% 5,390,823
Linux Ubuntu 3.6 0.79% 5,388,370
Windows None 3.10 0.76% 5,227,519
Total 683,622,725

We can see Ubuntu with 3.8 is responsible for the largest share of 17%. (That's fine, 3.8 is supported until 2024-10-14.)

The next is Amazon Linux with 3.7, responsible for a whopping 15% of all downloads!

The others responsible for 3.7 have a much lower share: Ubuntu (6%) and Debian (4%).

Tip: replace "" in the commands above with a package name to get data for just that package, for example:

pypinfo --days 1 --limit 20 --percent --markdown requests system distro pyversion


Header photo: Space shuttle Discovery landing at Edwards Air Force Base, California, 9th December, 1992 (source: NASA on The Commons

Top comments (5)

Collapse
 
jpalotes profile image
Jay Palotes

What about doing a little bit more of effort and research what level of support have those distros for those python versions? Packagers do backport security fixes for those versions. (I'm mostly talking about Debian and Ubuntu, WhoTheFsck knows what Amazon does).

Also, 3 captchas and gazillion offers just to open a fake account to come and write this comment? At least it doesn't use dark patterns, and everything is opt-in, so thanks for that. And of course I already have a notification...

Collapse
 
hugovk profile image
Hugo van Kemenade • Edited

As requested, I've done a little bit more of effort and researched what level of support those distros have for those Python versions.

Let's first check which distro versions are involved:

$ pypinfo --days 1 --limit 20 --percent --markdown "" distro distro-version pyversion
Served from cache: False
Data processed: 55.26 GiB
Data billed: 55.26 GiB
Estimated cost: $0.27
Enter fullscreen mode Exit fullscreen mode
distro_name distro_version python_version percent download_count
Ubuntu 20.04 3.8 17.82% 116,535,011
Amazon Linux 2 3.7 16.18% 105,802,489
Ubuntu 20.04 3.9 10.60% 69,342,091
Ubuntu 22.04 3.10 10.24% 66,990,412
Ubuntu 18.04 3.7 4.75% 31,040,621
Debian GNU/Linux 11 3.9 3.51% 22,921,615
Ubuntu 22.04 3.9 3.31% 21,648,253
Debian GNU/Linux 10 3.6 3.28% 21,430,314
Debian GNU/Linux 11 3.10 3.11% 20,352,943
Debian GNU/Linux 10 3.8 2.88% 18,819,267
Ubuntu 22.04 3.11 2.87% 18,753,941
Debian GNU/Linux 10 3.7 2.85% 18,666,349
Amazon Linux 2 3.9 2.71% 17,703,580
Ubuntu 22.04 3.8 2.69% 17,611,194
Ubuntu 18.04 3.8 2.45% 16,046,708
CentOS Linux 7 3.6 2.28% 14,882,487
Debian GNU/Linux 11 3.8 2.26% 14,762,141
Debian GNU/Linux 12 3.10 2.19% 14,308,355
Amazon Linux 2 3.8 2.06% 13,441,033
Debian GNU/Linux 12 3.9 1.97% 12,897,299
Total 653,956,103

Some of those distro versions are themselves EOL, let's ignore those.

Of the supported distro versions with EOL Python:

  • Amazon Linux 2: EOL 2025-06-30

    • Python 3.7: 2023-06-27 (16.18%)
  • Debian 10: EOL 2024-06-30

    • Python 3.6: 2021-12-23 (3.28%)
    • Python 3.7: 2023-06-27 (2.85%)
  • CentOS 7: 2024-06-30

    • Python 3.6: 2021-12-23 (2.28%)

As we can see, Amazon Linux 2 again accounts for a large share.


However, the point I'd like to make is if distro packagers wish to support Python versions beyond EOL, that is fine, and if they wish to support Python packages for those EOL versions, that is also fine.

But orthogonally, I suggest upstream Python package maintainers may give up the burden of supporting EOL releases and spend their time and resources on other features and fixes.


PS Thank you for the feedback on the process of opening a fake account. Sorry it's a hassle to sign up, but good to hear about the lack of dark patterns.

Collapse
 
stewartsmith profile image
Stewart Smith

Amazon Linux does indeed backport security fixes to versions of Python we continue to support beyond the upstream End of Life.

For Amazon Linux 2, this includes Python 2.7 and 3.7. Below are some of the advisories we've issued from the start of 2020 onwards that relate to the python (as in Python 2.7) and python3 (as in Python 3.7) packages in Amazon Linux 2:

We got asked a lot about Python 2.7, and we added items to the Amazon Linux 2 FAQ up at aws.amazon.com/amazon-linux-2/faqs/ explaining why there is still Python 2.7 in Amazon Linux 2:

Q. Why is Python 2.7 still part of Amazon Linux 2?
We will continue to provide critical security patches for Python 2 as per our LTS commitment for Amazon Linux 2 core packages (until June, 2025) even though the upstream Python community declared Python 2.7 End Of Life in January 2020.

Q. Should I migrate my code to Python 3 and away from Python 2.7?
We strongly recommend our customers install Python 3 on their Amazon Linux 2 systems and migrate their code and applications to Python 3.

Q. Is Amazon Linux 2 moving away from Python 2.7?
There are no plans to change the default Python interpreter. It is our intention to retain Python 2.7 as the default for the lifetime of Amazon Linux 2. We will backport security fixes to our Python 2.7 packages as needed.

Q. Why does Amazon Linux 2 not switch away from Python 2.7 for the 'yum' package manager, or move to DNF, which is Python 3 based?
During a LTS release of the Operating System, the risk of making fundamental changes to, replacing, or adding another package manager is extremely high. Thus, in planning our Python 3 migration for Amazon Linux, we made the decision to do this across a major release boundary rather than within Amazon Linux 2. This is an approach shared by other RPM based Linux distributions, even ones without LTS commitments.

Thread Thread
 
hugovk profile image
Hugo van Kemenade

Thanks for the reply @stewartsmith!

Do you have a plan/schedule for updating from Python 3.7 to something newer?

Thread Thread
 
stewartsmith profile image
Stewart Smith

There’s two parts to moving to something newer for Python on Amazon Linux (and any other Linux distribution): 1) when can/do you offer something newer for customers to opt-in to for their code, 2) when do you switch the default (ie what /usr/bin/python3).

One of the challenges is that Python has been successful! People like writing things in Python, thus a non-trivial amount of functionality in a modern Linux distribution is written in Python.

Within a stable version of the OS such as AL2, it’s not really possible to update the system python (/usr/bin/python3) without breaking a lot of things (including customer workloads), so it’s something we need to do across major release boundaries. Which is why we have offered options to customers to be able to move their workloads to newer versions of Python without breaking system components. We offered multiple versions on AL2, and now do in AL2023 as well.

In Amazon Linux 2023, we have Python 3.9 as the system Python, and 3.11 as an option that customers can choose to run their workloads on.