deprecate support for python 3.5

[reaperhulk]

No description provided.

[alex]

Remind me why? (No objection)

[reaperhulk]

Nobody really uses it (it's in Xenial and oldstable, but there's no real evidence of use beyond 5% downloads that are attributable to CI systems), it bloats our test matrix (which is about to expand again for Python 3.9), and dropping it gets us one step closer to good type hints (2.7 being the remaining large blocker).

[alex]

type hints was the piece I was looking for, thanks.

[opendev-zuul]

Build succeeded (check pipeline).

• pyca-cryptography-ubuntu-focal-py38-arm64 : SUCCESS in 12m 45s
• pyca-cryptography-ubuntu-bionic-py36-arm64 : SUCCESS in 14m 14s
• pyca-cryptography-ubuntu-xenial-py27-arm64 : SUCCESS in 23m 05s
• pyca-cryptography-centos-8-py36-arm64 : SUCCESS in 15m 30s

[conorsch]

Howdy! Just saw this PR go by. FWIW, we're still using Python3.5 on Xenial in SecureDrop, although we're planning a migration to Python 3.8 on Ubuntu Focal (freedomofpress/securedrop#4768) by early 2021.

@reaperhulk Can you provide some more detail about the timeline for "next release" which will drop support for Python 3.5? We're extremely interested in shipping a fully patched version of cryptography, as it's a critical dependency for us. 🙂

[reaperhulk]

The next release (3.1) will still support 3.5. We generally release every 2-3 months so that's likely to be around October. The following release (3.2) will drop support and should be around January 2021. I see in that issue you're potentially planning to go all the way up to the Xenial EOL date. Is that the real date or a worst case scenario?

[conorsch]

That's helpful, thanks for clarifying. You're right, we're bumping up against the EOL window pretty closely. Part of the challenge is we don't run the SecureDrop servers ourselves, so we need to work with newsrooms that are hosting them and encourage them to update. By January 2021 we plan to be quite loud about the need to upgrade, as we did with the previous LTS migration a few years back. In the event of a critical bugfix during that time window, we may well be able to backport ourselves as a stopgap solution until folks have moved over.

[reaperhulk]

If you end up in that situation please reach out to us, but it sounds like we're probably going to be in okay shape here 😄

[stonebig]

I fail to compile from source cryptography to get it working on Python-3.9.0rc1 (windows).... could it be added to the test matrix with Python-3.9rc ? and the result on pypi ?

[stonebig]

well, not sure where the problem is, maybe pynacl:

  ----------------------------------------
  ERROR: Failed building wheel for cryptography
  Building wheel for pynacl (PEP 517) ... error
  ERROR: Command errored out with exit status 1:
   command: 'C:\WinP\bd39\bucod\WPy64-3902\python-3.9.0rc1.amd64\python.exe' 'C:\WinP\bd39\bucod\WPy64-3902\python-3.9.0rc1.amd64\lib\site-packages\pip\_vendor\pep517\_in_process.py' build_wheel 'C:\Users\helene\AppData\Local\Temp\tmpfxf725tm'
       cwd: C:\Users\helene\AppData\Local\Temp\pip-install-kitew29v\pynacl
  Complete output (77 lines):
  running bdist_wheel
  running build
  running build_py
  creating build
  creating build\lib.win-amd64-3.9
  creating build\lib.win-amd64-3.9\nacl
  copying src\nacl\encoding.py -> build\lib.win-amd64-3.9\nacl
  copying src\nacl\exceptions.py -> build\lib.win-amd64-3.9\nacl
  copying src\nacl\hash.py -> build\lib.win-amd64-3.9\nacl
  copying src\nacl\hashlib.py -> build\lib.win-amd64-3.9\nacl
  copying src\nacl\public.py -> build\lib.win-amd64-3.9\nacl
  copying src\nacl\secret.py -> build\lib.win-amd64-3.9\nacl
  copying src\nacl\signing.py -> build\lib.win-amd64-3.9\nacl
  copying src\nacl\utils.py -> build\lib.win-amd64-3.9\nacl
  copying src\nacl\__init__.py -> build\lib.win-amd64-3.9\nacl
  creating build\lib.win-amd64-3.9\nacl\pwhash
  copying src\nacl\pwhash\argon2i.py -> build\lib.win-amd64-3.9\nacl\pwhash
  copying src\nacl\pwhash\argon2id.py -> build\lib.win-amd64-3.9\nacl\pwhash
  copying src\nacl\pwhash\scrypt.py -> build\lib.win-amd64-3.9\nacl\pwhash
  copying src\nacl\pwhash\_argon2.py -> build\lib.win-amd64-3.9\nacl\pwhash
  copying src\nacl\pwhash\__init__.py -> build\lib.win-amd64-3.9\nacl\pwhash
  creating build\lib.win-amd64-3.9\nacl\bindings
  copying src\nacl\bindings\crypto_aead.py -> build\lib.win-amd64-3.9\nacl\bindings
  copying src\nacl\bindings\crypto_box.py -> build\lib.win-amd64-3.9\nacl\bindings
  copying src\nacl\bindings\crypto_core.py -> build\lib.win-amd64-3.9\nacl\bindings
  copying src\nacl\bindings\crypto_generichash.py -> build\lib.win-amd64-3.9\nacl\bindings
  copying src\nacl\bindings\crypto_hash.py -> build\lib.win-amd64-3.9\nacl\bindings
  copying src\nacl\bindings\crypto_kx.py -> build\lib.win-amd64-3.9\nacl\bindings
  copying src\nacl\bindings\crypto_pwhash.py -> build\lib.win-amd64-3.9\nacl\bindings
  copying src\nacl\bindings\crypto_scalarmult.py -> build\lib.win-amd64-3.9\nacl\bindings
  copying src\nacl\bindings\crypto_secretbox.py -> build\lib.win-amd64-3.9\nacl\bindings
  copying src\nacl\bindings\crypto_secretstream.py -> build\lib.win-amd64-3.9\nacl\bindings
  copying src\nacl\bindings\crypto_shorthash.py -> build\lib.win-amd64-3.9\nacl\bindings
  copying src\nacl\bindings\crypto_sign.py -> build\lib.win-amd64-3.9\nacl\bindings
  copying src\nacl\bindings\randombytes.py -> build\lib.win-amd64-3.9\nacl\bindings
  copying src\nacl\bindings\sodium_core.py -> build\lib.win-amd64-3.9\nacl\bindings
  copying src\nacl\bindings\utils.py -> build\lib.win-amd64-3.9\nacl\bindings
  copying src\nacl\bindings\__init__.py -> build\lib.win-amd64-3.9\nacl\bindings
  running build_clib
  Traceback (most recent call last):
    File "C:\WinP\bd39\bucod\WPy64-3902\python-3.9.0rc1.amd64\lib\site-packages\pip\_vendor\pep517\_in_process.py", line 280, in <module>
      main()
    File "C:\WinP\bd39\bucod\WPy64-3902\python-3.9.0rc1.amd64\lib\site-packages\pip\_vendor\pep517\_in_process.py", line 263, in main
      json_out['return_val'] = hook(**hook_input['kwargs'])
    File "C:\WinP\bd39\bucod\WPy64-3902\python-3.9.0rc1.amd64\lib\site-packages\pip\_vendor\pep517\_in_process.py", line 204, in build_wheel
      return _build_backend().build_wheel(wheel_directory, config_settings,
    File "C:\Users\helene\AppData\Local\Temp\pip-build-env-kebrjlsz\overlay\Lib\site-packages\setuptools\build_meta.py", line 229, in build_wheel
      return self._build_with_temp_dir(['bdist_wheel'], '.whl',
    File "C:\Users\helene\AppData\Local\Temp\pip-build-env-kebrjlsz\overlay\Lib\site-packages\setuptools\build_meta.py", line 215, in _build_with_temp_dir
      self.run_setup()
    File "C:\Users\helene\AppData\Local\Temp\pip-build-env-kebrjlsz\overlay\Lib\site-packages\setuptools\build_meta.py", line 158, in run_setup
      exec(compile(code, __file__, 'exec'), locals())
    File "setup.py", line 216, in <module>
      setup(
    File "C:\Users\helene\AppData\Local\Temp\pip-build-env-kebrjlsz\overlay\Lib\site-packages\setuptools\__init__.py", line 163, in setup
      return distutils.core.setup(**attrs)
    File "C:\WinP\bd39\bucod\WPy64-3902\python-3.9.0rc1.amd64\lib\distutils\core.py", line 148, in setup
      dist.run_commands()
    File "C:\WinP\bd39\bucod\WPy64-3902\python-3.9.0rc1.amd64\lib\distutils\dist.py", line 966, in run_commands
      self.run_command(cmd)
    File "C:\WinP\bd39\bucod\WPy64-3902\python-3.9.0rc1.amd64\lib\distutils\dist.py", line 985, in run_command
      cmd_obj.run()
    File "C:\Users\helene\AppData\Local\Temp\pip-build-env-kebrjlsz\overlay\Lib\site-packages\wheel\bdist_wheel.py", line 290, in run
      self.run_command('build')
    File "C:\WinP\bd39\bucod\WPy64-3902\python-3.9.0rc1.amd64\lib\distutils\cmd.py", line 313, in run_command
      self.distribution.run_command(command)
    File "C:\WinP\bd39\bucod\WPy64-3902\python-3.9.0rc1.amd64\lib\distutils\dist.py", line 985, in run_command
      cmd_obj.run()
    File "C:\WinP\bd39\bucod\WPy64-3902\python-3.9.0rc1.amd64\lib\distutils\command\build.py", line 135, in run
      self.run_command(cmd_name)
    File "C:\WinP\bd39\bucod\WPy64-3902\python-3.9.0rc1.amd64\lib\distutils\cmd.py", line 313, in run_command
      self.distribution.run_command(command)
    File "C:\WinP\bd39\bucod\WPy64-3902\python-3.9.0rc1.amd64\lib\distutils\dist.py", line 985, in run_command
      cmd_obj.run()
    File "setup.py", line 161, in run
      raise Exception("ERROR: The 'make' utility is missing from PATH")
  Exception: ERROR: The 'make' utility is missing from PATH
  ----------------------------------------
  ERROR: Failed building wheel for pynacl
Failed to build cryptography pynacl

[stonebig]

well, apparently pip installs this one on python-3.9: "cryptography-3.1-cp36-abi3-win_amd64.whl"