Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"The function time.clock() has been removed, after having been deprecated since Python 3.3"

Python 3.3 was release in 2012. You've had 8 years.



Well, technically we already moved to 3.8, after which needed a library that only works up until 3.7.

It would be nice if library developers kept their code up to date, but that doesn't always happen. Python core devs know this; well all know this, yet they consciously screw with the core libraries with the principle, caveat emptor.

I don't understand why they don't ear-mark these changes for 4.0. These kind of things are a universal frustration with the community and they are so easily avoidable.


What difference would it make whether the change had been called 3.8 or 4.0?


I'm confused, who exactly has had 8 years to do what? Should he have dumped the crypto module because it was using a deprecated feature?


The reason the crypto module was using this particular deprecated feature is that it hasn't been updated at all in 8 years.

The OP should have dropped it because it's unmaintained, and a maintained replacement has existed for a long time: https://cryptography.io/

This is an especially important consideration for security-critical libraries like cryptographic libraries.


See, when you explain what's wrong it's so much better than just blaming the victim with "You've had 8 years"!


One issue the ecosystem currently has, really (and its not the only one, I believe it's difficult almost everywhere), is that tracking dependency-rot is hard. Unless something breaks outright, you'll never know if a library has been abandoned; and manually checking dozens of github/gitlab repos is expensive and tedious.

Pypi has an api (https://pypi.org/pypi/<pkg-name>/json) that can be leveraged to implement alerts like "this pkg last released 5 years ago, it might be dead!". I guess that's what the "security" package uses already. It would be cool if they added an option to report on this sort of thing.


OP here, thanks a bunch for this! I will take your advice and dump the crypto library for this one.


this is text from maual:

> Deprecated since version 3.3, will be removed in version 3.8: The behaviour of this function depends on the platform: use perf_counter() or process_time() instead, depending on your requirements, to have a well defined behaviour.

I would be wary of any crypto library that continued to work with a warning for 8 years and no one bothered to fix it. Most likely no one was maintaining it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: