In August, the UK's National Cyber Security Centre (NCSC) warned that organizations should migrate code off Python 2 because from January 1, 2020 it will no longer receive security fixes.
"If you continue to use unsupported modules, you are risking the security of your organization and data, as vulnerabilities will sooner or later appear, which nobody is fixing," it said.
That problem is compounded by developers who created dependencies or software libraries with Python 2, which in turn prevent developers downstream from upgrading to Python version 3.
It's been a slow road to getting developers to migrate code bases to Python 3, which was launched in 2008. Six years before Python 2 would reach the end of its life, the recently retired Python creator Guido van Rossum declared in 2014 that "it's time to move on to Python 3".
SEE: Six in-demand programming languages: Getting started (free PDF)
There's even a countdown clock to remind people exactly how many minutes of support remain for Python 2.7. It's currently just one month plus a few hours over 16 days.
Vicki Boykis, a US-based data scientist, has now outlined on the Stack Overflow blog her views on why it's taking developers so long to port their Python 2 code to Python 3.
She places some of the blame on van Rossum's description of Python 3 in the official 'Python Enhancement Proposals' (PEP) document, which initially characterized Python 3 as a "relatively mild improvement on Python 2".
"Many people didn't switch for what they perceived to be as mostly an inconvenience," writes Boykis. "At that time, the largest difference was changing of the print statement to Python function syntax, which broke a lot of code. As a result, Python 2 continued to be in active development."
Another major obstacle to Python 3 migration has been that it is not backwards compatible with Python 2.
"As a result, major libraries were hesitant to move to the platform, and in a self-fulfilling prophecy, and it was hard to port the code with a lack of supporting tools," she notes.
Fortunately, over the years Python 3 has gained substantial feature improvements that have helped it become the default for new development. But that's not necessarily true for existing projects.
Nevertheless, while dependencies can be a drag on Python 3 migration, progress has been made. Following a survey of Python developers, IDE maker JetBrains predicted that all developers would move to Python 3 before Python 2's end of life.
Also helpful have been major Python 2 to Python 3 migrations, which happened at Dropbox in the fall of 2018. Dropbox of course had hired van Rossum to help manage its massive four million lines of Python code. Other major Python 3 migrations have happened at Instagram and Facebook in recent years.
But while tech giants may have successfully migrated, Boykis reckons some enterprise organizations, such as banks, will keep on using Python 2. Hence NCSC's alert, which was probably aimed at the UK's massive banking sector.
JPMorgan's Athena trading platform is reportedly built on 35 million lines of Python 2.7 code and, according to a report by eFinancialCareers, the banking giant only kicked off its Python migration in late 2018. Instagram started its migration in 2017.
Boykis points out that as of September 2019 at least 40% of all packages downloaded from The Python Package Index (PyPI) are from version 2.7. That proportion has declined but it is still a striking number, given the closeness of Python 2's end of life.
"Most large organizations, outside the hype cycle of technical news posts, move much more slowly than the press or blogs would have you think. Most major banks are still running some variation of Fortran and COBOL under the covers, for example," writes Boykis.
"With regards to Python 2, we'll see that 40% number shrink further in 2020, but the changes will be incremental, and there will be companies running Python 2.7 well into the future."