Python 3.7 was first released on 2018-06-27 and recently reached end-of-life on 2023-06-27 (PEP 537).
This means it is no longer receiving security updates and you should upgrade to a newer version (at least 3.8, but preferably 3.11):
However, if you look at download numbers from PyPI, 3.7 still accounts for a large share. 3.7 accounted for 25% of all downloads from PyPI in July 2023, compared with 27% for 3.8:
But why does such an old Python version have so many downloads?
All downloads
Let's dig into the numbers using a handy tool called pypinfo, which helps us analyse the PyPI data from Google BigQuery.
This command fetches all of yesterday's downloads per Python version:
pypinfo --days 1 --percent --markdown "" pyversion
Python version | percent | download count |
---|---|---|
3.8 | 25.00% | 189,678,872 |
3.7 | 23.35% | 177,150,010 |
3.9 | 20.25% | 153,663,903 |
3.10 | 15.52% | 117,751,108 |
3.11 | 6.90% | 52,381,884 |
3.6 | 6.29% | 47,749,879 |
2.7 | 2.32% | 17,602,650 |
3.5 | 0.23% | 1,778,388 |
3.4 | 0.10% | 770,135 |
3.12 | 0.03% | 224,223 |
3.13 | 0.00% | 3,920 |
3.3 | 0.00% | 1,165 |
2.8 | 0.00% | 57 |
3.2 | 0.00% | 35 |
None | 0.00% | 3 |
Total | 758,756,232 |
All downloads by OS
But what happens if we check which distros are responsible for those downloads?
This command gives us the top 20:
pypinfo --days 1 --limit 20 --percent --markdown "" system distro pyversion
system name | distro name | Python version | percent | download count |
---|---|---|---|---|
Linux | Ubuntu | 3.8 | 18.87% | 128,991,062 |
Linux | Amazon Linux | 3.7 | 14.44% | 98,738,952 |
Linux | Ubuntu | 3.9 | 12.14% | 83,019,828 |
Linux | Ubuntu | 3.10 | 9.66% | 66,019,309 |
Linux | Ubuntu | 3.7 | 5.89% | 40,257,060 |
Linux | Debian GNU/Linux | 3.8 | 5.70% | 38,958,367 |
Linux | Debian GNU/Linux | 3.9 | 5.63% | 38,482,436 |
Linux | Debian GNU/Linux | 3.7 | 4.25% | 29,035,532 |
Linux | Debian GNU/Linux | 3.10 | 4.15% | 28,348,346 |
Linux | Debian GNU/Linux | 3.6 | 3.14% | 21,441,883 |
Linux | Ubuntu | 3.11 | 3.01% | 20,570,619 |
Linux | Debian GNU/Linux | 3.11 | 2.72% | 18,588,584 |
Linux | Amazon Linux | 3.9 | 2.43% | 16,593,595 |
Linux | CentOS Linux | 3.6 | 1.70% | 11,605,142 |
Linux | Amazon Linux | 3.8 | 1.47% | 10,035,087 |
Linux | Amazon Linux | 3.10 | 1.46% | 9,969,514 |
Linux | Ubuntu | 2.7 | 1.02% | 6,960,697 |
Linux | Amazon Linux AMI | 3.6 | 0.79% | 5,390,823 |
Linux | Ubuntu | 3.6 | 0.79% | 5,388,370 |
Windows | None | 3.10 | 0.76% | 5,227,519 |
Total | 683,622,725 |
We can see Ubuntu with 3.8 is responsible for the largest share of 17%. (That's fine, 3.8 is supported until 2024-10-14.)
The next is Amazon Linux with 3.7, responsible for a whopping 15% of all downloads!
The others responsible for 3.7 have a much lower share: Ubuntu (6%) and Debian (4%).
Tip: replace ""
in the commands above with a package name to get data for just that package, for example:
pypinfo --days 1 --limit 20 --percent --markdown requests system distro pyversion
Header photo: Space shuttle Discovery landing at Edwards Air Force Base, California, 9th December, 1992 (source: NASA on The Commons
Top comments (5)
What about doing a little bit more of effort and research what level of support have those distros for those python versions? Packagers do backport security fixes for those versions. (I'm mostly talking about Debian and Ubuntu, WhoTheFsck knows what Amazon does).
Also, 3 captchas and gazillion offers just to open a fake account to come and write this comment? At least it doesn't use dark patterns, and everything is opt-in, so thanks for that. And of course I already have a notification...
As requested, I've done a little bit more of effort and researched what level of support those distros have for those Python versions.
Let's first check which distro versions are involved:
Some of those distro versions are themselves EOL, let's ignore those.
Of the supported distro versions with EOL Python:
Amazon Linux 2: EOL 2025-06-30
Debian 10: EOL 2024-06-30
CentOS 7: 2024-06-30
As we can see, Amazon Linux 2 again accounts for a large share.
However, the point I'd like to make is if distro packagers wish to support Python versions beyond EOL, that is fine, and if they wish to support Python packages for those EOL versions, that is also fine.
But orthogonally, I suggest upstream Python package maintainers may give up the burden of supporting EOL releases and spend their time and resources on other features and fixes.
PS Thank you for the feedback on the process of opening a fake account. Sorry it's a hassle to sign up, but good to hear about the lack of dark patterns.
Amazon Linux does indeed backport security fixes to versions of Python we continue to support beyond the upstream End of Life.
For Amazon Linux 2, this includes Python 2.7 and 3.7. Below are some of the advisories we've issued from the start of 2020 onwards that relate to the python (as in Python 2.7) and python3 (as in Python 3.7) packages in Amazon Linux 2:
We got asked a lot about Python 2.7, and we added items to the Amazon Linux 2 FAQ up at aws.amazon.com/amazon-linux-2/faqs/ explaining why there is still Python 2.7 in Amazon Linux 2:
Thanks for the reply @stewartsmith!
Do you have a plan/schedule for updating from Python 3.7 to something newer?
There’s two parts to moving to something newer for Python on Amazon Linux (and any other Linux distribution): 1) when can/do you offer something newer for customers to opt-in to for their code, 2) when do you switch the default (ie what /usr/bin/python3).
One of the challenges is that Python has been successful! People like writing things in Python, thus a non-trivial amount of functionality in a modern Linux distribution is written in Python.
Within a stable version of the OS such as AL2, it’s not really possible to update the system python (/usr/bin/python3) without breaking a lot of things (including customer workloads), so it’s something we need to do across major release boundaries. Which is why we have offered options to customers to be able to move their workloads to newer versions of Python without breaking system components. We offered multiple versions on AL2, and now do in AL2023 as well.
In Amazon Linux 2023, we have Python 3.9 as the system Python, and 3.11 as an option that customers can choose to run their workloads on.