https://prefect.io logo
Join Slack
Powered by
Does anyone know what percentage of folks are stil...
# ask-community
j
Does anyone know what percentage of folks are still using Prefect v1? Anyone else stuck on the migration to modern versions?
n
hi @Jared Rhodes - we have some numbers but its hard to know real percentages bc people use all versions of the open source in different capacities. my sense is that most (90%+) people are on 2 or 3 at this point. probably over half on 3.x at this point (i am guessing)
if there's something specific you're having trouble with, let me know and I can probably point you at some resources
here's a youtube series on getting started with prefect 3.x you'll find (at least) 2 big changes and a bunch of smaller changes between 1.x and 3.x (2.x and 3.x are mostly the same) • no more 
with Flow(...) as flow
, its all just 
@flow
on some function, and you can do subflows • deployments combine: flow that lives in a storage location with an execution environment config ◦ deployments have a 
work_pool_name
(similar to the infra config object that went in the flow in prefect 1) ◦ deployments must know where your code lives in storage (ie github, s3, or baked into an image)
j
Thanks for the info @Nate, this is very informative! At my company, we actually work with a lot of open source projects to provide commercial support for EOL versions of open source software for those that are still using older versions and their migration timelines leave them potentially vulnerable to existing CVEs (ie they can't migrate before EOL for some reason). I was doing some CVE research and stumbled upon some CVEs that exist for v1 and that v1 was EOL. My question is, why are some users still using the older versions and how are they remediating the vulnerabilities? Or is this not a huge concern for v1 users?
For example, this is a High Severity CVE that I am wondering how they are remediating if not by migrating? https://security.snyk.io/vuln/SNYK-PYTHON-PREFECT-6068118
@Nate you might not know, but was curious if this has been a community topic or any thoughts on the matter might help! TIA
n
why are some users still using the older versions
I think there are as many answers as there are parties using v1 🙂 in general, I'd say just slower iteration cycles / maybe they wrote too much abstraction coupled to v1 ideas
how are they remediating the vulnerabilities
this is sort of a non-answer, but "upgrading" i would say is the most common way to deal with CVEs, since we don't update v1 for any reason at this point. but otherwise, I'm sure people have implemented lower level workarounds if they're stuck with v1 for some reason
j
Your answers are not surprising based on my experience researching and working with thousands of companies stuck on older versions of open source. @Nate Based on your experience in the Prefect ecosystem and community, do you think there would be an appetite for extended long-term support for v1 that focuses on security patches to remediate CVEs? So I am not being too cagey - I work for a company called HeroDevs (Herodevs.com), and I have been looking into other types of open source we can expand into, Prefect ranked high on my list when doing research. (not an ad or anything, just didn't want to seem shadowy or not transparent for my reasons for asking these questions).
n
do you think there would be an appetite for extended long-term support for v1 that focuses on security patches to remediate CVEs
hmm i think I would direct you to chris, who would be better qualified to answer this. I can tag him tomorrow about this since its a bit late now
4 Views
Open in Slack
PreviousNext
Powered by