In the past, I've said that one of our options for continuing to run Python 2 programs after Linux distributions stop packaging Python 2 at all is PyPy. As part of thinking about this, I've found that PyPy starts fast enough for our Python 2 commands and I've surveyed Linux distributions to see what versions of PyPy they packaged (in late 2020). An implicit subtext of the latter exercise, as with my periodic surveys of CPython versions on our Linux distribution, is that I was assuming we would use the distribution's packaged version of PyPy. I've now changed my mind about that.

Using a packaged version of CPython 2 is clearly the right answer. Building your own version has various hassles and problems, and you generally want at least /usr/bin/python2 to work and your distribution owns that part of the namespace. If the distribution doesn't have its own version any more, you're at least going to want to make your own package for it and install it through your distribution's package management system. Well, you don't have to, especially if you build it to /usr/local/python2.7 or /opt/python2.7 or the like, but it's probably better.

As I've found out, PyPy doesn't have to be handled like that. PyPy binary distributions are easy to install by hand because they unpack to simple, self contained directory trees that can be put anywhere and just work. Given that PyPy distributes a single package for all Linux distribution versions, a single binary version can even work across all of our various Ubuntu versions. Since Python 2.7 is frozen, this is probably not deeply important, but it's still nice to know that all of our machines would be using the same, up to date PyPy version. Since most of our Python programs already run from our central administrative filesystem, the logical place to put PyPy itself is on that filesystem.

Installing our own version of PyPy is a change from how we usually do things, but it's not very difficult and it avoids having to wrestle with both outdated versions of PyPy and different versions of PyPy (potentially with different behavior) on different versions of Ubuntu. Since using one, coherent, up to date version of PyPy is so simple, we might as well.

Despite how easy to install it would be, we will probably not switch to PyPy unless we're forced to by a lack of distribution CPython 2 packages, and probably also problems building our own. Continuing on with CPython 2 is currently the easy and safe way, and although some of our administrative programs run faster in PyPy, this isn't a particularly compelling advantage for programs that only run for a second or two anyway.

PS: Our remaining Python 2 administrative programs don't use OpenSSL, so we wouldn't be affected if there was an OpenSSL issue that required PyPy to update their bundled OpenSSL (either a security issue or, say, a TLS certificate chain handling issue). You may not be so lucky.