In case my previous comment wasn't clear enough: I was saying Debian et. al. keeping /usr/bin/python as Python 2 shouldn't be taken as a sign that Python 2 is the "default Python" in those distros.
(Similarly, having `python` and `python3` in Homebrew doesn't have to mean Python 2.7 is the default. However, if we migrate to `python` and `python@2` β again, the latter is very unpleasant β we're clearly making a choice there.)
And to expand a little bit on PEP 394: it talks about `python`, not `/usr/bin/python`, so it does cover `/usr/local/bin/python` when there is one. [The first thing](https://docs.python.org/3/tutorial/index.html) a Python newcomer is (or should be) taught is invoking the interpreter as `python3` and using `python3` in the shebang, so making `/usr/local/bin/python` point to a Python 3 really doesn't earn you much other than breaking some old `#!/usr/bin/env python` scripts.
> /usr/bin/python is still Python 2 on Ubuntu, Debian and Fedora, while it's not installed by default.
`/usr/bin/python` being a symlink to Python 2 is the convention *and* the recommendation of [PEP 394](https://www.python.org/dev/peps/pep-0394/). Debian does encourage Python 3 adoption as long as it's supported.
Also, the comparison is not very useful because Debian is known to be conservative, and Ubuntu isn't too far from Debian in that regard. I don't know enough about Fedora to say either way. Meanwhile, Homebrew is progressive most of the time.
P.S. I'm not personally in favor of this migration at the moment, but just want to lay out some facts. I suppose I would be much less grumpy if we end up with `python2` instead of a god awful `python@2` which people will have to type by hand (not me; I just use pyenv).
I gently reminded them that MD5 was cracked more than a decade ago. (Though I forgot at the moment that a practical preimage attack on MD5 was yet to be found.)
Got a reply from one of the developers:
> > According to the download page
> > <http://www.valgrind.org/downloads/current.html>, the tarball of the 3.13.0 is
> > hosted at sourceware.org
> > (<ftp://sourceware.org/pub/valgrind/valgrind-3.13.0.tar.bz2>). Is this legit?
> > Just want to make sure, because releases up until 3.12.0 were all hosted
> > directly on valgrind.org.
> >
>
> Yes it is. We will also soon move the code repository from subversion on
> svn.valgrind.org to git on sourceware. Website will most likely stay on
> valgrind.org and the bug tracker on bugs.kde.org.
>
https://sourceforge.net/p/valgrind/mailman/message/35897582/
I sent an email to valgrind-users. Probably will show up in the archive later. https://sourceforge.net/p/valgrind/mailman/valgrind-users/?style=threaded
**Update.** Here it is: https://sourceforge.net/p/valgrind/mailman/message/35897473/
I opened this PR very soon after their [release announcement](https://sourceforge.net/p/valgrind/mailman/message/35897206/). I assume they checked their download page before sending out the announcement, and I doubt they were hacked minutes after that. Anyway, I can send an email to the mailing list for confirmation if you want to be extra cautious.
> I approved since i checked the changes and they look good for me.
Yeah, although technically GitHub allows you to do that, as I said approval from a non-maintainer is pointless (no offense). PRs (especially the green ones) are routinely merged here at maintainers' leisure. A "please merge this" comment doesn't expedite the process, except maybe on a neglected old PR, where a gentle bump might help. (I say this from the experience of a long term contributor and ex-maintainer.)
@amallia Of course it will be merged sooner or later...
Are you a new maintainer? If not, please don't abuse the approval feature; it's pointless and confusing...
The FTP URL comes from http://www.valgrind.org/downloads/current.html#current. http://valgrind.org/downloads/valgrind-3.13.0.tar.bz2, as one would expect from past URLs, is not available.