> Should they leave it on Python 2 with zero security updates, or invest lots of time porting to python 3?
Leave it, of course. The only meaningful security risk at this point is something like heartbleed. We're talking security issue in 10 year battle hardened protocol. This is a fantastically rare case. Not something you need headcount on a constant basis to deal with.
"250M printers compromised by Google Cloud Print" is an ugly look. It won't matter at that time that Google rescued a beloved product from being Deep-Sixed.
Leave it, of course. The only meaningful security risk at this point is something like heartbleed. We're talking security issue in 10 year battle hardened protocol. This is a fantastically rare case. Not something you need headcount on a constant basis to deal with.