If it's so important to them, you'd think they could put some money toward support. I don't see them on <a href="https://www.python.org/psf/sponsorship/sponsors/" rel="nofollow">https://www.python.org/psf/sponsorship/sponsors/</a> Even if they're not paying the core Python devs, they could probably afford to have security fixes patched for three months until the migration is finished.
The bit at the end of the article links to a post by the UK's cyber security center exhorting library developers to consider that they are holding back clients of their library by not providing a Python 3 compatible version.<p>I find that amusing. I would argue much more of the responsibility here lies with consumers of libraries written by someone else to understand what that means. Partly it means the library author might stop supporting it or might not provide upgrades. Plan accordingly.