[Pythonmac-SIG] Upgrade to pip 9.0.3 (due to TLS deprecation)

[Sumana Harihareswara]

Mac users:

If you are running macOS/OS X version 10.12 or older, you need to
upgrade to the latest pip (9.0.3) to connect to the Python Package Index
securely:

    curl https://bootstrap.pypa.io/get-pip.py | python

Pip 9.0.3 supports TLSv1.2 when running under system Python on macOS <
10.13. Official release notes: https://pip.pypa.io/en/stable/news/

Context:

As PSF blogged last year
https://pyfound.blogspot.com/2017/01/time-to-upgrade-your-python-tls-v12.html
, on June 30, 2018, Python.org sites are going to entirely stop
supporting TLS versions 1.0 and 1.1, because our CDN provider is
deprecating support for those versions.

We are launching the new PyPI (in beta at https://pypi.org) this month
and replacing the legacy PyPI (https://pypi.python.org). Here's the beta
announcement for the new PyPI:
https://pyfound.blogspot.com/2018/03/warehouse-all-new-pypi-is-now-in-beta.html

Warehouse, the codebase for the new PyPI, does not support TLS 1.0 or 1.1.

We're warning our users early with this message. Also, as of late March,
the Python Package Index has started doing brownouts of the deprecated
TLS versions. For some portion of each hour, anyone attempting to access
PyPI with TLSv1.0 or TLSv1.1 will get a 403 response with an informative
error. As we get closer to the deadline, we will be ramping up the
amount of time the endpoint is down for the deprecated TLS versions. The
ultimate goal is to have it be 100% unavailable on and after April 8th,
prior to the final deadline (because we can give a good error message --
once June 30th hits, it will just be an uninformative OpenSSL error).

More info:

* https://github.com/pypa/warehouse/issues/3293
* https://github.com/pypa/warehouse/issues/3411
* https://status.python.org/incidents/btjtz01lzp88

Thank you. Please publicize this.

-- 
Sumana Harihareswara
Warehouse project manager
Changeset Consulting
https://changeset.nyc