[Python-checkins] peps: Add pip integration timeline to PEP 453

nick.coghlan python-checkins at python.org
Tue Oct 15 14:33:26 CEST 2013 

http://hg.python.org/peps/rev/39a7dfcb9ab9
changeset:   5194:39a7dfcb9ab9
user:        Nick Coghlan <ncoghlan at gmail.com>
date:        Tue Oct 15 22:33:12 2013 +1000
summary:
  Add pip integration timeline to PEP 453

- timeline based on discussion with the 3.4 release team
  and the pip devs
- also clarified the two trust models on offer (i.e. that
  the PEP ensures trusting PyPI remains explicitly opt-in, just
  as it has always been in the past)

files:
  pep-0453.txt |  44 ++++++++++++++++++++++++++++++++++++---
  1 files changed, 40 insertions(+), 4 deletions(-)


diff --git a/pep-0453.txt b/pep-0453.txt
--- a/pep-0453.txt
+++ b/pep-0453.txt
@@ -331,8 +331,8 @@
 -----------------------
 
 The design in this PEP has been deliberately chosen to avoid making any
-significant changes to the trust model of the CPython installers for end
-users that do not subsequently make use of ``pip``.
+significant changes to the trust model of CPython for end users that do
+not subsequently run the command ``pip install --upgrade pip``.
 
 The installers will contain all the components of a fully functioning
 version of Python, including the ``pip`` installer. The installation
@@ -340,8 +340,9 @@
 trusting the security of the network connection established between
 ``pip`` and the Python package index.
 
-Only users that choose to use ``pip`` directly will need to pay
-attention to any PyPI related security considerations.
+Only users that choose to use ``pip`` to communicate with PyPI will
+need to pay attention to the additional security considerations that come
+with doing so.
 
 
 Reliability considerations
@@ -401,6 +402,41 @@
   updated for Python 3.4+
 
 
+Integration timeline
+--------------------
+
+Allowing ``pip`` to be bundled with CPython as a wheel file requires some
+adjustments to ``pip`` itself, so the proposed time frame for integration
+into CPython if this PEP is accepted is as follows:
+
+* by November 17th (1 week prior to the scheduled date of 3.4.0 beta 1)
+
+  Documentation updated and ``ensurepip`` implemented based on a beta release
+  of ``pip`` 1.5.
+
+* by November 24th (scheduled date of 3.4.0 beta 1)
+
+  All other proposed functional changes for Python 3.4 implemented,
+  including the installer updates to invoke ensurepip.
+
+* by December 29th (1 week prior to the scheduled date of 3.4.0 beta 2)
+
+  ``ensurepip`` updated to the final release of pip 1.5
+
+  PEP 101 updated to cover ensuring the bundled version of ``pip`` is up
+  to date.
+
+(See PEP 429 for the current official scheduled dates of each release. Dates
+listed above are accurate as of October 15th.)
+
+If there is no final release of ``pip`` 1.5 available the week before the
+scheduled Python 3.4 beta 2 release, then implementation of this PEP will
+be deferred to Python 3.5. Note that this scenario is unlikely - the final
+``pip`` 1.5 release could likely be ready for beta 1. However, it makes
+sense to defer the final release until after the ``ensurepip`` bootstrapping
+has seen some testing in a CPython beta release.
+
+
 Proposed CLI
 ------------
 

-- 
Repository URL: http://hg.python.org/peps

More information about the Python-checkins mailing list