[Python-checkins] peps: Add pip integration timeline to PEP 453
nick.coghlan
python-checkins at python.org
Tue Oct 15 14:33:26 CEST 2013
http://hg.python.org/peps/rev/39a7dfcb9ab9
changeset: 5194:39a7dfcb9ab9
user: Nick Coghlan <ncoghlan at gmail.com>
date: Tue Oct 15 22:33:12 2013 +1000
summary:
Add pip integration timeline to PEP 453
- timeline based on discussion with the 3.4 release team
and the pip devs
- also clarified the two trust models on offer (i.e. that
the PEP ensures trusting PyPI remains explicitly opt-in, just
as it has always been in the past)
files:
pep-0453.txt | 44 ++++++++++++++++++++++++++++++++++++---
1 files changed, 40 insertions(+), 4 deletions(-)
diff --git a/pep-0453.txt b/pep-0453.txt
--- a/pep-0453.txt
+++ b/pep-0453.txt
@@ -331,8 +331,8 @@
-----------------------
The design in this PEP has been deliberately chosen to avoid making any
-significant changes to the trust model of the CPython installers for end
-users that do not subsequently make use of ``pip``.
+significant changes to the trust model of CPython for end users that do
+not subsequently run the command ``pip install --upgrade pip``.
The installers will contain all the components of a fully functioning
version of Python, including the ``pip`` installer. The installation
@@ -340,8 +340,9 @@
trusting the security of the network connection established between
``pip`` and the Python package index.
-Only users that choose to use ``pip`` directly will need to pay
-attention to any PyPI related security considerations.
+Only users that choose to use ``pip`` to communicate with PyPI will
+need to pay attention to the additional security considerations that come
+with doing so.
Reliability considerations
@@ -401,6 +402,41 @@
updated for Python 3.4+
+Integration timeline
+--------------------
+
+Allowing ``pip`` to be bundled with CPython as a wheel file requires some
+adjustments to ``pip`` itself, so the proposed time frame for integration
+into CPython if this PEP is accepted is as follows:
+
+* by November 17th (1 week prior to the scheduled date of 3.4.0 beta 1)
+
+ Documentation updated and ``ensurepip`` implemented based on a beta release
+ of ``pip`` 1.5.
+
+* by November 24th (scheduled date of 3.4.0 beta 1)
+
+ All other proposed functional changes for Python 3.4 implemented,
+ including the installer updates to invoke ensurepip.
+
+* by December 29th (1 week prior to the scheduled date of 3.4.0 beta 2)
+
+ ``ensurepip`` updated to the final release of pip 1.5
+
+ PEP 101 updated to cover ensuring the bundled version of ``pip`` is up
+ to date.
+
+(See PEP 429 for the current official scheduled dates of each release. Dates
+listed above are accurate as of October 15th.)
+
+If there is no final release of ``pip`` 1.5 available the week before the
+scheduled Python 3.4 beta 2 release, then implementation of this PEP will
+be deferred to Python 3.5. Note that this scenario is unlikely - the final
+``pip`` 1.5 release could likely be ready for beta 1. However, it makes
+sense to defer the final release until after the ``ensurepip`` bootstrapping
+has seen some testing in a CPython beta release.
+
+
Proposed CLI
------------
--
Repository URL: http://hg.python.org/peps
More information about the Python-checkins
mailing list