iSharkFly-Open
/
python-peps
mirror of https://github.com/python/peps.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add pip integration timeline to PEP 453 

- timeline based on discussion with the 3.4 release team
  and the pip devs
- also clarified the two trust models on offer (i.e. that
  the PEP ensures trusting PyPI remains explicitly opt-in, just
  as it has always been in the past)
This commit is contained in:
Nick Coghlan 2013-10-15 22:33:12 +10:00
parent 0a513228dc
commit 92d4dbf0ec
1 changed files with 40 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
pep-0453.txt
View File

@ -331,8 +331,8 @@ Security considerations
-----------------------
The design in this PEP has been deliberately chosen to avoid making any
significant changes to the trust model of the CPython installers for end
users that do not subsequently make use of ``pip``.
significant changes to the trust model of CPython for end users that do
not subsequently run the command ``pip install --upgrade pip``.
The installers will contain all the components of a fully functioning
version of Python, including the ``pip`` installer. The installation
@ -340,8 +340,9 @@ process will *not* require network access, and will *not* rely on
trusting the security of the network connection established between
``pip`` and the Python package index.
Only users that choose to use ``pip`` directly will need to pay
attention to any PyPI related security considerations.
Only users that choose to use ``pip`` to communicate with PyPI will
need to pay attention to the additional security considerations that come
with doing so.
Reliability considerations
@ -401,6 +402,41 @@ can be carried out in any order):
updated for Python 3.4+
Integration timeline
--------------------
Allowing ``pip`` to be bundled with CPython as a wheel file requires some
adjustments to ``pip`` itself, so the proposed time frame for integration
into CPython if this PEP is accepted is as follows:
* by November 17th (1 week prior to the scheduled date of 3.4.0 beta 1)
Documentation updated and ``ensurepip`` implemented based on a beta release
of ``pip`` 1.5.
* by November 24th (scheduled date of 3.4.0 beta 1)
All other proposed functional changes for Python 3.4 implemented,
including the installer updates to invoke ensurepip.
* by December 29th (1 week prior to the scheduled date of 3.4.0 beta 2)
``ensurepip`` updated to the final release of pip 1.5
PEP 101 updated to cover ensuring the bundled version of ``pip`` is up
to date.
(See PEP 429 for the current official scheduled dates of each release. Dates
listed above are accurate as of October 15th.)
If there is no final release of ``pip`` 1.5 available the week before the
scheduled Python 3.4 beta 2 release, then implementation of this PEP will
be deferred to Python 3.5. Note that this scenario is unlikely - the final
``pip`` 1.5 release could likely be ready for beta 1. However, it makes
sense to defer the final release until after the ``ensurepip`` bootstrapping
has seen some testing in a CPython beta release.
Proposed CLI
------------