[Python-Dev] pip 20.3 release (new resolver as default)
On behalf of the PyPA and the pip team, I am pleased to announce that we have just released pip 20.3, a new version of pip. You can install it by running `python -m pip install --upgrade pip`. This is an important and disruptive release -- we [explained why in a blog post last year](https://pyfound.blogspot.com/2019/12/moss-czi-support-pip.html). We even made [a video about it](https://www.youtube.com/watch?v=B4GQCBBsuNU). ## Highlights * **DISRUPTION**: Switch to the new dependency resolver by default. (#9019) Watch out for changes in handling editable installs, constraints files, and more: https://pip.pypa.io/en/latest/user_guide/#changes-to-the-pip-dependency-resolver-in-20-3-2020 * **DEPRECATION**: Deprecate support for Python 3.5 (to be removed in pip 21.0) (#8181) * **DEPRECATION**: pip freeze will stop filtering the pip, setuptools, distribute and wheel packages from pip freeze output in a future version. To keep the previous behavior, users should use the new `--exclude` option. (#4256) * Substantial improvements in new resolver for performance, output and error messages, avoiding infinite loops, and support for constraints files. * Support for PEP 600: Future ‘manylinux’ Platform Tags for Portable Linux Built Distributions. (#9077) * Documentation improvements: Resolver migration guide, quickstart guide, and new documentation theme. * Add support for MacOS Big Sur compatibility tags. (#9138) The new resolver is now *on by default*. It is significantly stricter and more consistent when it receives incompatible instructions, and reduces support for certain kinds of constraints files, so some workarounds and workflows may break. Please see [our guide on how to test and migrate, and how to report issues](https://pip.pypa.io/en/latest/user_guide/#changes-to-the-pip-dependency-resolver-in-20-3-2020). You can use the deprecated (old) resolver, using the flag `--use-deprecated=legacy-resolver`, until we remove it in the pip 21.0 release in January 2021. You can find more details (including deprecations and removals) [in the changelog](https://pip.pypa.io/en/stable/news/). ## User experience Command-line output for this version of pip, and documentation to help with errors, is significantly better, because you worked with our experts to test and improve it. [Contribute to our user experience work: sign up to become a member of the UX Studies group](https://bit.ly/pip-ux-studies) (after you join, we'll notify you about future UX surveys and interviews). ## What to expect in 20.1 We aim to release pip 20.1 in January 2021, per our [usual release cadence](https://pip.pypa.io/en/latest/development/release-process/#release-cadence). You can expect: * Removal of [Python 2.7](https://pip.pypa.io/en/latest/development/release-process/#python-2-support) and 3.5 support * Further improvements in the new resolver * Removal of legacy resolver support ## Thanks As with all pip releases, a significant amount of the work was contributed by pip's user community. Huge thanks to all who have contributed, whether through code, documentation, issue reports and/or discussion. Your help keeps pip improving, and is hugely appreciated. Specific thanks go to Mozilla (through its [Mozilla Open Source Support](https://www.mozilla.org/en-US/moss/) Awards) and to the [Chan Zuckerberg Initiative](https://chanzuckerberg.com/eoss/) DAF, an advised fund of Silicon Valley Community Foundation, for their funding that enabled substantial work on the new resolver. That funding went to [Simply Secure](https://simplysecure.org/) (specifically Georgia Bullen, Bernard Tyers, Nicole Harris, Ngọc Triệu, and Karissa McKelvey), [Changeset Consulting](https://changeset.nyc/) (Sumana Harihareswara), [Atos](https://www.atos.net) (Paul F. Moore), [Tzu-ping Chung](https://uranusjr.com), [Pradyun Gedam](https://pradyunsg.me/), and Ilan Schnell. Thanks also to Ernest W. Durbin III at the Python Software Foundation for liaising with the project. -Sumana Harihareswara, pip project manager ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/56ILRE26U4KU55YNVY2GQMGYYCEXPW74/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Re: pip 20.3 release (new resolver as default)
Incidentally, I should have mentioned in my original announcement: pip 20.3 turned the new resolver on by default for Python 3 users. When users use pip 20.3 in a Python 2 environment, the old dependency resolver is still the default. (Further discussion: https://github.com/pypa/pip/issues/9194 .) pip 21.0 in January will remove Python 2 support: https://pip.pypa.io/en/latest/development/release-process/#python-2-support . -- Sumana Harihareswara Changeset Consulting https://changeset.nyc ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/4ZQWWH7RWDTQ4MUGQKX2DQYNDWPJ2CL5/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Re: The Python 2 death march
Hi. I've joined python-dev to participate in this thread (I don't have email delivery turned on; I'll be checking back via the web). Benjamin, I am sorry that I didn't check in with you, and assumed that January 1, 2020 would be the the date of the final 2.7 point release. (My understanding was based on Guido's EOL announcement from March last year https://mail.python.org/pipermail/python-dev/2018-March/152348.html -- I should have also gotten a review from you and not just the Steering Council in https://github.com/python/steering-council/issues/14 .) I'm going to continue this discussion here so I can make sure I understand the policy decision properly, and then (if necessary) update the FAQ. Based on what I've read here and what I see in https://www.python.org/dev/peps/pep-0373/#maintenance-releases , it sounds like the timeline will go something like: * 2019-10-19: release of 2.7.17 October * October, November, and December 2019: developers continue to fix issues in 2.7 * 2020-01-01: code freeze for 2.7.18 release candidate * January and February 2020: flexibility to fix any issues introduced since the 2.7.17 release, but no other bugs or security issues, and no 3.x backports * ~2020-04-02: release candidate for 2.7.18 * 2020-04-17: final 2.7.18 release Is this right? (If so, I can submit an update to PEP 373.) This is a little more complicated than I had anticipated when communicating out about the sunsetting. But I can find a way either to concisely communicate this, or to point to a user-friendly explanation elsewhere. Thanks. -- Sumana Harihareswara Changeset Consulting https://changeset.nyc ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/MXCGMTXDY7BX6JBBU36O5YFRWWBB3NQE/
[Python-Dev] PEP 458: Secure PyPI downloads with package signing
Hi! I'm forwarding this on behalf of Marina Moore https://github.com/mnm678 . - Sumana Harihareswara --- PEP 458 ( https://www.python.org/dev/peps/pep-0458/ ) proposes using The Update Framework (TUF) to allow users of PyPI to verify that the packages they install originate from PyPI. Implementing this PEP would provide protection in the event of an attack on PyPI, its mirrors, or the network used to install packages. We started this PEP in 2013, and have recently revised it and restarted discussion. Recent discussion and revision of the PEP has been taking place on Discourse ( https://discuss.python.org/t/pep-458-secure-pypi-downloads-with-package-signing/2648/44 ). The PEP is ready for review and I look forward to your feedback! Thanks, Marina Moore PEP 458 coauthor ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/ARJLCFBZJYTDXHRMK6YP5SNAHD34HNR5/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Re: The Python 2 death march
Per https://discuss.python.org/t/petition-abandon-plans-to-ship-a-2-7-18-in-april/2946/ I have now: * written a PR to update PEP 373 to mark that the code freeze happened on 1 January https://github.com/python/peps/pull/1304 * updated the Python 3 Q&A http://python-notes.curiousefficiency.org/en/latest/python3/questions_and_answers.html#when-is-the-last-release-of-python-2-7-coming-out similarly https://bitbucket.org/ncoghlan/misc/pull-requests/21/update-python-3-q-a-to-reflect-that-sunset/diff * added a "what happens now?" section to https://www.python.org/doc/sunset-python-2/ -- Sumana Harihareswara ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/BQUVV2RUHFGMIBWWTTQQJS2VUSVV4OMS/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Re: PEP 458: Secure PyPI downloads with package signing
Donald Stufft wrote today https://discuss.python.org/t/pep-458-secure-pypi-downloads-with-package-signing/2648/110 : > It looks like discussion about the actual meat and potatoes of this PEP has > petered out. Unless someone has an objection, I intend to accept this PEP on > Friday. ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/XD352RZMWEJHTXIYI5ZBKHNY5FS5FZGD/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Re: The Python 2 death march
Benjamin: now that PyCon 2020 has been cancelled, are you considering releasing 2.7.18 slightly earlier? -- Sumana Harihareswara Changeset Consulting https://changeset.nyc ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/MXUUU5FBELEXNCTXLIDP633XTIRXG6W4/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Re: The Python 2 death march
On 3/27/20 12:49 PM, Sumana Harihareswara wrote: Benjamin: now that PyCon 2020 has been cancelled, are you considering releasing 2.7.18 slightly earlier? (I ask because: before you do that, I would like to submit some changes to the documentation for the 2.7 branch, to indicate to users that they ought to switch to Python 3.) Sumana Harihareswara Changeset Consulting https://changeset.nyc ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/BH34OE3TBPF32V4QPGQRMQ5NXGO52EN7/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Re: The Python 2 death march
I'm sorry, I should have been more specific. I'm talking about the "switch to Python 3" banner that we need to add per discussion in https://github.com/python/steering-council/issues/3 . I am pretty sure it's not too late for that. -Sumana On 3/29/20 10:23 AM, Victor Stinner wrote: IMHO it's too late to touch the Python 2.7 documentation. Victor Le dim. 29 mars 2020 à 16:01, Sumana Harihareswara a écrit : On 3/27/20 12:49 PM, Sumana Harihareswara wrote: Benjamin: now that PyCon 2020 has been cancelled, are you considering releasing 2.7.18 slightly earlier? (I ask because: before you do that, I would like to submit some changes to the documentation for the 2.7 branch, to indicate to users that they ought to switch to Python 3.) ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/JDEX5KGNH7EY7KA2S4EZZBS4Q3BX3KHI/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Re: The Python 2 death march
Thanks. I'm working to get https://github.com/python/steering-council/issues/3 resolved by April 17th to add an informational header to all the deep links within https://docs.python.org/2/* . I welcome help on the pull requests linked from that issue (such as https://github.com/python/cpython/pull/19229 ), and on the question Leonard Richardson asks there regarding https://github.com/python/devguide/blob/master/devcycle.rst . ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/S5Y6422FVG27LJ5PQXKJXRV567WKZTPZ/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Re: The Python 2 death march
Benjamin or others: could you please review https://github.com/python/cpython/pull/19229 to "Add an optional obsolete header." to the 2.7 documentation today or tomorrow? Much thanks. ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/6K5TB2PH5DIK3LBM6XLCLCREW5PLKNIY/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Announcement: pip 20.1b1 beta release
On behalf of the PyPA, I am pleased to announce that a beta release of pip, pip 20.1b1, has been released. I hope you will help us by testing this and checking for new bugs in how pip deals with complicated projects and dependencies. The highlights for this release are: * Significant speedups when building local directories, by changing behavior to perform in-place builds, instead of copying to temporary directories. * Significant speedups in `pip list --outdated`, by parallelizing network access. This is the first instance of parallel code within pip's codebase. * A new `pip cache` command, which makes it possible to introspect and manage pip's cache directory. * Better `pip freeze` for packages installed from direct URLs, enabled by the implementation of PEP 610. We would be grateful for all the testing that users could do to ensure that, when pip 20.1 is released, it's as solid as we can make it. You can upgrade to this beta with `python -m pip install -U --pre pip`. This release also contains an alpha version of pip's next generation resolver. It is **off by default** because it is **unstable and not ready for everyday use**. If you're curious about this, please visit this GitHub issue about the resolver, what doesn't work yet, and what kind of testing would help us out https://github.com/pypa/pip/issues/8099 . The full changelog is available. https://pip.pypa.io/en/latest/news/ As with all pip releases, a significant amount of the work was contributed by pip's user community. Huge thanks to all who have contributed, whether through code, documentation, issue reports and/or discussion. Your help keeps pip improving, and is hugely appreciated. Specific thanks go to Mozilla (through its Mozilla Open Source Support Awards) and to the Chan Zuckerberg Initiative DAF, an advised fund of Silicon Valley Community Foundation, for their support that enabled the work on the new resolver. -- Sumana Harihareswara pip project manager under contract with Python Software Foundation Changeset Consulting https://changeset.nyc ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/HDXSZX5GOOCKRHKTD6ERJIZCYM6HYSQP/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Re: Announcement: pip 20.1b1 beta release
Thanks for the testing, all. Pip 20.1 is now out and https://pip.pypa.io/en/latest/news/ has the changes since the beta. -- Sumana Harihareswara Changeset Consulting https://changeset.nyc ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/74B6RDZU3UYO5XY3IDXGKJAOB3LDRGBF/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] help test pip resolver (surfacing dependency conflicts)
This is a note to alert you to https://discuss.python.org/t/announcement-pip-20-2b1-release/4242 and https://discuss.python.org/t/pip-ux-studies-test-pips-new-resolver-and-help-us-document-dependency-conflicts/4238 . A new beta release of pip, 20.2b1, has been released! And we're asking for your help to test pip's new resolver, and to spread the word about this call for testing; we're pushing to get the word out to maintainers of Python projects with complex dependencies. Thanks, Sumana Harihareswara working on pip ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/2RNGWPVH52NEAZHOMRLXFB6YLAIA22QZ/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Fwd: [pypi-announce] upgrade to pip 20.2 -- plus changes coming in 20.3
A new pip is out. Please see below, upgrade, and let us know if you/your users start to have trouble. In particular, we need your feedback on the beta of the new dependency resolver, because we want to make it the default in the October release. best, Sumana Harihareswara, pip project manager Forwarded Message Subject: [pypi-announce] upgrade to pip 20.2 -- plus changes coming in 20.3 Date: Thu, 30 Jul 2020 11:24:58 -0400 From: Sumana Harihareswara Reply-To: distutils-...@python.org Organization: Changeset Consulting To: pypi-annou...@python.org On behalf of the Python Packaging Authority, I am pleased to announce the release of pip 20.2. Please upgrade for speed improvements, bug fixes, and better logging. You can install it by running python -m pip install --upgrade pip. We make major releases each quarter, so this is the first new release since 20.1 in April. NOTICE: This release includes the beta of the next-generation dependency resolver. It is significantly stricter and more consistent when it receives incompatible instructions, and reduces support for certain kinds of constraints files, so some workarounds and workflows may break. Please test it with the `--use-feature=2020-resolver` flag. Please see our guide on how to test and migrate, and how to report issues <https://pip.pypa.io/en/latest/user_guide/#changes-to-the-pip-dependency-resolver-in-20-2-2020>. The new dependency resolver is *off by default* because it is *not yet ready for everyday use*. For release highlights and thank-yous, please see <https://blog.python.org/2020/07/upgrade-pip-20-2-changes-20-3.html> . The full changelog is at <https://pip.pypa.io/en/stable/news/>. Future: We plan to make pip's next quarterly release, 20.3, in October 2020. We are preparing to change the default dependency resolution behavior and make the new resolver the default in pip 20.3. -- Sumana Harihareswara project manager for pip, on contract with Python Software Foundation Changeset Consulting, https://changeset.nyc ___ pypi-announce mailing list -- pypi-annou...@python.org To unsubscribe send an email to pypi-announce-le...@python.org https://mail.python.org/mailman3/lists/pypi-announce.python.org/ ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/7XWTH5PIE3ZLQ32GM7UZQOKMIECTUBJY/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Re: Fwd: [pypi-announce] upgrade to pip 20.2 -- plus changes coming in 20.3
Good question. I've asked it in https://github.com/pypa/pip/issues/6536 because I want to check with other pip maintainers. On a separate note: the error messaging improvements in 20.2 available with the new beta resolver (such as pointing to this conflict resolution guide https://pip.pypa.io/en/latest/user_guide/#fixing-conflicting-dependencies ) are going to be very helpful to you as you and your users while debugging ResolutionImpossible errors. Enjoy! Insamuch as such a situation is enjoyable. -- Sumana Harihareswara Changeset Consulting https://changeset.nyc ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/O7UJ7JONBIQQSLUB3XDLOEBVJRPSWLZT/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Re: Fwd: [pypi-announce] upgrade to pip 20.2 -- plus changes coming in 20.3
Steve Dower asked: Do you think we should be updating the version of pip bundled with Python 3.9 at this stage (for the first RC)? Similarly, is there a need to update Python 3.8 for its next release? Answered now in https://github.com/pypa/pip/issues/6536#issuecomment-666715283 -- yes, please do do. However, you may want to wait till Tuesday or so for our bugfix release https://github.com/pypa/pip/issues/8511#issuecomment-60644 . -- Sumana Harihareswara Changeset Consulting https://changeset.nyc ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/KZZTOYWJ2PREDC537JGC3QPB4AOOQTJC/ Code of Conduct: http://python.org/psf/codeofconduct/
