Pip 10 has been released(blog.python.org)
blog.python.org
Pip 10 has been released
https://blog.python.org/2018/04/pip-10-has-been-released.html
27 comments
I don't see much reason to use pip over pipenv. Pipenv calls pip internally, but it handles much more use cases.
I hope not. Pipenv seems like a good idea but I can't stand the interface. It seems that whenever a Mac user tries to implement a CLI tool they can't help but print verbose output by default, in various colours and with emojis scattered throughout. Pip itself has just enough output, I don't need to see every single thing the program does in different colours, just shut up and do what you're told.
Pipenv adds extra baggage and is more complex to use for simple projects. I really like Pip's dead simple interface and that it won't break due to a joke:
https://github.com/pypa/pipenv/pull/783
https://github.com/pypa/pipenv/pull/783
The tl;dr:
* pip is the tool for installing packages
* pipenv is the tool for managing an environment in which you develop a package (and wraps pip and virtualenv to make that convenient)
* twine is the tool for uploading packages to the Python Package Index
* pip is the tool for installing packages
* pipenv is the tool for managing an environment in which you develop a package (and wraps pip and virtualenv to make that convenient)
* twine is the tool for uploading packages to the Python Package Index
pip, pipenv, pipfile, pipfile.lock, twine, project.toml, setup.py, setup.cfg, setuptools, requirements.txt... I'd prefer a proper package manager.
So build one. If it's good, people will use it!
Luckily I don't have to! I rather contribute to this, which looks promising:
https://github.com/sdispater/poetry
https://github.com/sdispater/poetry
Oh man I did not know this existed I am completely aligned with this.
Easily this is what I love About the python community is that so many awesome folks just step up and do something when they seen deficiencies vs waiting for someone else to get around to it (lookin at you Swift)
I myself am prototyping a tool chain that will compile python to static C code and then compile that (with the interpreter embedded) into a binary that can be easily distributed.
Nothing on GitHub yet but it’s what I hope one day soon will fix the distribution story once and for all!
Easily this is what I love About the python community is that so many awesome folks just step up and do something when they seen deficiencies vs waiting for someone else to get around to it (lookin at you Swift)
I myself am prototyping a tool chain that will compile python to static C code and then compile that (with the interpreter embedded) into a binary that can be easily distributed.
Nothing on GitHub yet but it’s what I hope one day soon will fix the distribution story once and for all!
I'd love to see something like what you're describing, but why C? How about Rust or something similar, closer to Python's paradigms?
They're complementary (I'd say) :)
Presumably it still supports Python 2.7, so this isn't actually the end of Python 2 support.
Python 2.6 was 2% of pip downloads and apparently this was the rationale for dropping its support: https://github.com/pypa/pip/pull/4343 . This led to some Python libraries to also drop 2.6, as shown by library commits referencing this pull request.
RHEL/CentOS 6 stock python is 2.6, IIRC.
RHEL/CentOS has a reputation of keeping up zombie software that is long unsupported by upstream. It's their model and their problem, rest of community shouldn't IMHO care. Hardly any projects have resources to keep compatibility with their ten-years-old releases and backport every fix.
I doubt anybody running it is interested in upgrading their pip.
You would be surprised at the requests I get from people running CentOS 6.
Is there any reason those people can't leave their system python to the system, and otherwise bring their own?
They don’t know how.
But anaconda python will work nicely on centos 6 I suspect.
But anaconda python will work nicely on centos 6 I suspect.
Quite nice. And likely faster and more secure. Do an independent check for yourself. Look at the compile flags. Along with what’s statically linked, vs what conda manages as dynamically linked. Also don’t miss what all the pip-installed wheels are statically linking.
Correct. https://pypi.python.org/pypi/pip/10.0.0 lists "Programming Language :: Python :: 2.7".
2.6 was released on 01-Oct-2008 and the last security-fix release was on October 29, 2013.
Humorously, https://www.python.org/download/releases/2.6/ says "Python 2.6 has been replaced by a newer bugfix release of Python. Please download Python 2.6.7 instead."
Following the link to 2.6.7 says "Python 2.6.7 has been replaced by a newer security-fix only source release of Python. Please download Python 2.6.8 instead."
Following the link to 2.6.8 says "Please download Python 2.6.9 instead." Which finally took me to the final release of the 2.6 series.
2.6 was released on 01-Oct-2008 and the last security-fix release was on October 29, 2013.
Humorously, https://www.python.org/download/releases/2.6/ says "Python 2.6 has been replaced by a newer bugfix release of Python. Please download Python 2.6.7 instead."
Following the link to 2.6.7 says "Python 2.6.7 has been replaced by a newer security-fix only source release of Python. Please download Python 2.6.8 instead."
Following the link to 2.6.8 says "Please download Python 2.6.9 instead." Which finally took me to the final release of the 2.6 series.
The reason it links you to 2.6.6 instead of 2.6.9 is because 2.6.6 is the newest version that has binaries available for download. You have to compile the newer versions from source if you want to use them.
It never linked me to 2.6.6. It went to 2.6.7.
2.6.6 isn't mentioned at https://www.python.org/download/releases/2.6/ nor in my earlier comment.
2.6.6 isn't mentioned at https://www.python.org/download/releases/2.6/ nor in my earlier comment.
right in the middle of pip-conda-deb / py27-py35-py36 conflicts here.. I was startled to see a pip 9.0.3 msg "urllib3- download is not secure, get the newest version of python"
first thanks very much for all the work in the ecosystem.. not kidding. huge respect to the SciPy stack .. and others coming up now..
second, is this pip 9 msg really a veiled coercian to use Python 3x !?! really? using security cert FUD .. I really hope this is not the right interpretation of the msgs I saw on an ubuntu server yesterday.. It is a breach of trust, and so wrong on so many levels.. DO not become what you despise.
first thanks very much for all the work in the ecosystem.. not kidding. huge respect to the SciPy stack .. and others coming up now..
second, is this pip 9 msg really a veiled coercian to use Python 3x !?! really? using security cert FUD .. I really hope this is not the right interpretation of the msgs I saw on an ubuntu server yesterday.. It is a breach of trust, and so wrong on so many levels.. DO not become what you despise.
PyPI has started requiring modern, secure TLS (TLS 1.2) to download stuff. You don't need Python 3, but you do need a more recent Python or at least one compiled against a more recent libssl. Which one are you running and do you have the exact error message?
The package index recently dropped TLS1.0/1.1 support; in some cases, like old not-upgraded Ubuntu 12 servers, OpenSSL had to be upgraded for pip to work. Maybe that's the issue you encountered?
https://github.com/pypa/warehouse/issues/3411
https://github.com/pypa/warehouse/issues/3411
There does not seem to be any evidence that this is even remotely the case.
On another note: I thought Pipenv was going to supplant pip? https://packaging.python.org/tutorials/managing-dependencies... It felt like they were gearing up for it to be that way anyways