On Jul 17, 2013, at 8:38 PM, Vinay Sajip <vinay_sajip@yahoo.co.uk> wrote:
Donald Stufft <donald <at> stufft.io> writes:
curl https://raw.github.com/pypa/pip/master/contrib/get-pip.py | python
Well it doesn't work on Windows, which would be a reasonable objection to using that specific approach.
But for various reasons many projects have decided that expecting people to install the tools is difficult, especially for beginners and that simply documenting the command to install it was not enough.
If it's that obvious, then why did Richard spend so long writing a bootstrap script, drafting PEP 439 etc.? Do you have any numbers on the "many projects"?
I never stated it was *obvious*. To me requiring an explicit bootstrap step was always a bad idea. It's an unfriendly UX that requires people to either know ahead of time if they already have pip installed, or try to use pip, notice it fail, run the bootstrapper, and then run the command they originally wanted to run. It also places a burden on every other project in the ecosystem to document that they need to first run `python -m getpip` and then run ``pip install project``. However Richard's implementation and the PEP was not an explicit bootstrap. It was an implicit bootstrap that upon the first execution of ``pip``would fetch and install pip and setuptools. The implicit bootstrap approach was more or less decided against for fear of being too magical and users not really being aware if they have or don't have pip. So to recap: Bootstrapping over the Networking in General - Requires network access - Extra failure points - OpenSSL Age - OpenSSL Available at all? - Proxies? - SSL Intercept Devices? Explicit bootstrapping - Everything from Bootstrapping over the network - Requires users (and projects) to use/document an explicit command Implicit Bootstrapping - Everything from Bootstrapping over the network - Users unsure if pip is installed or not (or at what point it will install) - "Magical" Bootstrap at Python Install Time - Everything from Bootstrapping over the network - Users possibly unaware that installer reaches the network - Some users tend to not be fans of installers "Phoning Home" - Privacy implications? Pre-Installation at Release Creation Time - Users might possibly have an older version of pip - ??? The older version of pip is just about the only real downside *for the users* of Python/pip that I can think of. This is already the case for most people using the pip provided by their Linux distribution and it's simple to upgrade the pip if the user requires a newer version of pip using ``pip install --upgrade pip``. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA