[Python-Dev] PEP 453 Round 4 - Explicit bootstrapping of pip in Python installations
Donald Stufft
donald at stufft.io
Thu Sep 19 15:52:01 CEST 2013
On Sep 19, 2013, at 9:43 AM, Paul Moore <p.f.moore at gmail.com> wrote:
> On 19 September 2013 14:27, Donald Stufft <donald at stufft.io> wrote:
>> Major changes:
>>
>> * Removal of the option to fetch pip from PyPI in order not to modify the trust model of the Python installers
>> * Consequently rename the model from ``getpip`` to ``extractpip``
>
> If extractpip (I agree, I don't like the name, installpip is better)
> only ever unpacks the bundled pip, and it's always run, why bother?
> Why not just bundle pip directly into site-packages? The extra step
> seems to add little or no value.
>
> Paul
Well it's not always run (the PEP has it as an option in the
installers that is checked by default) but even if it were always
installed:
- Nick has stated something about making it clear in the OSs
installer DB which files are owned by Python and which are
owned by pip
- Upgrading becomes harder, instead of simply using pip's own
mechanism the installer needs to take care not to clobber a user
installed pip that is even newer than the bundled version.
- "Fixing" a broken environment. If someone accidentally uninstalls
pip this provides a simple way to reinstall it that doesn't require
the old standby of getpip.py
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/python-dev/attachments/20130919/b8d08673/attachment.sig>
More information about the Python-Dev
mailing list