[Pythonmac-SIG] Upgrade to pip 9.0.3 (due to TLS deprecation)

Matthew Brett matthew.brett at gmail.com
Fri Apr 6 13:45:35 EDT 2018 

Hi,

On Fri, Apr 6, 2018 at 6:06 PM, Chris Jerdonek <chris.jerdonek at gmail.com> wrote:
>
> On Fri, Apr 6, 2018 at 6:25 AM Matthew Brett <matthew.brett at gmail.com>
> wrote:
>>
>> Hi,
>>
>> On Mon, Apr 2, 2018 at 9:36 PM, Sumana Harihareswara <sh at changeset.nyc>
>> wrote:
>> > Mac users:
>> >
>> > If you are running macOS/OS X version 10.12 or older, you need to
>> > upgrade to the latest pip (9.0.3) to connect to the Python Package Index
>> > securely:
>> >
>> >     curl https://bootstrap.pypa.io/get-pip.py | python
>> >
>> > Pip 9.0.3 supports TLSv1.2 when running under system Python on macOS <
>> > 10.13. Official release notes: https://pip.pypa.io/en/stable/news/
>>
>> I wanted to check with you, whether these changes are responsible for
>> pip breaking for me in a extremely confusing way.
>>
>> What I observed was that pip was silently failing to find any packages
>> on pypi, with no informative error.
>>
>> This was extremely confusing, because when I tried to do an upgrade, e.g.:
>>
>> $ pip install -U matplotlib
>>
>> it told me everything is up to date, when this isn't correct.  There
>> is no other message to warn me what is going on.
>
>
> Can you paste the input / output that you saw or are seeing — what you are
> calling “breaking for me in a extremely confusing way”? On the GitHub issue
> thread in which this was discussed, the understanding is that people *would*
> see errors that would lead them in the right direction (e.g. SSL errors).
> What you’re saying seems to conflict with that.

During the current brownout period, with the default use of pip, you
get no error at all when you attempt to upgrade a package - it just
says you're up to date - this (below) is the full output:

$ python -m pip install -U pip
Requirement already up-to-date: pip in
/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages
You are using pip version 9.0.1, however version 9.0.3 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

Of course, it's very easy to miss that you don't have the latest
version of the package in this case - everything looks like it worked
correctly.

If you try and install a package, it just says it can't find it, but not why:

$ pip3.5 install transforms3d
Collecting transforms3d
  Could not find a version that satisfies the requirement transforms3d
(from versions: )
No matching distribution found for transforms3d
You are using pip version 9.0.1, however version 9.0.3 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

You do get an informative message if you use the -v flag, but I rarely
do that myself, and it's not the default.

Just to give you an index of the problem, I got pretty confused myself
when I asked pip to upgrade a package, it said it was already up to
date, and I found I didn't have what I knew to be the right version,
and I'm a very experienced pip user, who is also on various mailing
lists where this was flagged.

Cheers,

Matthew

More information about the Pythonmac-SIG mailing list