Differences between revisions 1 and 22 (spanning 21 versions)
Revision 1 as of 2018-03-14 02:41:55
Size: 5699
Comment: draft announcement, started from https://github.com/pypa/warehouse/issues/2935#issuecomment-371812950
Revision 22 as of 2018-03-22 19:31:36
Size: 10730
Comment: wording changes per Ernest
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
DRAFT
Line 2: Line 4:
['''This page is a draft''' and ''not to be used/publicized'' until we close out [[https://github.com/pypa/warehouse/milestone/10|the "publicize beta" milestone]]. That'll probably be by March 25, 2018.]
Line 3: Line 6:
The new Python Package Index (Warehouse) is currently in pre-production at http://pypi.org/ . On [[https://wiki.python.org/psf/WarehouseRoadmap|the Warehouse roadmap]], it looks like the full switch will happen sometime in April 2018, so here's a heads-up about why we're switching, what's changed, and what to expect. The new Python Package Index is now in beta at https://pypi.org/. We predict the full switch will happen in April 2018 ([[https://wiki.python.org/psf/WarehouseRoadmap|roadmap]]), so here's a heads-up about why we're switching, what's changed, and what to expect. To get an email when the new site replaces the old one, please sign up for [[https://mail.python.org/mm3/mailman3/lists/pypi-announce.python.org/|the low-traffic PyPI announcements email list]].
Line 8: Line 11:
[[https://pypi.python.org|The legacy PyPI site https://pypi.python.org]] started in the early 2000s, before modern web frameworks. The legacy codebase has made it hard to maintain and even harder to develop new features, and past maintainers put in tremendous effort to continuously reduce outages.
Line 9: Line 13:
The legacy PyPI site at https://pypi.python.org started in the early 2000s. In recent years, users faced outages, malicious packages, and spam attacks, and the legacy codebase made it hard to maintain and even harder to develop new features. [[http://pypi.org/|The new PyPI http://pypi.org/]] (codebase: [[http://warehouse.readthedocs.io/|Warehouse]]) looks more modern, and is up-to-date under the hood too. A modern web framework (Pyramid), 100% backend test coverage, and a Docker-based development environment make it easier for current and new developers to maintain and run it and add features.
Line 11: Line 15:
The new PyPI has a far more modern look, and is up-to-date under the hood as well; a proper web framework (Pyramid), 100% backend test coverage, and a Docker-based development environment, make it easier for current and new developers to maintain it and add features.

Thanks to [[https://pyfound.blogspot.com/2017/11/the-psf-awarded-moss-grant-pypi.html|Mozilla's Open Source Support funding]], developers have added many new features, overhauled infrastructure, and made steady progress towards redirecting traffic to the new site and shutting down the old one. The full switch will include redirecting browser and pip install traffic from the old site; then, sometime in late April or early May, the legacy site will be entirely shut down.
Thanks to [[https://pyfound.blogspot.com/2017/11/the-psf-awarded-moss-grant-pypi.html|Mozilla's Open Source Support funding]], we have designed and added new features, overhauled infrastructure, and worked towards redirecting traffic to the new site and shutting down the old one. The full switch will include redirecting browser and `pip install` traffic from the old site; then, sometime in late April or early May, the legacy site will be entirely shut down.
Line 16: Line 18:
'''You may not need to change anything right away.''' Thanks to redirects, your sites, services, and tools will probably be able to seamlessly switch to the new site.
Line 17: Line 20:
Your sites, services, and tools will probably be able to seamlessly switch to the new site, and thanks to redirects, may not have to change anything immediately. We have [[https://packaging.python.org/guides/migrating-to-pypi-org/|a migration guide for package users and maintainers]] and [[https://warehouse.readthedocs.io/api-reference/integration-guide/#migrating-to-the-new-pypi|a migration guide for API users]] '''Users''': On Windows and Linux: no change necessary as long as your version of OpenSSL supports TLSv1.2. `pip install`s should work as normal.

macOS/OS X users running version 10.12 or older need to upgrade to [[https://pypi.org/project/pip/9.0.3/|the latest pip (9.0.3)]] to connect to PyPI securely.

{{{
curl https://bootstrap.pypa.io/get-pip.py | python
}}}
'''Package maintainers''': If you use `setup.py upload` to [[https://packaging.python.org/tutorials/distributing-packages/#uploading-your-project-to-pypi|upload releases]], we recommend you switch to [[https://pypi.org/project/twine/|Twine]]. New PyPI takes the same username/password as legacy PyPI did. If you have problems, follow [[https://packaging.python.org/guides/migrating-to-pypi-org/|the packagers' migration guide]].

'''API users''': follow [[https://warehouse.readthedocs.io/api-reference/integration-guide/#migrating-to-the-new-pypi|the API users' migration guide]].

If you're affected by a deprecation (below), you should adapt and migrate by early April 2018. For help, come to [[#IRC.2FTwitter_livechat_hours|a livechat]] or [[#Contact_us|contact us]]. Sign up for [[https://mail.python.org/mm3/mailman3/lists/pypi-announce.python.org/|the low-traffic PyPI announcements email list]] to get a heads-up when we have a more precise date.
Line 20: Line 34:
Line 26: Line 39:
 * [[https://dustingram.com/articles/2018/03/16/markdown-descriptions-on-pypi|support for Markdown READMEs for source distributions]] ([[https://github.com/pypa/warehouse/issues/869#issuecomment-374425355|soon]]: wheels too)
Line 28: Line 42:
 * far better backend infrastructure, reducing the frequency of outages  * better accessibility ([[https://github.com/pypa/warehouse/labels/accessibility|and more work to come]])
 * newer backend infrastructure, supporting new features and a more scalable PyPI
Line 31: Line 46:
Things that already have gone away (sometimes for policy or spam-fighting reasons) include:
Line 32: Line 48:
As of the middle of last year, [[https://mail.python.org/pipermail/distutils-sig/2017-July/030849.html|package releases must go through the new PyPI]], and as of late February, [[https://status.python.org/incidents/mgjw1g5yjy5j|new user account registration is only available on the new site]].

Things that are going away, or already have (sometimes for policy or spam-fighting reasons), include:

* pythonhosted.com documentation hosting ([[https://github.com/pypa/warehouse/issues/582|pypa/warehouse#582]])
 * [[https://warehouse.readthedocs.io/api-reference/xml-rpc/#changes-to-legacy-api|download counts visible in the API]] (instead, use [[https://packaging.python.org/guides/analyzing-pypi-package-downloads/|the Google BigQuery service]])
 * GPG/PGP signatures for packages (still visible in the [[https://warehouse.readthedocs.io/api-reference/legacy/#simple-project-api|Simple Project API]] per [[https://www.python.org/dev/peps/pep-0503/|PEP 503]], but no longer visible in the web UI
 * key management: PyPI no longer has a UI for users to manage their GPG
or SSH public keys
 * package maintainers being able to upload a new release via the web UI (instead, the recommended command-line tool is [[http://twine.readthedocs.io/|Twine]])
 * package maintainers being able to log in and update release descriptions via the web UI (to update release metadata, they need to upload a new release; see [[https://mail.python.org/pipermail/distutils-sig/2017-December/031826.html|distutils-sig discussion]])
 * [[https://mail.python.org/pipermail/distutils-sig/2018-January/031855.html|OpenID and Google auth login]]
 * users being able to upload
a package without verifying their email address with PyPI first
 * uploading via pypi.python.org: [[https://mail.python.org/pipermail/distutils-sig/2017-July/030849.html|uploads must go through the new site's API]]
 * creating a user account on pypi.python.org:
[[https://status.python.org/incidents/mgjw1g5yjy5j|new user account registration now only on pypi.org]]
 * uploading to pythonhosted.com documentation hosting ([[https://github.com/pypa/warehouse/issues/582|discussion and plans]])
 * [[https://warehouse.readthedocs.io/api-reference/xml-rpc/#changes-to-legacy-api|download counts visible in the API]]: instead, use [[https://packaging.python.org/guides/analyzing-pypi-package-downloads/|the Google BigQuery service]])
 * key management: PyPI no longer has a UI for users to manage GPG or SSH public keys
 * uploading new releases via the web UI: instead, we recommend the command-line tool [[http://twine.readthedocs.io/|Twine]]
 * updating release descriptions via the web UI: instead, to update release metadata, you need to upload a new release ([[https://mail.python.org/pipermail/distutils-sig/2017-December/031826.html|discussion]])
 * [[https://status.python.org/incidents/mgjw1g5yjy5j|uploading a package without first verifying an email address]]
Line 46: Line 58:
== Future == Things that will go away once legacy PyPI shuts down:
Line 48: Line 60:
And in the works:  * GPG/PGP signatures for packages (still visible in the [[https://warehouse.readthedocs.io/api-reference/legacy/#simple-project-api|Simple Project API]] per [[https://www.python.org/dev/peps/pep-0503/|PEP 503]], but no longer visible in the web UI)
 * [[https://mail.python.org/pipermail/distutils-sig/2018-January/031855.html|OpenID and Google auth login]]
Line 50: Line 63:
 * [[https://www.python.org/dev/peps/pep-0541/|PEP 541]] will enable more timely package takeovers, as people get package names transferred to them after conflict resolution
 * Now that PEP 566 has been approved, [[https://github.com/pypa/warehouse/issues/869#issuecomment-340928703|developers are working to get Markdown supported for README files on PyPI]]
Late 2018 or later:
Line 53: Line 65:
For future updates, please sign up for [[https://mail.python.org/mm3/mailman3/lists/pypi-announce.python.org/|the low-traffic PyPI announcements email list]].  * deprecating the XML-RPC API and [[https://github.com/pypa/warehouse/issues?q=is:open+is:issue+label:APIs/feeds|rearchitecting our APIs]]

== Future plans ==
See [[https://github.com/pypa/warehouse/issues|our issue tracker]]. Includes:

 * more timely package name takeovers ([[https://www.python.org/dev/peps/pep-0541/|PEP 541]])
 * [[https://github.com/pypa/warehouse/issues/996|two-factor authentication]]
 * a [[https://github.com/pypa/warehouse/issues/3231|user support ticket system]]
 * [[https://github.com/pypa/warehouse/issues/1190|change your own username]]

For updates, please sign up for [[https://mail.python.org/mm3/mailman3/lists/pypi-announce.python.org/|the low-traffic PyPI announcements email list]].

== Security ==
If you find any potential security vulnerabilities, please [[https://pypi.org/security/|follow our published security policy]]. Please don't report security issues in Warehouse via !GitHub, IRC, or mailing lists. Instead, please directly email the security team.

== Please test! ==
The point of the beta is to find and fix bugs. Please help us. Most of these workflows you can test [[http://pypi.org/|on pypi.org]], using the same login as you use on [[http://pypi.python.org|pypi.python.org]] (legacy PyPI). For testing destructive actions, like removing an owner, deleting a project, or deleting a release, please use [[https://test.pypi.org/|test.pypi.org]].

=== Workflows ===
'''Package users''':

 * Register/confirm a new user
 * Login/logout
 * Reset password
 * Search for projects
 * [[https://packaging.python.org/tutorials/installing-packages/#installing-from-other-indexes|`pip install` a package]]
 * Download release files via browser
 * Call JSON, RSS, Simple, and XML-RPC APIs

'''Project maintainers''':

 * Add/remove a maintainer
 * Add/remove an owner
 * Transition ownership
 * Remove a project
 * Remove a release
 * View journals for a project
 * View journals for a release
 * [[https://packaging.python.org/tutorials/distributing-packages/|Upload a new release]] (source distribution and wheel; [[https://packaging.python.org/guides/migrating-to-pypi-org/|upgrade your versions of twine and setuptools]] first)
 * Confirm display of project description, release history, download files, project links, maintainers, tags, and classifiers ([[https://test.pypi.org/project/1234_hello_world/|example]])

== IRC/Twitter livechat hours ==
Warehouse developers will be in IRC, in [[https://webchat.freenode.net/?channels=#pypa-dev|#pypa-dev on Freenode]], and on Twitter ([[https://twitter.com/search?f=tweets&q=#newpypi&src=typd|#newpypi]]), available to talk about problems you run into, or about how to hack on Warehouse:

 1. Tuesday, March 27th, [[https://www.timeanddate.com/worldclock/fixedtime.html?msg=Warehouse/PyPI+beta+chat&iso=20180327T16&p1=:&ah=1|9am-noon PDT, noon-1pm EDT, 18:00-19:00 CEST, 9:30pm-10:30pm India, 16:00-17:00 UTC]]
 1. Friday, March 30th, [[https://www.timeanddate.com/worldclock/fixedtime.html?msg=Warehouse/PyPI+beta+live+chat&iso=20180330T14&p1=1440&ah=1|10-11am EDT, 16:00-17:00 CEST, 7:30pm-8:30pm India, 14:00-15:00 UTC]]
 1. Tuesday, April 3rd, [[https://www.timeanddate.com/worldclock/fixedtime.html?msg=Warehouse/PyPI+beta+livechat&iso=20180403T10&p1=24&ah=1|8am-9am PDT, 11am-noon EDT, 17:00-18:00 CEST, 8:30pm-9:30pm India, 15:00-16:00 UTC]]
 1. Thursday, April 5th, [[https://www.timeanddate.com/worldclock/fixedtime.html?p1=24&iso=20180405T19&msg=Warehouse/PyPI%20beta%20livechat&ah=1&low=4|5pm-6pm PDT, 8pm-9pm EDT, (April 5th) 8am-9am Manila, (April 5th) 10am-11am Melbourne, (April 5th) 0:00-1:00 UTC]]

Feel free to drop in! (By participating, you agree to abide by the [[https://www.pypa.io/en/latest/code-of-conduct/|PyPA Code of Conduct]].)
Line 56: Line 117:

If you find any potential security vulnerabilities, please [[https://pypi.org/security/|follow our published security policy]]. Please don't report security issues in Warehouse via !GitHub, IRC, or mailing lists. Instead, please directly email one or more of our maintainers.

== Contact us ==
Security issues: [[https://pypi.org/security/|email Donald Stufft or Ernest W. Durbin III]]
Security issues: [[https://pypi.org/security/|email security @ python dot org]]
Line 64: Line 121:
IRC: [[https://webchat.freenode.net/?channels=#pypa-dev|#pypa-dev on Freenode]] (someone's usually there 10am-5pm Central Time on weekdays, or come to the [[#IRC_livechat_hours|livechat hours]]) IRC: [[https://webchat.freenode.net/?channels=#pypa-dev|#pypa-dev on Freenode]] (someone's usually there 10am-5pm Central Time on weekdays, or during [[#IRC.2FTwitter_livechat_hours|a livechat]])
Line 68: Line 125:
(By participating, you agree to abide by the [[https://www.pypa.io/en/latest/code-of-conduct/|PyPA Code of Conduct]].)
Line 69: Line 128:

{{https://pypi.org/static/images/logo-large.svg}}

DRAFT

PyPI beta announcement

[This page is a draft and not to be used/publicized until we close out the "publicize beta" milestone. That'll probably be by March 25, 2018.]

The new Python Package Index is now in beta at https://pypi.org/. We predict the full switch will happen in April 2018 (roadmap), so here's a heads-up about why we're switching, what's changed, and what to expect. To get an email when the new site replaces the old one, please sign up for the low-traffic PyPI announcements email list.

Context

The legacy PyPI site https://pypi.python.org started in the early 2000s, before modern web frameworks. The legacy codebase has made it hard to maintain and even harder to develop new features, and past maintainers put in tremendous effort to continuously reduce outages.

The new PyPI http://pypi.org/ (codebase: Warehouse) looks more modern, and is up-to-date under the hood too. A modern web framework (Pyramid), 100% backend test coverage, and a Docker-based development environment make it easier for current and new developers to maintain and run it and add features.

Thanks to Mozilla's Open Source Support funding, we have designed and added new features, overhauled infrastructure, and worked towards redirecting traffic to the new site and shutting down the old one. The full switch will include redirecting browser and pip install traffic from the old site; then, sometime in late April or early May, the legacy site will be entirely shut down.

Migrating

You may not need to change anything right away. Thanks to redirects, your sites, services, and tools will probably be able to seamlessly switch to the new site.

Users: On Windows and Linux: no change necessary as long as your version of OpenSSL supports TLSv1.2. pip installs should work as normal.

macOS/OS X users running version 10.12 or older need to upgrade to the latest pip (9.0.3) to connect to PyPI securely.

curl https://bootstrap.pypa.io/get-pip.py | python

Package maintainers: If you use setup.py upload to upload releases, we recommend you switch to Twine. New PyPI takes the same username/password as legacy PyPI did. If you have problems, follow the packagers' migration guide.

API users: follow the API users' migration guide.

If you're affected by a deprecation (below), you should adapt and migrate by early April 2018. For help, come to a livechat or contact us. Sign up for the low-traffic PyPI announcements email list to get a heads-up when we have a more precise date.

New PyPI Features

Deprecations

Things that already have gone away (sometimes for policy or spam-fighting reasons) include:

Things that will go away once legacy PyPI shuts down:

Late 2018 or later:

Future plans

See our issue tracker. Includes:

For updates, please sign up for the low-traffic PyPI announcements email list.

Security

If you find any potential security vulnerabilities, please follow our published security policy. Please don't report security issues in Warehouse via GitHub, IRC, or mailing lists. Instead, please directly email the security team.

Please test!

The point of the beta is to find and fix bugs. Please help us. Most of these workflows you can test on pypi.org, using the same login as you use on pypi.python.org (legacy PyPI). For testing destructive actions, like removing an owner, deleting a project, or deleting a release, please use test.pypi.org.

Workflows

Package users:

  • Register/confirm a new user
  • Login/logout
  • Reset password
  • Search for projects
  • `pip install` a package

  • Download release files via browser
  • Call JSON, RSS, Simple, and XML-RPC APIs

Project maintainers:

  • Add/remove a maintainer
  • Add/remove an owner
  • Transition ownership
  • Remove a project
  • Remove a release
  • View journals for a project
  • View journals for a release
  • Upload a new release (source distribution and wheel; upgrade your versions of twine and setuptools first)

  • Confirm display of project description, release history, download files, project links, maintainers, tags, and classifiers (example)

IRC/Twitter livechat hours

Warehouse developers will be in IRC, in #pypa-dev on Freenode, and on Twitter (#newpypi), available to talk about problems you run into, or about how to hack on Warehouse:

  1. Tuesday, March 27th, 9am-noon PDT, noon-1pm EDT, 18:00-19:00 CEST, 9:30pm-10:30pm India, 16:00-17:00 UTC

  2. Friday, March 30th, 10-11am EDT, 16:00-17:00 CEST, 7:30pm-8:30pm India, 14:00-15:00 UTC

  3. Tuesday, April 3rd, 8am-9am PDT, 11am-noon EDT, 17:00-18:00 CEST, 8:30pm-9:30pm India, 15:00-16:00 UTC

  4. Thursday, April 5th, 5pm-6pm PDT, 8pm-9pm EDT, (April 5th) 8am-9am Manila, (April 5th) 10am-11am Melbourne, (April 5th) 0:00-1:00 UTC

Feel free to drop in! (By participating, you agree to abide by the PyPA Code of Conduct.)

Contact us

Security issues: email security @ python dot org

GitHub for all other bug reports & feature requests:https://github.com/pypa/warehouse/issues/new

IRC: #pypa-dev on Freenode (someone's usually there 10am-5pm Central Time on weekdays, or during a livechat)

Email: pypa-dev mailing list

(By participating, you agree to abide by the PyPA Code of Conduct.)

Thank you for using PyPI!

https://pypi.org/static/images/logo-large.svg

PackagingWG/PyPIBetaAnnouncement (last edited 2018-03-26 16:13:31 by SumanaHarihareswara)

Unable to view page? See the FrontPage for instructions.