|
Size: 5699
Comment: draft announcement, started from https://github.com/pypa/warehouse/issues/2935#issuecomment-371812950
|
Size: 6901
Comment: Markdown move, future features/deprecation
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| DRAFT |
|
| Line 2: | Line 4: |
| ['''This page is a draft''' and ''not to be used/publicized'' until we close out [[https://github.com/pypa/warehouse/milestone/10|the "publicize beta" milestone]]. That'll probably be by March 25, 2018.] | |
| Line 3: | Line 6: |
| The new Python Package Index (Warehouse) is currently in pre-production at http://pypi.org/ . On [[https://wiki.python.org/psf/WarehouseRoadmap|the Warehouse roadmap]], it looks like the full switch will happen sometime in April 2018, so here's a heads-up about why we're switching, what's changed, and what to expect. | The new Python Package Index is now in beta at https://pypi.org/. On [[https://wiki.python.org/psf/WarehouseRoadmap|the Warehouse roadmap]], it looks like the full switch will happen sometime in April 2018, so here's a heads-up about why we're switching, what's changed, and what to expect. To get an email when the new site replaces the old one, please sign up for [[https://mail.python.org/mm3/mailman3/lists/pypi-announce.python.org/|the low-traffic PyPI announcements email list]]. |
| Line 8: | Line 11: |
| The legacy PyPI site at https://pypi.python.org started in the early 2000s. In recent years, users faced outages, malicious packages, and spam attacks, and the legacy codebase made it hard to maintain and even harder to develop new features. | |
| Line 9: | Line 13: |
| The legacy PyPI site at https://pypi.python.org started in the early 2000s. In recent years, users faced outages, malicious packages, and spam attacks, and the legacy codebase made it hard to maintain and even harder to develop new features. | The new PyPI (Warehouse) has a far more modern look, and is up-to-date under the hood as well; a proper web framework (Pyramid), 100% backend test coverage, and a Docker-based development environment make it easier for current and new developers to maintain it and add features. |
| Line 11: | Line 15: |
| The new PyPI has a far more modern look, and is up-to-date under the hood as well; a proper web framework (Pyramid), 100% backend test coverage, and a Docker-based development environment, make it easier for current and new developers to maintain it and add features. Thanks to [[https://pyfound.blogspot.com/2017/11/the-psf-awarded-moss-grant-pypi.html|Mozilla's Open Source Support funding]], developers have added many new features, overhauled infrastructure, and made steady progress towards redirecting traffic to the new site and shutting down the old one. The full switch will include redirecting browser and pip install traffic from the old site; then, sometime in late April or early May, the legacy site will be entirely shut down. |
Thanks to [[https://pyfound.blogspot.com/2017/11/the-psf-awarded-moss-grant-pypi.html|Mozilla's Open Source Support funding]], developers have added many new features, overhauled infrastructure, and made steady progress towards redirecting traffic to the new site and shutting down the old one. The full switch will include redirecting browser and `pip install` traffic from the old site; then, sometime in late April or early May, the legacy site will be entirely shut down. |
| Line 16: | Line 18: |
Your sites, services, and tools will probably be able to seamlessly switch to the new site, and thanks to redirects, may not have to change anything immediately. We have [[https://packaging.python.org/guides/migrating-to-pypi-org/|a migration guide for package users and maintainers]] and [[https://warehouse.readthedocs.io/api-reference/integration-guide/#migrating-to-the-new-pypi|a migration guide for API users]] |
You may not need to change anything right away. Thanks to redirects, your sites, services, and tools will probably be able to seamlessly switch to the new site. We have [[https://packaging.python.org/guides/migrating-to-pypi-org/|a migration guide for package users and maintainers]] and [[https://warehouse.readthedocs.io/api-reference/integration-guide/#migrating-to-the-new-pypi|a migration guide for API users]]. If you're affected by one of the deprecations below, you should adapt and migrate by early April 2018. Sign up for [[https://mail.python.org/mm3/mailman3/lists/pypi-announce.python.org/|the low-traffic PyPI announcements email list]] to get a heads-up when we have a more precise date. |
| Line 20: | Line 21: |
| Line 26: | Line 26: |
| * [[https://dustingram.com/articles/2018/03/16/markdown-descriptions-on-pypi|support for Markdown READMEs for source distributions]] ([[https://github.com/pypa/warehouse/issues/869#issuecomment-374425355|soon]]: wheels too) | |
| Line 31: | Line 32: |
| Line 34: | Line 34: |
| Things that are going away, or already have (sometimes for policy or spam-fighting reasons), include: | Things that already have gone away (sometimes for policy or spam-fighting reasons) include: |
| Line 36: | Line 36: |
| * pythonhosted.com documentation hosting ([[https://github.com/pypa/warehouse/issues/582|pypa/warehouse#582]]) | * uploading to pythonhosted.com documentation hosting ([[https://github.com/pypa/warehouse/issues/582|we're discussing plans]]) |
| Line 38: | Line 38: |
| * GPG/PGP signatures for packages (still visible in the [[https://warehouse.readthedocs.io/api-reference/legacy/#simple-project-api|Simple Project API]] per [[https://www.python.org/dev/peps/pep-0503/|PEP 503]], but no longer visible in the web UI | |
| Line 41: | Line 40: |
| * package maintainers being able to log in and update release descriptions via the web UI (to update release metadata, they need to upload a new release; see [[https://mail.python.org/pipermail/distutils-sig/2017-December/031826.html|distutils-sig discussion]]) * [[https://mail.python.org/pipermail/distutils-sig/2018-January/031855.html|OpenID and Google auth login]] * users being able to upload a package without verifying their email address with PyPI first |
* package maintainers being able to log in and update release descriptions via the web UI (to update release metadata, they need to upload a new release; see [[https://mail.python.org/pipermail/distutils-sig/2017-December/031826.html|distutils-sig discussion]]) * [[https://status.python.org/incidents/mgjw1g5yjy5j|users being able to upload a package without verifying their email address with PyPI first]] |
| Line 46: | Line 44: |
| Things that will go away once legacy PyPI shuts down: * GPG/PGP signatures for packages (still visible in the [[https://warehouse.readthedocs.io/api-reference/legacy/#simple-project-api|Simple Project API]] per [[https://www.python.org/dev/peps/pep-0503/|PEP 503]], but no longer visible in the web UI) * [[https://mail.python.org/pipermail/distutils-sig/2018-January/031855.html|OpenID and Google auth login]] Further in the future: * deprecating the XML-RPC API and [[https://github.com/pypa/warehouse/issues?q=is%3Aopen+is%3Aissue+label%3AAPIs%2Ffeeds|rearchitecting our APIs]] |
|
| Line 47: | Line 54: |
| Line 50: | Line 56: |
| * [[https://www.python.org/dev/peps/pep-0541/|PEP 541]] will enable more timely package takeovers, as people get package names transferred to them after conflict resolution * Now that PEP 566 has been approved, [[https://github.com/pypa/warehouse/issues/869#issuecomment-340928703|developers are working to get Markdown supported for README files on PyPI]] |
* more timely package name takeovers ([[https://www.python.org/dev/peps/pep-0541/|PEP 541]]) * [[https://github.com/pypa/warehouse/issues/996|two-factor authentication]] * a [[https://github.com/pypa/warehouse/issues/3231|user support ticket system]] * [[https://github.com/pypa/warehouse/issues/1190|change your own username]] |
| Line 53: | Line 61: |
| For future updates, please sign up for [[https://mail.python.org/mm3/mailman3/lists/pypi-announce.python.org/|the low-traffic PyPI announcements email list]]. | For updates, please sign up for [[https://mail.python.org/mm3/mailman3/lists/pypi-announce.python.org/|the low-traffic PyPI announcements email list]]. |
| Line 55: | Line 63: |
| == Contact us == |
== Security == |
| Line 60: | Line 67: |
| Security issues: [[https://pypi.org/security/|email Donald Stufft or Ernest W. Durbin III]] | Security issues: [[https://pypi.org/security/|email security @ python dot org]] |
| Line 64: | Line 71: |
| IRC: [[https://webchat.freenode.net/?channels=#pypa-dev|#pypa-dev on Freenode]] (someone's usually there 10am-5pm Central Time on weekdays, or come to the [[#IRC_livechat_hours|livechat hours]]) | IRC: [[https://webchat.freenode.net/?channels=#pypa-dev|#pypa-dev on Freenode]] (someone's usually there 10am-5pm Central Time on weekdays) |
| Line 68: | Line 75: |
| (By participating, you agree to abide by the [[https://www.pypa.io/en/latest/code-of-conduct/|PyPA Code of Conduct]].) |
DRAFT
PyPI beta announcement
[This page is a draft and not to be used/publicized until we close out the "publicize beta" milestone. That'll probably be by March 25, 2018.]
The new Python Package Index is now in beta at https://pypi.org/. On the Warehouse roadmap, it looks like the full switch will happen sometime in April 2018, so here's a heads-up about why we're switching, what's changed, and what to expect. To get an email when the new site replaces the old one, please sign up for the low-traffic PyPI announcements email list.
Contents
Context
The legacy PyPI site at https://pypi.python.org started in the early 2000s. In recent years, users faced outages, malicious packages, and spam attacks, and the legacy codebase made it hard to maintain and even harder to develop new features.
The new PyPI (Warehouse) has a far more modern look, and is up-to-date under the hood as well; a proper web framework (Pyramid), 100% backend test coverage, and a Docker-based development environment make it easier for current and new developers to maintain it and add features.
Thanks to Mozilla's Open Source Support funding, developers have added many new features, overhauled infrastructure, and made steady progress towards redirecting traffic to the new site and shutting down the old one. The full switch will include redirecting browser and pip install traffic from the old site; then, sometime in late April or early May, the legacy site will be entirely shut down.
Migrating
You may not need to change anything right away. Thanks to redirects, your sites, services, and tools will probably be able to seamlessly switch to the new site. We have a migration guide for package users and maintainers and a migration guide for API users. If you're affected by one of the deprecations below, you should adapt and migrate by early April 2018. Sign up for the low-traffic PyPI announcements email list to get a heads-up when we have a more precise date.
New PyPI Features
- mobile-responsive UI
chronological release history for each project (example)
- easy-to-read project activity journal for project maintainers
- better search and filtering
support for multiple project URLs (e.g., for a homepage and a repo)
support for Markdown READMEs for source distributions (soon: wheels too)
- user-visible Gravatars and email addresses for maintainers
- no need to "register" a project before initial upload
- far better backend infrastructure, reducing the frequency of outages
Deprecations
As of the middle of last year, package releases must go through the new PyPI, and as of late February, new user account registration is only available on the new site.
Things that already have gone away (sometimes for policy or spam-fighting reasons) include:
uploading to pythonhosted.com documentation hosting (we're discussing plans)
download counts visible in the API (instead, use the Google BigQuery service)
- key management: PyPI no longer has a UI for users to manage their GPG or SSH public keys
package maintainers being able to upload a new release via the web UI (instead, the recommended command-line tool is Twine)
package maintainers being able to log in and update release descriptions via the web UI (to update release metadata, they need to upload a new release; see distutils-sig discussion)
users being able to upload a package without verifying their email address with PyPI first
Things that will go away once legacy PyPI shuts down:
GPG/PGP signatures for packages (still visible in the Simple Project API per PEP 503, but no longer visible in the web UI)
Further in the future:
deprecating the XML-RPC API and rearchitecting our APIs
Future
And in the works:
more timely package name takeovers (PEP 541)
For updates, please sign up for the low-traffic PyPI announcements email list.
Security
If you find any potential security vulnerabilities, please follow our published security policy. Please don't report security issues in Warehouse via GitHub, IRC, or mailing lists. Instead, please directly email one or more of our maintainers.
Contact us
Security issues: email security @ python dot org
GitHub for all other bug reports & feature requests:https://github.com/pypa/warehouse/issues/new
IRC: #pypa-dev on Freenode (someone's usually there 10am-5pm Central Time on weekdays)
Email: pypa-dev mailing list
(By participating, you agree to abide by the PyPA Code of Conduct.)
Thank you for using PyPI!