|
Size: 7248
Comment: break up Migrating section and be more explicit.
|
Size: 8613
Comment: testing suggestions
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 13: | Line 13: |
| [[http://pypi.org/|The new PyPI http://pypi.org/]] (codebase: [[http://warehouse.readthedocs.io/|Warehouse]]) has a far more modern look, and is up-to-date under the hood too; a proper web framework (Pyramid), 100% backend test coverage, and a Docker-based development environment make it easier for current and new developers to maintain it and add features. | [[http://pypi.org/|The new PyPI http://pypi.org/]] (codebase: [[http://warehouse.readthedocs.io/|Warehouse]]) looks more modern, and is up-to-date under the hood too; a proper web framework (Pyramid), 100% backend test coverage, and a Docker-based development environment make it easier for current and new developers to maintain it and add features. |
| Line 15: | Line 15: |
| Thanks to [[https://pyfound.blogspot.com/2017/11/the-psf-awarded-moss-grant-pypi.html|Mozilla's Open Source Support funding]], developers have added many new features, overhauled infrastructure, and worked towards redirecting traffic to the new site and shutting down the old one. The full switch will include redirecting browser and `pip install` traffic from the old site; then, sometime in late April or early May, the legacy site will be entirely shut down. | Thanks to [[https://pyfound.blogspot.com/2017/11/the-psf-awarded-moss-grant-pypi.html|Mozilla's Open Source Support funding]], we have designed and added new features, overhauled infrastructure, and worked towards redirecting traffic to the new site and shutting down the old one. The full switch will include redirecting browser and `pip install` traffic from the old site; then, sometime in late April or early May, the legacy site will be entirely shut down. |
| Line 42: | Line 42: |
| * uploading via pypi.python.org (July 2017: [[https://mail.python.org/pipermail/distutils-sig/2017-July/030849.html|uploads must go through the new site's API]]) * creating a user account on pypi.python.org (February 2018: [[https://status.python.org/incidents/mgjw1g5yjy5j|new user account registration now only on pypi.org]]) * uploading to pythonhosted.com documentation hosting ([[https://github.com/pypa/warehouse/issues/582|we're discussing plans]]) * [[https://warehouse.readthedocs.io/api-reference/xml-rpc/#changes-to-legacy-api|download counts visible in the API]] (instead, use [[https://packaging.python.org/guides/analyzing-pypi-package-downloads/|the Google BigQuery service]]) * key management: PyPI no longer has a UI for users to manage their GPG or SSH public keys * uploading new releases via the web UI (instead, the recommended command-line tool is [[http://twine.readthedocs.io/|Twine]]) * updating release descriptions via the web UI (to update release metadata, you need to upload a new release; see [[https://mail.python.org/pipermail/distutils-sig/2017-December/031826.html|distutils-sig discussion]]) * [[https://status.python.org/incidents/mgjw1g5yjy5j|users being able to upload a package without verifying their email address with PyPI first]] |
* uploading via pypi.python.org: [[https://mail.python.org/pipermail/distutils-sig/2017-July/030849.html|uploads must go through the new site's API]] * creating a user account on pypi.python.org: [[https://status.python.org/incidents/mgjw1g5yjy5j|new user account registration now only on pypi.org]] * uploading to pythonhosted.com documentation hosting ([[https://github.com/pypa/warehouse/issues/582|discussion and plans]]) * [[https://warehouse.readthedocs.io/api-reference/xml-rpc/#changes-to-legacy-api|download counts visible in the API]]: instead, use [[https://packaging.python.org/guides/analyzing-pypi-package-downloads/|the Google BigQuery service]]) * key management: PyPI no longer has a UI for users to manage GPG or SSH public keys * uploading new releases via the web UI: instead, we recommend the command-line tool [[http://twine.readthedocs.io/|Twine]] * updating release descriptions via the web UI: instead, to update release metadata, you need to upload a new release ([[https://mail.python.org/pipermail/distutils-sig/2017-December/031826.html|discussion]]) * [[https://status.python.org/incidents/mgjw1g5yjy5j|uploading a package without first verifying an email address]] |
| Line 57: | Line 57: |
| Further in the future: | Late 2018 or later: |
| Line 59: | Line 59: |
| * deprecating the XML-RPC API and [[https://github.com/pypa/warehouse/issues?q=is%3Aopen+is%3Aissue+label%3AAPIs%2Ffeeds|rearchitecting our APIs]] | * deprecating the XML-RPC API and [[https://github.com/pypa/warehouse/issues?q=is:open+is:issue+label:APIs/feeds|rearchitecting our APIs]] |
| Line 61: | Line 61: |
| == Future == | == Future plans == See [[https://github.com/pypa/warehouse/issues|our issue tracker]]. Includes: |
| Line 71: | Line 72: |
| If you find any potential security vulnerabilities, please [[https://pypi.org/security/|follow our published security policy]]. Please don't report security issues in Warehouse via !GitHub, IRC, or mailing lists. Instead, please directly email one or more of our maintainers. | If you find any potential security vulnerabilities, please [[https://pypi.org/security/|follow our published security policy]]. Please don't report security issues in Warehouse via !GitHub, IRC, or mailing lists. Instead, please directly email the security team. == Please test! == The point of the beta is to find and fix bugs. Please help us. Most of these workflows you can test [[http://pypi.org/|on pypi.org]], using the same login as you use on [[http://pypi.python.org|pypi.python.org]] (legacy PyPI). For testing destructive actions, like removing an owner, deleting a project, or deleting a release, please use [[https://test.pypi.org/|test.pypi.org]]. === Workflows === '''Package users''': * Register/confirm a new user * Login/logout * Reset password * Search for projects * [[https://packaging.python.org/tutorials/installing-packages/#installing-from-other-indexes|`pip install` a package]] * Download release files via browser * Call JSON, RSS, Simple, and XML-RPC APIs '''Project maintainers''': * Add/remove a maintainer * Add/remove an owner * Transition ownership * Remove a project * Remove a release * View journals for a project * View journals for a release * [[https://packaging.python.org/tutorials/distributing-packages/|Upload a new release]] (source distribution and wheel; [[https://packaging.python.org/guides/migrating-to-pypi-org/|upgrade your versions of twine and setuptools]] first) * Confirm display of project description, release history, download files, project links, maintainers, tags, and classifiers ([[https://test.pypi.org/project/1234_hello_world/|example]]) |
DRAFT
PyPI beta announcement
[This page is a draft and not to be used/publicized until we close out the "publicize beta" milestone. That'll probably be by March 25, 2018.]
The new Python Package Index is now in beta at https://pypi.org/. We predict the full switch will happen in April 2018 (roadmap), so here's a heads-up about why we're switching, what's changed, and what to expect. To get an email when the new site replaces the old one, please sign up for the low-traffic PyPI announcements email list.
Contents
Context
The legacy PyPI site https://pypi.python.org started in the early 2000s. Users face outages, malicious packages, and spam attacks, and the legacy codebase has made it hard to maintain and even harder to develop new features.
The new PyPI http://pypi.org/ (codebase: Warehouse) looks more modern, and is up-to-date under the hood too; a proper web framework (Pyramid), 100% backend test coverage, and a Docker-based development environment make it easier for current and new developers to maintain it and add features.
Thanks to Mozilla's Open Source Support funding, we have designed and added new features, overhauled infrastructure, and worked towards redirecting traffic to the new site and shutting down the old one. The full switch will include redirecting browser and pip install traffic from the old site; then, sometime in late April or early May, the legacy site will be entirely shut down.
Migrating
You may not need to change anything right away. Thanks to redirects, your sites, services, and tools will probably be able to seamlessly switch to the new site.
Users: No change necessary. pip install works as normal.
Package maintainers: Use Twine to upload releases, and update the URL you upload to. New PyPI takes the same username/password as legacy PyPI did. Follow the packagers' migration guide.
API users: follow the API users' migration guide.
If you're affected by a deprecation (below), you should adapt and migrate by early April 2018. Sign up for the low-traffic PyPI announcements email list to get a heads-up when we have a more precise date.
New PyPI Features
- mobile-responsive UI
chronological release history for each project (example)
- easy-to-read project activity journal for project maintainers
- better search and filtering
support for multiple project URLs (e.g., for a homepage and a repo)
support for Markdown READMEs for source distributions (soon: wheels too)
- user-visible Gravatars and email addresses for maintainers
- no need to "register" a project before initial upload
- far better backend infrastructure, reducing the frequency of outages
Deprecations
Things that already have gone away (sometimes for policy or spam-fighting reasons) include:
uploading via pypi.python.org: uploads must go through the new site's API
creating a user account on pypi.python.org: new user account registration now only on pypi.org
uploading to pythonhosted.com documentation hosting (discussion and plans)
download counts visible in the API: instead, use the Google BigQuery service)
- key management: PyPI no longer has a UI for users to manage GPG or SSH public keys
uploading new releases via the web UI: instead, we recommend the command-line tool Twine
updating release descriptions via the web UI: instead, to update release metadata, you need to upload a new release (discussion)
uploading a package without first verifying an email address
Things that will go away once legacy PyPI shuts down:
GPG/PGP signatures for packages (still visible in the Simple Project API per PEP 503, but no longer visible in the web UI)
Late 2018 or later:
deprecating the XML-RPC API and rearchitecting our APIs
Future plans
See our issue tracker. Includes:
more timely package name takeovers (PEP 541)
For updates, please sign up for the low-traffic PyPI announcements email list.
Security
If you find any potential security vulnerabilities, please follow our published security policy. Please don't report security issues in Warehouse via GitHub, IRC, or mailing lists. Instead, please directly email the security team.
Please test!
The point of the beta is to find and fix bugs. Please help us. Most of these workflows you can test on pypi.org, using the same login as you use on pypi.python.org (legacy PyPI). For testing destructive actions, like removing an owner, deleting a project, or deleting a release, please use test.pypi.org.
Workflows
Package users:
- Register/confirm a new user
- Login/logout
- Reset password
- Search for projects
- Download release files via browser
- Call JSON, RSS, Simple, and XML-RPC APIs
Project maintainers:
- Add/remove a maintainer
- Add/remove an owner
- Transition ownership
- Remove a project
- Remove a release
- View journals for a project
- View journals for a release
Upload a new release (source distribution and wheel; upgrade your versions of twine and setuptools first)
Confirm display of project description, release history, download files, project links, maintainers, tags, and classifiers (example)
Contact us
Security issues: email security @ python dot org
GitHub for all other bug reports & feature requests:https://github.com/pypa/warehouse/issues/new
IRC: #pypa-dev on Freenode (someone's usually there 10am-5pm Central Time on weekdays)
Email: pypa-dev mailing list
(By participating, you agree to abide by the PyPA Code of Conduct.)
Thank you for using PyPI!