[prev in list] [next in list] [prev in thread] [next in thread]
List: pythonmac-sig
Subject: Re: [Pythonmac-SIG] Upgrade to pip 9.0.3 (due to TLS deprecation)
From: Matthew Brett <matthew.brett () gmail ! com>
Date: 2018-04-06 23:13:47
Message-ID: CAH6Pt5rPn7miBH7g7P=wQ_xOPX+N=u7QcJMc0QjGbgX9ppdm=Q () mail ! gmail ! com
[Download RAW message or body]
Hi,
On Fri, Apr 6, 2018 at 7:02 PM, Sumana Harihareswara <sh@changeset.nyc> wrote:
> Matthew,
>
> Thank you for your detailed explanations and thoughts here and in
> https://groups.google.com/forum/m/#!topic/pypa-dev/Oz6SGA7gefo .
>
> I am not a Mac user and am fairly new to the Python packaging/distribution world, \
> so this may be naive and unrealistic verging on ridiculous, but: is there anything \
> we could ask Apple to do to help with this situation?
> Our upstream CDN (Fastly) is extremely unlikely to change their June 30th TLS \
> 1.0/1.1 removal date, which would (I imagine) affect a ton of people on older Mac \
> OS versions who do not even use PyPI.
Sorry, I'm afraid I set off the discussion in the pypa thread you
pointed to above.
Reporting back here, for those not on the pypa-dev Google group - it
looks like the TLS 1.0 shutdown is being driven by the Warehouse
release, which I believe is planned for the 16th of April (Warehouse
can't use TLS 1.0). In practice, there is no way of giving the users
a better or more visible warning message than the message we are
currently getting from using the -v flag. I'm arguing over in that
thread, that it would be better to give up on the -v flag warning, and
go straight to an SSL error (which has an uninformative message - see
[1]), because the current situation, where pip silently fails to
upgrade, including failing to upgrade itself, is more confusing than
the SSL error. Do people agree / disagree?
Cheers,
Matthew
[1] https://github.com/pypa/warehouse/issues/3293#issuecomment-378480462
_______________________________________________
Pythonmac-SIG maillist - Pythonmac-SIG@python.org
https://mail.python.org/mailman/listinfo/pythonmac-sig
unsubscribe: https://mail.python.org/mailman/options/Pythonmac-SIG
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic