Matthew, Thank you for your detailed explanations and thoughts here and in https://groups.google.com/forum/m/#!topic/pypa-dev/Oz6SGA7gefo .
I am not a Mac user and am fairly new to the Python packaging/distribution world, so this may be naive and unrealistic verging on ridiculous, but: is there anything we could ask Apple to do to help with this situation? Our upstream CDN (Fastly) is extremely unlikely to change their June 30th TLS 1.0/1.1 removal date, which would (I imagine) affect a ton of people on older Mac OS versions who do not even use PyPI. -- Sumana Harihareswara Changeset Consulting s...@changeset.nyc On Fri, Apr 6, 2018, at 1:45 PM, Matthew Brett wrote: > Hi, > > On Fri, Apr 6, 2018 at 6:06 PM, Chris Jerdonek <chris.jerdo...@gmail.com> > wrote: > > > > On Fri, Apr 6, 2018 at 6:25 AM Matthew Brett <matthew.br...@gmail.com> > > wrote: > >> > >> Hi, > >> > >> On Mon, Apr 2, 2018 at 9:36 PM, Sumana Harihareswara <s...@changeset.nyc> > >> wrote: > >> > Mac users: > >> > > >> > If you are running macOS/OS X version 10.12 or older, you need to > >> > upgrade to the latest pip (9.0.3) to connect to the Python Package Index > >> > securely: > >> > > >> > curl https://bootstrap.pypa.io/get-pip.py | python > >> > > >> > Pip 9.0.3 supports TLSv1.2 when running under system Python on macOS < > >> > 10.13. Official release notes: https://pip.pypa.io/en/stable/news/ > >> > >> I wanted to check with you, whether these changes are responsible for > >> pip breaking for me in a extremely confusing way. > >> > >> What I observed was that pip was silently failing to find any packages > >> on pypi, with no informative error. > >> > >> This was extremely confusing, because when I tried to do an upgrade, e.g.: > >> > >> $ pip install -U matplotlib > >> > >> it told me everything is up to date, when this isn't correct. There > >> is no other message to warn me what is going on. > > > > > > Can you paste the input / output that you saw or are seeing — what you are > > calling “breaking for me in a extremely confusing way”? On the GitHub issue > > thread in which this was discussed, the understanding is that people *would* > > see errors that would lead them in the right direction (e.g. SSL errors). > > What you’re saying seems to conflict with that. > > During the current brownout period, with the default use of pip, you > get no error at all when you attempt to upgrade a package - it just > says you're up to date - this (below) is the full output: > > $ python -m pip install -U pip > Requirement already up-to-date: pip in > /Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages > You are using pip version 9.0.1, however version 9.0.3 is available. > You should consider upgrading via the 'pip install --upgrade pip' command. > > Of course, it's very easy to miss that you don't have the latest > version of the package in this case - everything looks like it worked > correctly. > > If you try and install a package, it just says it can't find it, but not why: > > $ pip3.5 install transforms3d > Collecting transforms3d > Could not find a version that satisfies the requirement transforms3d > (from versions: ) > No matching distribution found for transforms3d > You are using pip version 9.0.1, however version 9.0.3 is available. > You should consider upgrading via the 'pip install --upgrade pip' command. > > You do get an informative message if you use the -v flag, but I rarely > do that myself, and it's not the default. > > Just to give you an index of the problem, I got pretty confused myself > when I asked pip to upgrade a package, it said it was already up to > date, and I found I didn't have what I knew to be the right version, > and I'm a very experienced pip user, who is also on various mailing > lists where this was flagged. > > Cheers, > > Matthew _______________________________________________ Pythonmac-SIG maillist - Pythonmac-SIG@python.org https://mail.python.org/mailman/listinfo/pythonmac-sig unsubscribe: https://mail.python.org/mailman/options/Pythonmac-SIG
