Public bug reported: python-pip 1.5.4 has many improvements over 1.4.1 and it behooves us to carry this version in 14.04 instead. See below for more information. We should syncpackage it over to Ubuntu. Note that we should also syncpackage distlib once that clears Debian NEW (it'll be the same upstream version, Ubuntu is just a little ahead). pip 1.5.4 has a considerable number of important security fixes which alone should make it more appropriate to carry in an LTS. Yes, there are some backward incompatibilities, but pip is a leaf package and the security improvements outweigh any incompatibilities.
1.5.4 builds and installs just fine in trusty. >From upstream: **1.5.4 (2014-02-21)** * Correct deprecation warning for ``pip install --build`` to only notify when the `--build` value is different than the default. **1.5.3 (2014-02-20)** * **DEPRECATION** ``pip install --build`` and ``pip install --no-clean`` are now deprecated. See Issue #906 for discussion. * Fixed #1112. Couldn't download directly from wheel paths/urls, and when wheel downloads did occur using requirement specifiers, dependencies weren't downloaded (PR #1527) * Fixed #1320. ``pip wheel`` was not downloading wheels that already existed (PR #1524) * Fixed #1111. ``pip install --download`` was failing using local ``--find-links`` (PR #1524) * Workaround for Python bug http://bugs.python.org/issue20053 (PR #1544) * Don't pass a unicode __file__ to setup.py on Python 2.x (PR #1583) * Verify that the Wheel version is compatible with this pip (PR #1569) **1.5.2 (2014-01-26)** * Upgraded the vendored ``pkg_resources`` and ``_markerlib`` to setuptools 2.1. * Fixed an error that prevented accessing PyPI when pyopenssl, ndg-httpsclient, and pyasn1 are installed * Fixed an issue that caused trailing comments to be incorrectly included as part of the URL in a requirements file **1.5.1 (2014-01-20)** * pip now only requires setuptools (any setuptools, not a certain version) when installing distributions from src (i.e. not from wheel). (Pull #1434). * `get-pip.py` now installs setuptools, when it's not already installed (Pull #1475) * Don't decode downloaded files that have a ``Content-Encoding`` header. (Pull #1435) * Fix to correctly parse wheel filenames with single digit versions. (Pull #1445) * If `--allow-unverified` is used assume it also means `--allow-external`. (Pull #1457) **1.5 (2014-01-01)** * **BACKWARD INCOMPATIBLE** pip no longer supports the ``--use-mirrors``, ``-M``, and ``--mirrors`` flags. The mirroring support has been removed. In order to use a mirror specify it as the primary index with ``-i`` or ``--index-url``, or as an additional index with ``--extra-index-url``. (Pull #1098, CVE-2013-5123) * **BACKWARD INCOMPATIBLE** pip no longer will scrape insecure external urls by default nor will it install externally hosted files by default. Users may opt into installing externally hosted or insecure files or urls using ``--allow-external PROJECT`` and ``--allow-unverified PROJECT``. (Pull #1055) * **BACKWARD INCOMPATIBLE** pip no longer respects dependency links by default. Users may opt into respecting them again using ``--process-dependency-links``. * **DEPRECATION** ``pip install --no-install`` and ``pip install --no-download`` are now formally deprecated. See Issue #906 for discussion on possible alternatives, or lack thereof, in future releases. * **DEPRECATION** ``pip zip`` and ``pip unzip`` are now formally deprecated. * pip will now install Mac OSX platform wheels from PyPI. (Pull #1278) * pip now generates the appropriate platform-specific console scripts when installing wheels. (Pull #1251) * Pip now confirms a wheel is supported when installing directly from a path or url. (Pull #1315) * Fixed #1097, ``--ignore-installed`` now behaves again as designed, after it was unintentionally broke in v0.8.3 when fixing Issue #14 (Pull #1352). * Fixed a bug where global scripts were being removed when uninstalling --user installed packages (Pull #1353). * Fixed #1163, --user wasn't being respected when installing scripts from wheels (Pull #1176). * Fixed #1150, we now assume '_' means '-' in versions from wheel filenames (Pull #1158). * Fixed #219, error when using --log with a failed install (Pull #1205). * Fixed #1131, logging was buffered and choppy in Python 3. * Fixed #70, --timeout was being ignored (Pull #1202). * Fixed #772, error when setting PIP_EXISTS_ACTION (Pull #1201). * Added colors to the logging output in order to draw attention to important warnings and errors. (Pull #1109) * Added warnings when using an insecure index, find-link, or dependency link. (Pull #1121) * Added support for installing packages from a subdirectory using the ``subdirectory`` editable option. ( Pull #1082 ) * Fixed #1192. "TypeError: bad operand type for unary" in some cases when installing wheels using --find-links (Pull #1218). * Fixed #1133 and #317. Archive contents are now written based on system defaults and umask (i.e. permissions are not preserved), except that regular files with any execute permissions have the equivalent of "chmod +x" applied after being written (Pull #1146). * PreviousBuildDirError now returns a non-zero exit code and prevents the previous build dir from being cleaned in all cases (Pull #1162). * Renamed --allow-insecure to --allow-unverified, however the old name will continue to work for a period of time (Pull #1257). * Fixed #1006, error when installing local projects with symlinks in Python 3. (Pull #1311) * The previously hidden ``--log-file`` otion, is now shown as a general option. (Pull #1316) ** Affects: python-pip (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1300389 Title: [FFe] python-pip 1.5.4 for Ubuntu 14.04 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1300389/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
