-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release beta versions of pip? #7628
Comments
The important point in my comment above is
We used to release betas, and got essentially no feedback for what was at the time quite a lot of work. Our release process is a lot more automated now, so releasing betas might be useful. But I still wonder how many people would actually test them. Conversely, when we do have a release issue, it seems to hit everyone's production CI within minutes - from what we can tell, no-one is testing the new releases before putting them on their production systems - even though we say in the release announcement "We recommend that users test the release before deploying in production, as with any other software release"¹. I understand that the typical workflow (involving creating a virtualenv which pulls in the latest released pip) makes it way too easy to just take the latest version, and very fiddly to properly pin things, but even so, post-release bug reports are typically the first time we see any widespread use of a new pip version. So:
Most of my comments that you quoted aged pretty badly :-( I look quite naive when you look back on those comments - I probably was at the time. To be fair, I think we're all continually learning just how many different ways people use the flexibility Python's tools allow. And how that can cause problems 🙁 An ecosystem like rust or go, with strict conventions about how projects are structured and built, would make it much easier to avoid the sorts of issues we've been hitting recently. Ah well. ¹ This comment is intended as friendly advice, even though it could be read as a passive-aggressive "it's not our fault if you don't test stuff" disclaimer. We do understand it's hard to do, we just don't really have any better suggestions to offer 🙁 |
Probably worth flagging, we are actively exploring what it would take to set up a sustainable beta process (one that has a good story for end users of pip, to actually get some testing) as part of #6536. If we're able to come up with a good process, I'm guessing/hoping that we'd have development, UX, and communications needed for it, as part of https://wiki.python.org/psf/Pip2020DonorFundedRoadmap. |
I'd like to share that it's possible to run pip at master, which you could do at any time interval before pip's predictable release process:
You could simply |
Fair point @jaraco. Perhaps the devs don't even need to make a beta release, just send an email to python-announce saying "please test pip @ master these days, we plan to make the next release next week". Or have a GitHub issue where interested users can subscribe for notifications of upcoming releases (like trio does for backwards-incompatible changes). This simplifies the burden on the developer side, while giving users a chance of testing from Also, first time I see |
I think that the recent breakage was too huge because people use the freshest newest pip, even a completely new "untested" major release. Instead of relying what they already have in their distro or some pinned version (or just a major version) that is known to work, like it is usual elsewhere when dealing with dependencies. Why people do this? Maybe because the pip itself prints a WARNING every time "You are using pip version 19.2.3, however version 20.0.1 is available" :) |
@messa That's a good point. With that message, we are encouraging regular updates by users. That was (originally) done deliberately, as we otherwise find that users are not upgrading, and then are finding that older versions of pip don't work for them (no support for newer features like PEP 517 or manylinux2010/2014, etc). That can be just as much a breaking change for end users. I'm not sure how we balance these two concerns. Would it help if the warning said "Please plan to upgrade to 20.0.1", or similar? Or is there other wording that could get the message across that we want you to upgrade, but you need to do so in a controlled manner, just as with any other software? |
I assume most people affected by the breakage were doing something like this on their CI:
So they are not affected by the wording of the message. After 20.0 breakage, they surely did something like this:
And at this point users will be told that 20.0.1 fixed the original issue very slowly and gradually lift the upper bound. Until the next time, that is... |
@Juanlu001 Exactly my case 🙂
They are. They see it on their desktop so they make sure even the CI is up to date.
This is the reason why I personally did @pfmoore The warning could be displayed if the current pip version is older than some threshold. Update: I see that even the Github Action default template for Python apps starts with |
pypi/warehouse#726 would be, IMO, perfect for our use case. :) |
@pfmoore here's another idea: Pip could stop unconditionally showing this message immediately after the release and go with some sort of a roll-out.
Besides this, Pip could somehow use info from Dependabot that collects stats on things it sends PRs for: https://dependabot.com/compatibility-score/?dependency-name=pip&package-manager=pip&version-scheme=semver. |
@webknjaz Honestly, that seems like way too much complexity for this. After all, we're only speculating that people upgrade aggressively because of the warning. I suspect that the fact that |
I'm only partially following, but I don't think a beta release or testing master would have necessarily caught this issue anyways yea? The most recent issue was due to a dirty build directory when producing the final artifact that got released as 20.0. That means it wasn't related at all to the state of the repository, but was instead the state of the machine that the release process was run on. It's entirely possible (likely even) that the same machine would have been used to produce the beta release, but it's also possible that the state didn't exist a week prior to the release and thus the beta release would have worked fine, while the real release would have been broken. That's not to say we haven't had cases where issues with a release wouldn't have been caught in a beta release, but I just don't think that this case is one where a beta release would have helped anyways. The only way that a beta release would have helped us here, is if we had some mechanism in place for promoting the exact binary we produced as a beta, to a final production build-- which we don't really have currently (and doing so is difficult given version numbers are baked into the produced "binary"). |
@dstufft correct. I'm treating this discussion as a general "maybe we should rethink offering betas" question. But it definitely wouldn't have helped in the case of the 20.0 issue. |
That's what pypi/warehouse#726 would be, IIUC. |
Aye, the two-phase upload would have been the key here. However, I've also been thinking about the problem of how to get folks testing against pip pre-releases (if you were to start doing them again), and remembered this post from Brett Cannon encouraging folks to enable CI tests against CPython development branches in Travis CI: https://snarky.ca/how-to-use-your-project-travis-to-help-test-python-itself/ For projects that use a dependency updating service like requires.io, the suggestion would be straightforward: explicitly list pip as a development dependency, so the updater service triggers for new pip releases, rather than unconditionally updating pip on every build. For folks that don't use an updater service, the idea that Brett's post inspired is having a CI job defined that checks for a pip pre-release (or potentially any dependency pre-release), exits fast if it doesn't find one, but otherwise auto-executes the project's full test suite against the dependency pre-release. |
The one thing about that, is it's not as straight forward as just toss pip in |
@dstufft True, so even folks that otherwise use an updater service might need to handle |
What you said can work, you just have to make sure that you're doing something like:
Instead of just tacking it into |
Per #7951 we are planning to release a beta version of 20.1 this week. Leaving this open as we learn how to do betas in general and try to iron out a better process for making and publicizing them. |
I see in #8100 that the release will actually be 20.1b1... Does that mean it is effectively a beta? 😅 |
Hi @astrojuanlu. We're going to release a beta first as 20.1b1, and then after that, we'll release 20.1. |
@astrojuanlu you may be interested in reading https://www.python.org/dev/peps/pep-0440/ to understand better how versions comparison works in the Python ecosystem. Specifically, |
Thanks folks, I know how versioning works 😅 but initially I misread @brainwane comment as "Per #7951 we are planning to release Regarding:
The fact that I could do |
@astrojuanlu we do make email announcements. #7951 (comment) |
Hi @astrojuanlu . I appreciate your concern and desire to save us from effort. However, when we want to publicize something to get people to test it, we need to get the word out to a big mix of people, including people who have never dropped by our repository and who don't subscribe to Python packaging-specific news mediums. So we update relevant GitHub issues, send out mail announcements, tweet, contact Python-related news outlets, etc. It inherently takes substantial effort to get the word out about a beta and that is one of the reasons I'm working on the project right now -- to do those things. (We are in the midst of doing these things about this specific beta now and will probably mention them in #7951 as we do them.) If we, in the future, end up again in a situation where no one is being paid to work on pip, then probably the minimum we would do to publicize a beta is
Does that help you understand the general approach we're using? |
Thanks to you @brainwane for your constructive comment. Yes, this was very helpful! I was missing more information than I thought, and wrongly assumed that the pip developers were only making small steps towards doing full fledged beta releases - but in fact, having made the announcement in all those channels is ✨ awesome! I have nothing else to contribute to this issue :) |
Thanks, @astrojuanlu. In IRC on the 21st, a few people said:
Of course, this was before we had done the publicity work listed in #7951 (comment) . @pradyunsg Could you talk a little more about what usually happens after a pip release, in terms of approximately how many new issues you get in the first 30-90 minutes after a pip release, and how many new issues you get in the first 5-7 days after a pip release? I would like to better understand what you mean by "immediately" and "light up". And this will help us calibrate how much publicity work we do, and in what venues, in order to get manual testing of this beta and of future betas. |
@pradyunsg mentioned that we did get a few issues reported regarding this beta:
By my reckoning, between the beta release and just now when you published pip 20.1, we received the following bug reports:
And we got some feedback in email on python-dev and a tiny bit on Twitter. For comparison, let's look at what bug reports we get in the next eight days, and what kind of usage and testing was necessary to elicit them. And that will help us get better testing for future prereleases. |
In case of pip 20.0, the breakage was severe (you couldn't run pip) and we had reports within 5 minutes from users about the failures. By about 20 minutes, there was enough of a flood that I was actually ignoring incoming comments while working on a fix. In a more not-breaking-the-world release, most of our users upgrade within a week or two (at least according to PyPI numbers) and we get anywhere from 10-50 issues filed during the initial burst of "new release" issues, that usually lasts about 5-7 days. Some of them are bugs in the changes / new functionality that get fixed in bug-fix releases. |
This can be seen clearly at https://pepy.tech/project/pip: |
FWIW, as noted in #8165 (comment), in-place builds ended up being super disruptive to users, and also broke manylinux wheel builds. :) I'm now in the same camp as @dstufft and I don't think doing betas just-before-the-release is going to be useful for pip's release workflow. |
Donald wrote:
I acknowledge Donald's experience. And I agree that finding technical means to phase large changes in over time is one of several useful strategies. I'm also totally open to moving around our schedules so that the beta of a pip version goes out more like a month before the release instead of a week before. However, in order to know whether past performance would be a good guide to future results, we need to check whether we are comparing apples to apples. To me, a "beta" means:
Did we actually do all of those things in the past, in the experiences Donald is referring to? I think we didn't. As I recall, we generally released a version with a beta version number and mentioned it in places where Python packaging experts and enthusiasts pay attention. We didn't have the resources we currently have, so we didn't do as much test plan development or beta publicizing. As far as I know, we have now done a single pip beta that included something of a manual test plan and some publicity to users. It sounds like it wasn't as useful as you'd like, @pradyunsg, but I believe that means we need to iterate. For example, one thing I would like to try:
That announcement list would grow over time; it might take a year for it to really start paying off, but I believe it would. |
With 20.2b1 released as a feature preview (GH-8280), could/should we make it a habit? (IMHO beta is not the most correct term for it, but until 20.2 I don't think we can go back to If this is a good idea, we'd also need to find out how frequent should the snapshots be. Personally I don't think regular interval of time is a good idea, since the number of maintainers we have for Disclaimer: not only the new resolver but also my GSoC project (parallel download) would also benefit from having quick feedback from a diverse user-base, so my opinion is quite biased. |
Hi @McSinyx -- you mentioned,
Could you point to your project plan (I presume it's somewhere public) for your GSoC project? How much time did you build into that plan for publicizing your work and recruiting testers? |
(Knowing that, plus looking at the upcoming schedule for donor-funded work, will help us figure out how many human-hours we have to create and publicize prereleases and get useful testing out of prereleases.) |
@brainwane, if everything goes as planned (which is really rare), I'd love to have early feedback on week 4. Currently I'm also eager to know if multithreading/processing is portable enough to roll out to everyone, e.g. to revert the reversion of GH-7962.
TBH I did not included that in the plan. As written in the disclaimer, while I might benefit from having early feedback, I want to make sure it is communicated that I don't want prereleases if it makes it more time consuming for the current resolver work. |
@McSinyx Thanks. I see that Week 4 is June 22-28. In a resolver meeting earlier this week we decided that we'll reconvene in a few days, on June 3rd, and try to come up with a date for the next beta (hopefully early June). That way we'd have at least 3 weeks of publicizing and testing before a July release of pip 20.2. So, if that works out, that may also help with getting feedback for your project. In order for people in this thread to feel eager for future prereleases, I think we need to address the concerns brought up (as I did, a little, in #7628 (comment) ). For instance, could you help answer the question I asked in #7628 (comment) , to summarize how many bug reports we got in the following 8 days, and what kind of usage and testing was necessary to elicit them? I see you have a few buffer weeks in the plan. Would you be willing to revise your plan, and use a few days of that buffer time to help with the following?
Doing these things will help make the prerelease more effective - we'll gather more bug reports that we can fix before the canonical release. |
@brainwane, thank you for the pointer to the meeting summary, it gives me a better idea about what's going on.
I suppose that you mean the bug report we got from the latest beta (May 21)? I've gathered these:
Most of these came from the users who are willing to help out testing the new resolver, which is called for by the UX team I think.
My short answer is yes. The longer and more meaningful answer is I'm new to planning things and it's purely things I wish to get done in the timeline. By the end of this month I should be able to have a list of use cases and platforms that I especially doubtful about; and I participate on GitHub tracker or regular basis. I am unaware of any beta announcement mailing list though, could you please give me a pointer? What I proposed in this issue earlier was to have a testing release stream where eager users can track. I imagine that it would be beneficial for pip's scheduled releases too, but the aim was to allow better synchronization between the loving-shiny-thing users and the core devs. I was more of having a question (if it's a good idea) rather than pushing it. |
@brainwane I think the bug report summary was covered in #7628 (comment). |
After the recent problems of pip 20.0 (kudos to the developers for the quick fix!) I remembered the issues that arose when 19.0 was released with PEP 517 support.
There is a comment from @pfmoore about not doing prereleases:
Including a remark that aged somewhat badly:
I wonder if the pip developers would reconsider producing one beta or release candidate before the actual release to prevent this kind of sudden breakage. Even if a tiny percentage of users actually tests the beta, perhaps there would be more chances of catching these bugs earlier.
The text was updated successfully, but these errors were encountered: