Implement PEP 592: Yanked Releases #5838
Conversation
|
Note: |
|
This feature would be helpful in improving pip's test automation so it would be great if you could prioritize finishing this WIP. |
|
I am unlikely to find time in the interim to finish this, though I think we could deploy this without an API and just have it be a UI only feature for now. |
di
changed the title
|
@ewdurbin @di @dstufft hey - as Ernest and @pradyunsg and I talked about in a meeting about the pip resolver work, getting this implemented might help us smooth the second-order effects of the resolver rollout, so if you could help get this finished and merged, we'd appreciate that! |
|
The value of |
There was a problem hiding this comment.
I think my biggest thing is I'm not sure that we want yanked to function as hiding releases from the UI (but maybe we do, I'm not sure?).
My gut instinct tells me we probably want this behavior:
- On the unversioned URL for a project, we won't pick a yanked version, and would instead act as if there were no versions.
- One could argue that it's better to just display a yanked version as a last ditch effort to display something, I'm not sure though?
- On a versioned URL, yanked releases will show up normally, except there is some marker on the page to indict this release has been yanked (likely some sort of red warning banner?).
- On the list of all versions, the yanked releases still show up, but are marked in some fashion to show that they have been yanked (greyed out to demphasize? red? idk).
Fundamentally, I don't think we want to reimplement the hidden release option from legacy PyPI, this is largely about making it so that people can prevent a version from being installed unless absolutely needed, it isn't about hiding it like it never existed and I think that being able to introspect it in the UI still is still useful.
warehouse/packaging/models.py
Outdated
| (Release.project == self) | ||
| & (Release.canonical_version == canonical_version) | ||
| Release.project == self, | ||
| Release.yanked.is_(False), |
There was a problem hiding this comment.
Do we want to do this? This will make it so yanked versions can't be viewed online at all right?
|
I see where you're coming from @dstufft. My thought is that if we want people to use yanks instead of deleting releases, we need to make yanks behave just like deleting releases, except you can still pin to them. People delete releases for a lot of reasons: bad Another issue this helps avoid is requiring average users to understand what a yanked release even is. If a user is looking at project page for |
|
See I almost consider it the other way, people are still using versions of pip that don't support yanked, so they're likely to be very confused if they I also don't think that the use case for yanked needs to behave "just as if it was deleted". I do think that for the unversioned URL we should certainly not select a yanked version (possibly unless there ONLY exist yanked versions?), so someone would have to explictly seek out a yanked version in order to even see one exists. If we do that, we might possibly want to mark a yanked release's mage as noindex as well, so that it won't show up in google's search either. |
|
Hmm, I see your point, and I think you're probably right. I hadn't considered the difference in behaviors between clients that do/don't support yanked releases. |
di
force-pushed
the
yanked
branch
2 times, most recently
from
468f70a to
9fa75ad
Compare
|
@dstufft I think I addressed all your feedback here. Yanked releases will show up everywhere except:
|
There was a problem hiding this comment.
I feel like it'd be nice to require users to put in something as "reason for yanking" (picking from a bunch of fixed choices, for example) since installers can present that information to the user (pip prints a warning containing the message), and having it be compulsory from the start would help avoid a potential transition step if we add it later.
Then again, it's much easier to do a smoother transition on web application than a command line application, so it's perfectly fine if y'all think it's OK to not start with that... :)
di
force-pushed
the
yanked
branch
2 times, most recently
from
ff61e7a to
63334ac
Compare
| This release will still be installable for users pinning to this exact version, e.g. when using <code>{{ project_name }}=={{ version }}</code>. | ||
| {% endtrans %} | ||
| {% trans href="https://www.python.org/dev/peps/pep-0592/" %} | ||
| For more information, see <a href="{{ href }}">PEP 592</a>. |
There was a problem hiding this comment.
This doesn't need to block this PR, but I've wondered if our propensity for linking to PEPs is the best user experience we can provide here, or if we should figure out a real documentation pipeline for Warehouse (not really counting what exists now since it's primarily developer facing documentation, not user facing) and start moving to that.
There was a problem hiding this comment.
I think I agree, we are sort of hitting the limits of what we can document inline and in /help.
This allows yanked releases to show up in the UI with the exception of: * Project.latest_version will not return a yanked release as the latest * The project detail page will not show a yanked release as the latest * /pypi/<project_name>/json will not use a yanked release as the latest * Search reindexing will not include yanked releases
Co-Authored-By: Pradyun Gedam <[email protected]>
Releasemodel to support marking a release as yanked.data-yankedattribute.Provide an API for yanking/unyanking a release.