Hi,

I've noticed that there's an idea to not pollute Git tree with vendored blobs. In particular, `ensurepip` is one of the components doing this.

Such a wish was expressed here: https://bugs.python.org/issue35277#msg330098

So I thought I'd take a stab at it...

ensurepip does not access the network, by design. We do not want it to start access the network without a lot of discussion.

And if it does access the network, it will need to be able to use alternate URLs. For example: where I deploy Python, it would not have access to the URLs in your PR, but instead would need to specify a different (internal) location. This is the same reason that pip install has --find-links, --no-index, --extra-index-url, etc.

I think this would need a lot of discussion (probably on distutils-sig), and probably a PEP.

And I don't mean to sound like a total downer. I just think it's important that we recognize all of the use cases.

Thanks for your work on this.

(Not sure how the Roundup handles email replies but I'm hoping this goes to
the right place)

I think it would be better if the downloading got invoked during the
interpreter build process -- to download the wheels and add them to the
final distribution. This lets us remove the wheels from the source
tree/version control and prevents needing to change the PEP for this change.

Functionally, I imagine having all the download logic in some sort of
ensurepip._bootstrap which has all the download logic and that getting
invoked in the build process. `python -m ensurepip` not hitting the
internet is a good invariant to keep.

On Fri, 12 Apr 2019 at 8:54 PM, Eric V. Smith <report@bugs.python.org>
wrote:

>
> Eric V. Smith <eric@trueblade.com> added the comment:
>
> And I don't mean to sound like a total downer. I just think it's important
> that we recognize all of the use cases.
>
> Thanks for your work on this.
>
> ----------
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <https://bugs.python.org/issue36608>
> _______________________________________
>

I proposed to move bundled pip and setuptools to the external repository and download them at build time like Tcl and other dependencies on Windows.

Thanks for the feedback!

I've changed it a bit to have a separate command for downloading bundles to the source tree. It'd work as in `python -m ensurepip.bundle` (needs a better name/CLI args probably).

Does it sound better now?