Affects Version/s: PUP 3.8.0, PUP 3.8.1, PUP 3.8.2, PUP 3.8.3, PUP 3.8.4, PUP 3.8.5, PUP 3.8.6, PUP 3.8.7, PUP 4.0.0, PUP 4.1.0, PUP 4.2.0, PUP 4.2.1, PUP 4.2.2, PUP 4.2.3, PUP 4.3.0, PUP 4.3.1, PUP 4.3.2, PUP 4.4.0, PUP 4.4.1, PUP 4.4.2, PUP 4.5.0, PUP 4.5.1
per https://mail.python.org/pipermail/distutils-sig/2016-June/029125.html, the PyPA team has changed the SimpleRPC Python pip endpoint to stop supporting HTTP, and forcing consumers to use HTTPS.
The endpoint in question is used by the pip provider to determine the latest version number of a given package by name.
While the use of SimpleRPC by the pip provider probably was a questionable choice, using a hardcoded URL for it definitely was a bad one; both of which were addressed in
PUP-6120 per commit https://github.com/puppetlabs/puppet/commit/152299cc859fc74343c697841848086d4e41b6f8, which went into 4.5.2.
Sadly, this leaves users of older versions like 3.8.x in trouble, in some cases even without them noticing it (their Puppet runs start failing obscurely).
I'd like to request an update (for 3.8.8?) that allows configuration of the URL for the pip provider instead of the completely changed backend implementation in 4.5.2, to allow at least some transition route.
If PyPI would put a 301 Moved Permanent in place, that wouldn't help:
but the endpoint is available via https correctly in the way the pip provider expects it:
it would be prudent or maybe even necessary to provide the infrastructure for cert management when allowing to change the URL.
Thanks in advance!