McSinyx
/
pip
mirror of https://github.com/pypa/pip
1
1
Fork 0
Code Issues Releases Activity

add research output outlines

This commit is contained in:
Nicole Harris 2021-07-05 21:08:06 +01:00
parent 33a401f12b
commit 3fd53feb2b
13 changed files with 2887 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

676
docs/html/ux-research-design/2020-research-outputs/about-our-users.md Normal file
View File

@ -0,0 +1,676 @@
# About pip's users
## Research
It is important to understand users' background, their cultural environment, and how they experience the world. To get this understanding we asked our participants about: their location in the world, their spoken language, if they identified as members of an underrepresented group in the Python community, and also to understand their disabilities and if they affected their usage of pip.
## Summary
164 participants took part in our "Who uses pip?” user research, 40% of these came from English speaking countries. 80% of participants came from Europe/North America.
Approx. 60% of participants did not identify as members of under-represented communities. The majority of those who did identify as under-represented did so for gender reasons.
The majority of participants (94%) responded that they did not have a disability. Those that did have a disability, the majority were cognitive disabilities (Attention Deficit Hyperactivity Disorder (ADHD), Autism, Aspergers, Dyslexia) or a hearing disability.
## Recommendations
### Supporting languages other than English
The ideal situation to support non-English speaking pip users would be to translate documentation into their language, some alternatives could be drawn from the Python community:
#### Identify community members who could act as other language documentation stewards
The Python community is global, and so has members who speak many languages. By identifying members who could take care of translating, or identifying already created documentation, this would help non-English speaking pip users.
#### Identify pip documentation in other languages and link to it from the official pip documentation
Our research has already found that users use a mixture of pip documentation, search engine searches, Stack Overflow and blogs/websites to find good documentation.
Providing a list of documentation in different languages for pip users would make it easier to find that documentation.
### Supporting pip users with disabilities
Pip's operation is actually very good for users with disabilities. Being a terminal application the user has a large amount of control on how they experience pip - customisation of interface visual preferences (to use contrasting colours, font size and type), there are no distracting images or ancillary content, they can use visual and auditory alerts.
#### Improving pip output
However the main improvement that should be made is to improve pips output.
Right now pip's output is too verbose - it generates an unhelpful amount of output during it's operation. This causes usability issues for all users - especially users with cognitive disabilities.
Pip's output should be improved by:
- Distinguishing what is important information at the moment (e.g. at install of a package) and remove unimportant information from the terminal output. The information can still be logged to the log files if needed.
- Reduce the number of verbosity levels to 3. Right now there are 7 <?> levels of verbosity.
- Verbosity 0 - shows only what packages are to be installed, notifications identified as important about the operation, any errors and the final outcome
- Verbosity 1 - shows more detail about the packages being installed
- Verbosity 2 - shows full information which is also logged to logfiles
## Participant demographics
### Location
The majority of participation came from North American, Western European countries. Participation from African, Asian, and Middle-Eastern countries was low.
![alt_textTODO](images/image1.png "image_tooltip")
Fig. 1: Global distribution of pip research participants.
<table>
<tr>
<td><em>Country Name</em>
</td>
<td>Number of participants
</td>
</tr>
<tr>
<td>United States of America
</td>
<td><p style="text-align: right">
42</p>
</td>
</tr>
<tr>
<td>United Kingdom
</td>
<td><p style="text-align: right">
17</p>
</td>
</tr>
<tr>
<td>France
</td>
<td><p style="text-align: right">
12</p>
</td>
</tr>
<tr>
<td>Germany
</td>
<td><p style="text-align: right">
11</p>
</td>
</tr>
<tr>
<td>Canada
</td>
<td><p style="text-align: right">
10</p>
</td>
</tr>
<tr>
<td>Netherlands
</td>
<td><p style="text-align: right">
8</p>
</td>
</tr>
<tr>
<td>Spain
</td>
<td><p style="text-align: right">
6</p>
</td>
</tr>
<tr>
<td>Switzerland
</td>
<td><p style="text-align: right">
5</p>
</td>
</tr>
<tr>
<td>Nigeria
</td>
<td><p style="text-align: right">
4</p>
</td>
</tr>
<tr>
<td>India
</td>
<td><p style="text-align: right">
4</p>
</td>
</tr>
<tr>
<td>Czech Republic
</td>
<td><p style="text-align: right">
4</p>
</td>
</tr>
<tr>
<td>Argentina
</td>
<td><p style="text-align: right">
4</p>
</td>
</tr>
<tr>
<td>Sweden
</td>
<td><p style="text-align: right">
3</p>
</td>
</tr>
<tr>
<td>Australia
</td>
<td><p style="text-align: right">
3</p>
</td>
</tr>
<tr>
<td>Ukraine
</td>
<td><p style="text-align: right">
2</p>
</td>
</tr>
<tr>
<td>Taiwan
</td>
<td><p style="text-align: right">
2</p>
</td>
</tr>
<tr>
<td>Russia
</td>
<td><p style="text-align: right">
2</p>
</td>
</tr>
<tr>
<td>Greece
</td>
<td><p style="text-align: right">
2</p>
</td>
</tr>
<tr>
<td>Colombia
</td>
<td><p style="text-align: right">
2</p>
</td>
</tr>
<tr>
<td>Chile
</td>
<td><p style="text-align: right">
2</p>
</td>
</tr>
<tr>
<td>Brazil
</td>
<td><p style="text-align: right">
2</p>
</td>
</tr>
<tr>
<td>Belgium
</td>
<td><p style="text-align: right">
2</p>
</td>
</tr>
<tr>
<td>Uganda
</td>
<td><p style="text-align: right">
1</p>
</td>
</tr>
<tr>
<td>Turkey
</td>
<td><p style="text-align: right">
1</p>
</td>
</tr>
<tr>
<td>Singapore
</td>
<td><p style="text-align: right">
1</p>
</td>
</tr>
<tr>
<td>Serbia
</td>
<td><p style="text-align: right">
1</p>
</td>
</tr>
<tr>
<td>Norway
</td>
<td><p style="text-align: right">
1</p>
</td>
</tr>
<tr>
<td>Luxembourg
</td>
<td><p style="text-align: right">
1</p>
</td>
</tr>
<tr>
<td>Japan
</td>
<td><p style="text-align: right">
1</p>
</td>
</tr>
<tr>
<td>Italy
</td>
<td><p style="text-align: right">
1</p>
</td>
</tr>
<tr>
<td>Israel
</td>
<td><p style="text-align: right">
1</p>
</td>
</tr>
<tr>
<td>Ireland
</td>
<td><p style="text-align: right">
1</p>
</td>
</tr>
<tr>
<td>Hungary
</td>
<td><p style="text-align: right">
1</p>
</td>
</tr>
<tr>
<td>Ghana
</td>
<td><p style="text-align: right">
1</p>
</td>
</tr>
<tr>
<td>Finland
</td>
<td><p style="text-align: right">
1</p>
</td>
</tr>
<tr>
<td>Bulgaria
</td>
<td><p style="text-align: right">
1</p>
</td>
</tr>
<tr>
<td>Austria
</td>
<td><p style="text-align: right">
1</p>
</td>
</tr>
<tr>
<td><strong>Total</strong>
</td>
<td><p style="text-align: right">
<strong>164</strong></p>
</td>
</tr>
</table>
## Participant's first language
Even though the research was carried out mainly in English, 51% of participants spoke languages other than English.
<p id="gdcalert2" ><span style="color: red; font-weight: bold">>>>>> gd2md-html alert: inline image link here (to images/image2.png). Store image on your image server and adjust path/filename/extension if necessary. </span><br>(<a href="#">Back to top</a>)(<a href="#gdcalert3">Next alert</a>)<br><span style="color: red; font-weight: bold">>>>>> </span></p>
![alt_text](images/image2.png "image_tooltip")
NB: English includes British English and American English. Some participants gave more than 1 answer, their first answer is included here.
## Are you a member of an underrepresented minority in the Python users community?
We asked research participants if they identified as members of an underrepresented minority. We gave participants a broad definition of underrepresented - gender, age, educational background, language you speak, what you use Python for. The objective of this question was to discover participants' opinions of their understanding of underrepresented.
(This question was included _after _the survey was published. Total participants was 106, as opposed to all other questions which had 164)
![alt_text](images/image3.png "image_tooltip")
Of the 23.5% that responded "Yes" the answers were classified as follows :
<table>
<tr>
<td><strong>Underrepresentation category</strong>
</td>
<td><strong>Count</strong>
</td>
</tr>
<tr>
<td>Gender
</td>
<td><p style="text-align: right">
9</p>
</td>
</tr>
<tr>
<td>Cultural
</td>
<td><p style="text-align: right">
3</p>
</td>
</tr>
<tr>
<td>Age
</td>
<td><p style="text-align: right">
3</p>
</td>
</tr>
<tr>
<td>Immigration status
</td>
<td><p style="text-align: right">
2</p>
</td>
</tr>
<tr>
<td>Neurodiversity
</td>
<td><p style="text-align: right">
3</p>
</td>
</tr>
<tr>
<td>Other
</td>
<td><p style="text-align: right">
6</p>
</td>
</tr>
<tr>
<td>No answer
</td>
<td><p style="text-align: right">
8</p>
</td>
</tr>
</table>
### What do these results mean?
The majority of participants did not identify as part of an underrepresented community. Due to the small sample size these results cannot be seen as representative of the whole pip user base.
#### Participant comments about identifying/not identifying as under-represented
Here is a sample of noteworthy comments from these different groups.
##### Related to gender
_(I am) LGBTQ/IA+ - _Participant 242608909
_I am a 25 year old female Colombian developer. - _Participant 242611698
_Female, 39, no computer science background whatsoever, self taught. - _Participant 242614039
##### Related to culture
_The hispanic community is quite underrepresented in the web in general - Participant 242599212_
_I am a 1st generation Dominican-American. My parents are from the Dominican Republic. - _Participant 242769361
##### Age related
_Older age, I am 50 now. - _Participant 242769743
##### Neurodiversity related
_I'm a woman. And autistic. But the latter might not be underrepresented ;) - _Participant 243428773
##### Other
_Veterans who entered tech post-military _- Participant 243524784
_I'm not sure it applies, but I do feel that distributing CLI packages to workstations is painful with pip. I'm sure in server side environments where you have control over the host it's much easier. - _Participant 242943955
Noteworthy answers where the participant did not identify as under-represented (or were not sure) -
_I'm a young white cis male, so by far not a minority in those aspects. But at the same time I'm from a third world country, Argentina, and that sometimes (and I emphasize, only sometimes) makes me feel like a minority. When participating in our local communities (Python Argentina), I feel clearly not-minority, and with the responsibility of helping minorities, trying to build a more welcoming and fair environment for them. But when I participate in the broader global community, at times I feel underrepresented, seeing it mostly guided by english-seaking people from first world countries. But if I have to choose, I would say I mostly feel not-minority, because I mostly interact with people from our local communities, where I'm not part of a minority. - _Participant 242592869
_As a CIS male I conform the majoritarian group in the IT world. I'm hopeful that things are changing everywhere, and will keep changing: inclusion is getting bigger and better, more and more people are starting their careers as devs or similar, disregarding ethnicity and/or sexual orientation and that's great! And we need to keep fighting for that. - _Participant 243455292
## Participant disabilities
Disabilities - physical, motor, cognitive, hearing, speech - alter how people perceive and interact with the world around them - software included. We asked participants about their disabilities and how it affected their usage of pip.
Understanding these disabilities are important particularly when designing pip command structures, and designing pip output.
The majority of participants (150) responded that they did not have a disability. Those that did have a disability, the majority were cognitive disabilities (Attention Deficit Hyperactivity Disorder (ADHD), Autism, Aspergers, Dyslexia) or a hearing disability.
### How many participants identified as having a disability?
<table>
<tr>
<td><em>Answer to the question: Do you self-identify as someone who has a disability?</em>
</td>
<td>Number of responses
</td>
</tr>
<tr>
<td>No
</td>
<td>150
</td>
</tr>
<tr>
<td>Yes
</td>
<td>14
</td>
</tr>
<tr>
<td><strong>Grand Total</strong>
</td>
<td><strong>164</strong>
</td>
</tr>
</table>
<p id="gdcalert4" ><span style="color: red; font-weight: bold">>>>>> gd2md-html alert: inline image link here (to images/image4.png). Store image on your image server and adjust path/filename/extension if necessary. </span><br>(<a href="#">Back to top</a>)(<a href="#gdcalert5">Next alert</a>)<br><span style="color: red; font-weight: bold">>>>>> </span></p>
![alt_text](images/image4.png "image_tooltip")
### Types of disabilities participants mentioned
#### Vision
Participants' who answered yes to this question were partially sighted. Their vision disability was not corrected by glasses however it did not significantly affect their usage of pip.
#### Hearing
5 participants identified as having a hearing impairment, or hearing loss. While this disability made participants lives more difficult, it did not affect their usage of pip:
_Being hard of hearing/impaired makes my life much harder, but so far it never has impacted my usage of pip. Perhaps because I havent used parts of it that would? _- 242934019
_Not at all given that everything happens by text in my console._ - Participant 243455292
However it does affect the way they consume pip learning materials: if video is being used for learning or support, they should have captions/subtitles/transcriptions available.
_[...] any videos released, it is so helpful if there is either a) transcripts, or b) captions. \
_- Participant 243524784
#### Cognitive disabilities
9 participants expressed cognitive disabilities including undefined mental health conditions, Attention Deficit Hyperactivity Disorder (ADHD), Autism, Aspergers, Dyslexia.
These participants did not explain how their cognitive disabilities affect their usage of pip, however there are guidelines and best practices for designing for people with cognitive disabilities.
#### Physical or mobility disability
1 participant responded that they had a physical or mobility disability, but did not give detail about it in relation to their usage of pip.
## Use of assistive technology
Assistive technology is
The majority of participants (94%) never used assistive technology equipment.
<p id="gdcalert5" ><span style="color: red; font-weight: bold">>>>>> gd2md-html alert: inline image link here (to images/image5.png). Store image on your image server and adjust path/filename/extension if necessary. </span><br>(<a href="#">Back to top</a>)(<a href="#gdcalert6">Next alert</a>)<br><span style="color: red; font-weight: bold">>>>>> </span></p>
![alt_text](images/image5.png "image_tooltip")
One participant (242933506) uses the following every day:
- Text-to-speech output as "text to speech it allow me to listen and learn when my eyes get strained.”
- Speech-to-text input as they like using their "tablet and makes typing easier”
- On-screen keyboards
- Input switches/touch screens
### I use it only when needed
7 participants use AT only as needed.
I use custom display filter software to do things like colorize key lines of output automatically (to draw my eye/attention), and provide digit dilimination (I.E. help me tell 1000 and 10000 apart) when using a text console application.
The standard Mac user interface design contains enough assistive technology without my needing to use any features which are specifically intended solely as assistive functions.
I sometimes use it to make sure that my code will work correctly with AT.
### How well do your Assistive Technologies work when you use pip?
For all participants who used AT, it worked very well for them, they did not report problems.
When using pip help pipe to unless more/less is used, output can scroll off top of the current terminal window - screen readers do not cope well in this case. The same can happen for installs and failed builds cause a lot of output, often with the critical part off the top of the screen.
### What operating system(s) are used with Assistive Technology?
Participants have used AT across 3 most popular desktop operating systems - Linux (most popular), Windows (2nd most popular), and Linux.
<p id="gdcalert6" ><span style="color: red; font-weight: bold">>>>>> gd2md-html alert: inline image link here (to images/image6.png). Store image on your image server and adjust path/filename/extension if necessary. </span><br>(<a href="#">Back to top</a>)(<a href="#gdcalert7">Next alert</a>)<br><span style="color: red; font-weight: bold">>>>>> </span></p>
![alt_text](images/image6.png "image_tooltip")
### In your view, what is the most important accessibility improvement we should make to pip?
**AT setups**
Programmable ergonomic keyboard and a large easy-to-manipulate trackball (which pip doesn't need, being a CLI tool)
Software is a set of custom scripts I've written.
I have my custom keyboard between me and my screen, just like any typical user.
## Designing for people with disabilities resources
[An Introduction to inclusive design](https://www.nomensa.com/blog/2011/introduction-inclusive-design)
[How ADHD and dyslexia teach you to do better UX design](https://themasters.io/blog/posts/how-adhd-dyslexia-teach-better-ux-design)
[Improve User Experience by Designing with Cognitive Differences in Mind](https://noti.st/elizabethschafer/fg3BR4)
[Designing accessible software - guidelines for different disabilities](https://ukhomeoffice.github.io/accessibility-posters/)
[Designing for Children with ADHD: The Search for Guidelines for Non-Experts](https://uxpamagazine.org/designing_children_adhd/) (written for children however applicable generally)
[Designing for dyslexia](https://uxplanet.org/designing-for-dyslexia-6d12e8c41cd7)
## Participant introduction to Python
The majority of participants were introduced to Python in school - second-level school, university, or postgraduate education.

66
docs/html/ux-research-design/2020-research-outputs/ci-cd.md Normal file
View File

@ -0,0 +1,66 @@
# pip in interactive environments (i.e. CI, CD)
## Research question
We asked participants about the contexts in which they used pip - interactively, i.e. typing pip commands at the command line terminal, and in an automated environment, i.e. as part of continuous software integration or continuous software development pipelines.
Different contexts of use mean that users have different important and common tasks, it means when, where and how they complete these tasks are different. They also have different issues.
Each of these contexts bring different needs: interactive usage requires the right feedback/output at the right time, whereas an automated environment requires little or no feedback in the moment but detailed feedback after the task has finished.
We wanted to know what they used pip for - as part of their software development toolchain, or purely as a software installer (analogous to Ubuntu Aptitude or Mac Appstore). We also asked about their need for pip to build packages from source.
We asked users to give answers to the following statements:
* I use pip in an automated environment (e.g. CI/CD pipelines)
* I have problems with pip in CI/CD pipelines
* I use pip interactively (e.g. typing pip commands on the commandline)
* I make software and use pip as part of my software development workflow
* I use pip only to install and use Python packages
* I need pip to build software packages from source
## Summary
Using pip interactively makes up the majority of pip usage (91%), the majority (73%) of this usage is basic usage - to only install and use Python packages.
Half (51%) of all participants used pip in an automated environment, with only 9% having issues with pip in that automated environment. This points to a good use experience for these users.
71% use pip as part of their software toolchain, only 29% needing pip to build from source.
These results show that the main context of use is interactive - users either writing code, installing software at the command line and we know from other research that interactive usage has its issues e.g. pip output being too verbose.
While it is important to provide automated environment users with a good experience, interactive mode users are being underserved.
## Results
### Research question(s)
<p id="gdcalert1" ><span style="color: red; font-weight: bold">>>>>> gd2md-html alert: inline image link here (to images/image1.png). Store image on your image server and adjust path/filename/extension if necessary. </span><br>(<a href="#">Back to top</a>)(<a href="#gdcalert2">Next alert</a>)<br><span style="color: red; font-weight: bold">>>>>> </span></p>
![alt_text](images/image1.png "image_tooltip")
<p id="gdcalert2" ><span style="color: red; font-weight: bold">>>>>> gd2md-html alert: inline image link here (to images/image2.png). Store image on your image server and adjust path/filename/extension if necessary. </span><br>(<a href="#">Back to top</a>)(<a href="#gdcalert3">Next alert</a>)<br><span style="color: red; font-weight: bold">>>>>> </span></p>
![alt_text](images/image2.png "image_tooltip")
91% of users said they used pip interactively. This does not preclude them from automated usage.
<p id="gdcalert3" ><span style="color: red; font-weight: bold">>>>>> gd2md-html alert: inline image link here (to images/image3.png). Store image on your image server and adjust path/filename/extension if necessary. </span><br>(<a href="#">Back to top</a>)(<a href="#gdcalert4">Next alert</a>)<br><span style="color: red; font-weight: bold">>>>>> </span></p>
![alt_text](images/image3.png "image_tooltip")

459
docs/html/ux-research-design/2020-research-outputs/improving-pips-documentation.md Normal file
View File

@ -0,0 +1,459 @@
# pip's documentation
## Problem
We want to establish whether or not the [official pip documentation](https://pip.pypa.io/en/stable/) helps users to solve their pip problems. We also want to identify possible improvements to the content and structure of the docs.
## Research
### Interviews
We conducted interviews with pip users specifically discussing documentation. During these interviews we asked about:
- Problems they had experienced while using pip, and how they solved them (with a focus on what information sources they used)
- How they rate pip's documentation, and what we could do to make the docs more useful
- What documentation (from other projects or languages) they find valuable, and why
### Surveys
We collected documentation feedback via two surveys:
- In our survey that profiled pip users, we asked "What would be your ideal way of getting help with pip?"
- We also published a survey specific to pip's docs:
![TODO](https://i.imgur.com/dtTnTQJ.png)
### Keyword research
We used keyword research tools to understand what words ("keywords") people use when using search engines to troubleshoot pip problems.
### Other research methods
We also:
1. Asked for volunteers to participate in a diary study, documenting their experience solving pip problems. Unfortunately this was not completed due to lack of interest from the community.
2. Asked for user feedback on the pip documentation site:
![TODO](https://i.imgur.com/WJVjl8N.png)
Unfortunatly, we did not gather any useful feedback via this effort
3. [Installed analytics on the pip docs](https://github.com/pypa/pip/pull/9146). We are waiting for this to be merged and start providing useful data.
## Response / results
In total, we:
- Conducted 5 user interviews about pip's documentatation
- Received 141 responses to the question "What would be your ideal way of getting help with pip?"
- Received 159 responses to the documentation survey
In general, we found that pip's documentation is underutilized by the community, with many users not knowing that it exists. Instead, most users turn to common tools (Google, Stack Overflow) to solve their pip problems.
In response to the question "When you have a problem using pip, what do you do?" (multiselect):
- 81.9% of respondends Google it
- 56.9% of respondends search or ask on Stack Overflow
- 33.8% of respondends use pip help from the command line
- **25.6% of respondends go to the pip docs**
- 20.6% of respondends go the the Python Packaging User Guide
- 8.1% of respondends ask on a forum, community board, or chat channel
![TODO](https://i.imgur.com/qlt1b4n.png)
Based on survey results, users find pip's docs:
- Marginally more useful than not useful
- Marginally more clear than unclear
- Not opinionated enough
Common feedback that emerged from both surveys and user interviews includes:
- The documentation performs poorly in search engine results
- The style and layout is dated (note: this feedback was collected before the [new theme was deployed](https://github.com/pypa/pip/pull/9012))
- There is not enough guidance/examples on how to resolve common problems, or achieve specific goals
- The documentaiton information architecture is difficult to navigate (the monolithic structure of the user guide is a problem) and does not prioritise the most useful content
- There should be more instructions specific to each user's different situation (e.g. what operating system they are using)
- The scope of the documentation is unclear
- The documentaton should recognise that pip exists within an ecosystem of other packaging tools
- ["There should be one-- and preferably only one --obvious way to do it."](https://www.python.org/dev/peps/pep-0020/) - i.e. the documentation should provide stronger recommendations
While some users mentioned that video would be helpful, more said that video was too long, or inappropriate for the kind of problems they experience using pip.
Some users mentioned that in person support, forums or chat would be helpful, with many unaware of existing support / community channels.
Several users also noted that improving pip's error messages would reduce the need for better documentation.
From our keyword research we identified seven _query types_: "about pip", "install pip", "uninstall pip" "update pip", "using pip", "errors", and "other".
<details><summary> See keyword research results</summary>
#### About pip
* what is pip
* what is pip in python
* what is pip python
* what does pip mean
* what does pip stand for
* what does pip stand for python
* pip meaning
#### Install pip
* get pip
* python install pip
* install pip
* installing pip
* how to install pip python
* how to install pip
* how to download pip
* how to get pip
* how to check if pip is installed
* install pip mac
* how to install pip on mac
* install pip on mac
* install pip linux
* how to install pip linux
* how to install pip on linux
* how to install pip in ubuntu
* how to install pip ubuntu
* install pip ubuntu
* ubuntu install pip
* pip windows
* install pip windows
* pip install windows
* how to install pip windows
* how to install pip in windows
* how to install pip on windows
* how to pip install on windows
* how to install pip on windows 10
* how to run pip on windows
#### Uninstall pip
* how to uninstall pip
* uninstall pip
* pip uninstall
#### Update pip
* how to update pip
* how to upgrade pip
* pip update
* pip upgrade
* upgrade pip
* how to upgrade pip on windows
#### Using pip
* how to use pip
* how to use pip install
* how to pip install
* how to use pip python
* how to install with pip
* how to run pip
* python how to use pip
* pip install requirements.txt
* pip requirements.txt
* pip freeze
* pip update package
* pip install specific version
* pip upgrade package
* pip uninstall package
#### Errors
* no module named pip
* pip command not found
* pip is not recognized
* 'pip' is not recognized as an internal or external command, operable program or batch file.
* -bash: pip: command not found
* pip is not recognized as an internal or external command
* pip install invalid syntax
#### Other
* how to add pip to path
* how to check pip version
* how does pip work
* where does pip install packages
* pip vs pip3
* where is pip installed
</details>
<br/>
The prevelance of "install pip" queries strongly suggests that the current installation documentation should be improved and that users are searching for solutions specific to their operating system.
The "about pip" queries also suggest that beginners would benefit from documentation that better explains pip basics - e.g. what pip is and what it does.
## Recommendations
Based on our research, we recommend that the pip team:
- Revise the structure of the documentation:
- Break monolithic pages into standlone pages on different subjects, with appropriate meta tags. This will help the docs appear higher in search results for the 81.9% of users who use Google to troublehsoot their pip problems.
- Prioritise most used features (see "[buy a feature](TODO)" results for guidance)
- Add a "troubleshooting" section to the documentation that addresses common questions, explains error messages and tells users where they can find more help
- Provide more context about pip's role in the Python packaging ecosystem by:
- Introducing packaging concepts that users need to understand in order to use pip
- Explaining pip's role/scope within the packaging ecosystem
- Comparing pip to other tools
- Develop a beginner's guide that walks new pip users through everything they need to know to use pip's most basic functonality. This should include addressing concepts outside of pip's scope (e.g. how to open and use a terminal, how to set up a virtual environment), that may block users from being successful
- For each page, (where appropriate), add sections for:
- "tips and tricks" - things to know / gotchas
- "troubleshooting" - possible error messages and recommended solutions. Where appropriate, this should link to content in the troubleshooting section.
- "see also" (links to external resources - e.g. useful stack overflow questions, blog articles, etc.)
- In general, write content that:
- Is opinionated. Prioritize solutions that will work in the majority of cases, while pointing to possible edge cases and workarounds in "tips and tricks", "troubleshooting" and "see also" content
- Uses keywords to increase search results visibility
- Provides instructions for different contexts - e.g. for users on Windows, Linux, MacOSX
- Increases interlinking with external sources, including packaging.python.org
### Suggested site map
Based on the above user iput, we have developed a proposed [site map](https://i.imgur.com/UP5q09W.png) (link opens larger format image) to help guide the redevelopment of pip's documentation in line with the above recommendations.
![TODO](https://i.imgur.com/UP5q09W.png)
<details><summary> See notes for this site map</summary>
#### Node 1.0: Quick reference
*Page purpose:*
- To give pip users a quick overview of how to install pip, and use pip's main functionality
- To link to other (more detailed) areas of the documentation
*Suggested content:*
- Quick installation guide, including how to use a virtual environment. This is neccessary for user who want to install more than one Python project on their machine.
- Common commands / tasks (based on [buy a feature](TODO) data)
---
#### Node 2.0: About pip
*Page purpose:*
- To introduce pip to new users
*Suggested content:*
- Introduce pip as a command line program
- Explain what the command line is and how to use it in different operating systems
- Explain what pip is/does, and what it stands for
- Link to packaging concepts (node 2.1)
- Explain pip's scope (e.g. to install and uninstall packages) and link to other tools (node 2.2)
#### Node 2.1: Packaging concepts
*Page purpose:*
- To introduce packaging concepts for new pip users
*Suggested content:*
- What is a package?
- What types of packages are there? e.g. file types
- What is package versioning / what are requirement specifiers? (note: talk about potential dependency conflicts here)
- Where do I get packages from?
- How should I control how packages are installed on my system (e.g. virtualenv and environment isolation)
- How can I reproduce an environment / ensure repeatability? (e.g requirements files)
- What do I need to know about security? (e.g. hash checking, PyPI name squatting)
- Link to node 2.2 ("pip vs other packaging tools")
#### Node 2.2: pip vs other packaging tools
*Page purpose:*
- To compare pip to other tools with the same scope
- To highlight that pip exists within a _packaging ecosystem_ and link to other packaging tools
*Suggested content:*
- Compare pip to other installation tools - e.g. poetry, pipenv, conda. What are the features, pros and cons of each? Why do packaging users choose one over the other?
- Breifly introduce other packaging projects. Link to https://packaging.python.org/key_projects/
---
#### Node 3.0: Installing pip
*Page purpose:*
- To help pip users install pip
*Suggested content:*
- Refactor current page, ephasising pathways for different operating systems
- Add "tips and tricks", "troubleshooting" and "see also" (link to external resources) sections to provide additional help
---
#### Node 4.0: Tutorials
*Page purpose:*
- To provide a jumping off place into pip's tutorials
*Suggested content:*
- Link to tutorials, including sub pages, where appropriate
#### Node 4.1: Using pip to install your first package
*Page purpose:*
- To help new pip users get started with pip
*Suggested content:*
Step by step tutorial (possibly broken into several pages) that covers:
- Using the command line
- Installing pip (or checking pip is installed)
- Creating/activating a virtual env (use venv for this, but point to alternatives)
- Installing a package
- Showing where the package has been installed
- Deactivating/reactivating virtualenv
- Uninstalling a package
#### Node 4.2: Advanced tutorial - using pip behind a proxy
*Page purpose:*
- To help advanced pip users acheive specific goals
*Suggested content:*
- Step by step tutorial for using pip behind a proxy
NB: other advanced tutorials should be added as identified by the team and/or requested by the community.
---
#### 5.0: Using pip
*Page purpose:*
- To provide a jumping off point for the user guide and reference guide
*Suggested content:*
- Link to each subject in the user guide
- Link to reference guide
#### 5.1: User guide
*Page purpose:*
- To provide users with specific detailed instructions on pip's key features
*Suggested content:*
Break down current user guide into separate pages, or pages linked by subject. Suggested order:
- Running pip
- Installing Packages
- Uninstalling Packages
- Environment recreatiion with requirements files
- sub heading: "pinned version numbers"
- sub heading: "hash checking mode"
- Listing Packages
- Searching for Packages
- Installing from local packages
- Installing from Wheels
- Wheel bundles
- “Only if needed” Recursive Upgrade
- Configuration
- User Installs
- Command Completion
- Basic Authentication Credentials
- Using a Proxy Server (includes link to tutorial)
- Constraints Files
- Using pip from your program
Where possible, each page should include:
- "tips and tricks" for workarounds, common _gotchas_ and edge use cases
- "troubleshooting" information, linking to content in node 6.2 ("Troubleshooting error messages") where applicable
- "see also", linking to external resources (e.g. stack overflow questions, useful threads on message boards, blogs posts, etc.
Note: the following content should be moved:
- Fixing conflicting dependencies (move to node 6.2 - "Troubleshooting error messages")
- Dependency resolution backtracking (move to node 6.2 - "Troubleshooting error messages")
- Changes to the pip dependency resolver in 20.3 (move to node 7.0 - "News, changelog and roadmap")
#### 5.2: Reference guide
*Page purpose:*
- To document pip's CLI
*Suggested content:*
- https://pip.pypa.io/en/stable/reference/
---
#### 6.0: Help
*Page purpose:*
- To provide a jumping off place for users to find answers to their pip questions
*Suggested content:*
- Links to
- 6.1 "FAQs"
- 6.2 "Troubleshooting error messages"
- 6.3 "Finding more help"
#### 6.1: FAQs
*Page purpose:*
- To answer common pip questions / search terms
*Suggested content:*
- What is the difference between pip and pip3?
- Where does pip install packages?
- How can I check pip's version?
- How can I add pip to my path?
- Where is pip installed?
- What does pip stand for?
See [keyword research](TODO) and [popular questions on Stack Overflow](https://stackoverflow.com/search?q=pip&s=ec4ee117-277a-4c5d-a3f5-c921ca6c5da6) for more examples.
#### 6.2: Troubleshooting error messages
*Page purpose:*
- To help pip users solve their problem when they experience an error using pip
*Suggested content:*
For each (common) error message:
- Explain what happened
- Explain why it happened
- Explain what the user can do to resolve the problem
Note: the [ResolutionImpossible](https://pip.pypa.io/en/stable/user_guide/#fixing-conflicting-dependencies) and [dependency resolution backtracking](https://pip.pypa.io/en/stable/user_guide/#dependency-resolution-backtracking)
documentation should both be moved here.
#### 6.3: Finding more help
*Page purpose:*
- To point pip users to other resources if they cannot find the information they need within the pip documentation
*Suggested content:*
- See [getting help](https://pip.pypa.io/en/stable/user_guide/#getting-help)
---
#### 7.0: News, changelog and roadmap
*Page purpose:*
- To share information about:
- Recent changes to pip
- Upcoming changes to pip
- Ideas for improving pip, specifically highlighting where funding would be useful
*Suggested content:*
- [Changes to the pip dependency resolver in 20.3 (2020)](https://pip.pypa.io/en/stable/user_guide/#changes-to-the-pip-dependency-resolver-in-20-3-2020)
- Links to PSF blog posts about pip
- Link to [fundable packaging improvements](https://github.com/psf/fundable-packaging-improvements/blob/master/FUNDABLES.md)
---
#### 8.0: Contributing
*Page purpose:*
- To encourage new people to contribute to the pip project
- To demonstrate that the project values different *types* of contributions, e.g. not just development
- To recognise past and current contributors
*Suggested content:*
- Introduction to pip as an open source project
- Contributors code of conduct
- Recognition of the different types of contributions that are valued
- Credit list of contributors, including pip maintainers
#### 8.1: Development
*Page purpose:*
- To onboard people who want to contribute code to pip
*Suggested content:*
- https://pip.pypa.io/en/stable/development/
#### 8.2: UX design
*Page purpose:*
- To onboard people who want to contribute UX (research or design) to pip
- To share UX knowledge and research results with the pip team
*Suggested content:*
- UX guidelines, and how they apply to the pip project
- Current UX initiatives (e.g. open surveys, interview slots, etc.)
- Previous research and results, including UX artifacts (e.g. personas)
#### 8.3: Documentation
*Page purpose:*
- To onboard people who want to contribute to pip's docs
- To share previous research and recommendataions related to pip's docs
*Suggested content:*
- This guide
- Writing styleguide / glossary of terms - see the [Warehouse documentation](https://warehouse.readthedocs.io/ui-principles.html#write-clearly-with-consistent-style-and-terminology) for an example.
</details>
## Future research suggestions
To continue to improve pip's documentation, we suggest:
- Conducting [card sorting](https://www.nngroup.com/articles/card-sorting-definition/) with pip users to establish the ideal order and grouping of pages
- Regularly reviewing the documentation analytics, to understand those pages which are most/least visited
- Regularly reviewing Stack Overflow to identify questions for the FAQ
- Setting up a mechanism for collecting user feedback while users are on the documentation site

120
docs/html/ux-research-design/2020-research-outputs/mental-models.md Normal file
View File

@ -0,0 +1,120 @@
# Users mental models of pip
## Research question
In order to capture participants mental models of pip and how package management works, we asked participants the following questions:
* In your own words, explain what pip is
* In your own words, explain what happens when pip installs a software package
* In your own words, explain what a Python package dependency is
When we talk about mental models, we talk about “deep” or “shallow” mental models. When a user has a deep mental models of something, their have a deep understanding with a lot of detail, shallow models are the opposite.
In order to evaluate those mental models - do they match the reality of pip and package management - we worked with the maintainers to identify 1) pips behaviours and activities (18 aspects), and 2) the aspects of package dependencies (13), and what a Python package dependency is (10). We then scored participants' answers against those.
## Summary
This analysis focuses on participants with between 2 and 10 years of Python experience.
Participants' understanding of pip is, what it does during an install process, and of package management in general was low, their mental models were shallow.
A positive was while their understanding was low, only 4 participants had factually incorrect understandings of pip, and software dependencies.
Over 90% of participants did not have a deep understanding of what pip is - their understanding of what pip is and does was shallow. It focused on being a Python packager manager, installing packages and managing dependencies.
The most in depth answer included 9 of the 18 identified aspects. The median was 2.
Participants had a slightly deeper understanding of what happens during a pip install process. The most in depth answer included 7 of the 13 identified aspects. The median was 3. Answers focused on resolving dependencies, finding possible package names, downloading assets, installing the package.
Participants' understanding of software dependencies was again shallow - the most in depth answer included 8 identified aspects. The median was 3. Answers focused on the fact that software dependencies were a result of code reuse, that constraining package versions reduced the possibility of dependency conflicts.
## Recommendations
Its difficult to know what to recommend. Some ideas:
* Question: Is it actually necessary for users to know everything that pip is doing?
* Better documentation:
* describing the “blocks of functionality” that pip carries out and how to deal with them when it breaks
* Curating package manager training and help
* Improving pip output to expose the different pip functionality blocks
## Results
The full data is available in[ this spreadsheet](https://docs.google.com/spreadsheets/d/1HBiNyehaILxhzZKWcBavkKXDzJr6gIt_Y8Jm8RRgJYg/edit#gid=0).
### In your own words, explain what pip is - selected quotes
#### Examples of deep understanding
_pip is a standard command-line tool for managing python packages. It has three primary functions: (1) obtaining & caching python packages and/or their dependencies from a repository (typically pypi), (2) building (if needed) and installing python packages--and related dependencies--to a 'site-packages' location in the python path, and (optionally) (3) uninstalling previously-installed packages. \
_
-- Participant 242608909, Scientist, Professor in the Earth and Atmospheric Sciences Department, using Python for 7 - 10 years
_Pip is a package management system for python. Kind of like apt in linux, it can be used to install packages in public or private repositories into the current version or environment of Python that invoked the pip command. \
_ \
-- Participant 240364032, Professional software developer using Python for 7-10 years
_ \
\
\
\
\
pip allows to install/update remove python libraries in your environment. pip manage the library. you will need something else to manage your environment. To use it the easiest is pip install `package-name` I recommend using a requirements.txt and add as you go the library and do pip install -r requirements.txt each time. it avoid to forget a library at the end of the project :) \
\
_-- Participant 241178995, Data scientist working in software engineering
#### Examples of shallow understanding
_python's npm/cargo/opam... dedicated package manager and ecosystem for python libraries and applications \
_
-- Participant 240306262, Self-taught Python creative artist and web developer, using Python for 5-6 years
_A tool to download & install packages and resolve dependencies. I see it in the same area as yum, zypper or apt-get install in the Linux world. \
_
_-- _Participant 240306204, Using Python for scientific research and data analysis for 3 - 4 years
_Pip is the tool primarily used in the Python community to install packages. ("Package" means two different things in Python; it can be a target of the `import` statement that includes modules and other packages, or it can mean a collection of code with a defined interface that can be installed for reuse. I'm referring to the second thing here.) Pip's implementation defines what it means for a package to be installed in a Python environment. Any other tool that wishes to install software into a Python environment (e.g. conda) must match Pip's implementation. \
_
-- Participant 240313922, Computer security researcher at a university, using Python for 7-10 years
### In your own words, explain what happens when pip installs a software package.
#### Examples of deep understanding
_I think pip looks up package "tea" in the repository of packages (PyPI by default, but can be changed). If it doesn't find it, it gives an error. If it exists, it downloads some information about the package, like what form it exists in. This can be a wheel, or a package that needs to be built. If it is a wheel, it checks the dependencies and installs them, then it installs the wheel (not sure what this means, probably it extracts it). The wheel is specific to a python distribution and base OS, so it might be available on certain platforms but not others. If it is a package that needs to be built, pip downloads the package source (or clones the repository), and runs setup.py, which installs dependencies and other packages, then the package itself. I forgot to mention that before installing there is some check for checking compatibility of the version required and the versions required by other packages._
-- Participant 240426799, Scientific researcher - data analysis and computer vision models, using Python for 5-6 years
_pip searches for a package source (and for me uses the default, so Pypi), then ask the package source for a package with the given name and versions (if specified), then if the package is available download the package in the most appropriate format (depending on my platform), then unzip the package and runs the installer (most probably calls setuptools with the included setup.py file) which will perform the required installation steps. This installation process may contain dependencies (typically specified in setup.py), which will trigger the same process for the dependencies, and so on until all dependencies are installed (if everything is OK)._
-- Participant 240670292, Software developer industrial systems control, using Python for 5-6 years
_Pip checks PyPI (default package index, assuming that wasn't overridden) for the package matching `tea`. It uses the various specifiers (eg. OS compatibility, Python compatibility, etc) to find the latest version of `tea` compatible with my system. Within that version, it finds the best possible installation match (eg. a `wheel`, if supported on my system and my version of `pip` contains the relevant versioned support [eg. most recently manylinux2010], potentially falling back all the way to a source distribution). After downloading the relevant distribution, it performs the same operations recursively up the dependency chain as specified by the `install_requires` of the `setuptools.setup()` method. After grabbing all relevant packages, it performs the installations as specified in their setup methods -- generally, this involves extracting python files to specific system paths, but various levels of complexity may be added as need be such as compilations, system library bindings, etc. I believe the new resolver changes the above by performing all the lookups simultaneously (eg. by building and solving a dependency graph rather than traversing incrementally) but have not yet read the PEP to learn more. I've answered the above with setuptools in mind -- I believe there was a step added recently to check pyproject.toml first to allow for alternate systems here, but I find the added customization to be a net negative to the ecosystem and have not yet played with it -- the entire Poetry/Pipenv/Pipfile.lock/Flit thing just seems to be adding unnecessary complexity; users who know what they're doing have solved all these issues years ago for their packages and users who find the porcelain makes their lives easier are likely going to run into UX trouble no matter the veneer._
_-- _Participant 241463652, Using Python for 5-6 years
_pip accesses the tea package from pypi (guessing that's where, online at least) and downloads a copy of the files into my local venv_
-- Participant 243434435, Data analysis & machine learning, using Python for 1-2 years
_Looking up the latest version of of the package from pypi_
-- Participant 243897973, Software testing/writing automated tests using Python 3 - 4 years
Download, unpack, sometimes compile a module for my target arch
-- Participant 243428875, System administration using Python 7 - 10 years

59
docs/html/ux-research-design/2020-research-outputs/override-conflicting-dependencies.md Normal file
View File

@ -0,0 +1,59 @@
# Providing an override to install packages with conflicting dependencies
## Problem
Currently, when a user has dependency conflicts in their project they may be unaware there is a problem, because pip will install conflicting packages without raising an error.
The new pip resolver is more strict and will no longer allow users to install packages that have conflicting dependencies.
As a result, some users may feel that newer versions of pip are "broken" when pip refuses to install conflicting packages.
For this reason, the pip team wanted to know if they should provide an override that allows users to install conflicting packages.
## Research
We published a survey with the following introduction:
```
Imagine you have packages tea and coffee:
tea 1.0.0 depends on water <1.12.
coffee 1.0.0 depends on water>=1.12
Installing tea 1.0.0 and coffee 1.0.0 will cause a conflict because they each rely on different versions of water - this is known as a "dependency conflict".
The pip team has recently changed the way that pip resolves dependency conflicts. The new implementation is stricter than before: pip will no longer install packages where there is a dependency conflict - instead it will show an error.
The purpose of this survey is to gather feedback on providing a way to override this behaviour.
All questions are optional - please provide as much information as you can.
```
We then asked users:
- If pip should provide an override that allows users to install packages when there are dependency conflicts
- Why they answered yes or no
- For users that answered yes, we asked:
- When they would use the override
- How often they would use the override
- How easy it would be to find a workaround, if pip did not provide an override
- What syntax they prefer
## Response
In total, we received 415 responses to the survey.
An overwhelming majority (>70%) of respondents indicated that they want some kind of override that allows them to install packages when there are dependency conflicts. Despite desiring this feature, most respondents said if it exists they would use it "not often" — this indicates that it is an advanced feature that is not critical to day-to-day usage. Nevertheless, because it would be difficult or very difficult to find a workaround (>60%), we suggest that pip should offer a override feature (see recommendations, below).
Over half of the respondents said that `pip install tea coffee --ignore-conflicts` was the most ideal syntax for this command when installing multiple packages at once with a conflicting dependency. When using the `pip install —-ignore-conflicts` command, a majority (>48%) of respondents said they would prefer pip to install to the most recent version of the conflicted dependency.
Most respondents suggested that installing the latest version by default is safer, because it could include security fixes or features that would be difficult to replicate on their own. They also trust that dependencies will be largely backwards-compatible. However, they said it was very important that it is necessary to have a way to override this default behavior, in case they need to use an older version of the conflicted package.
## Recommendations
Based on this research we recommend that the pip team:
- Implement an `--ignore-conflicts` option, that allows users to install packages with conflicting dependencies
- Ensure that `--ignore-conflicts` installs the most recent version of the conflicting package. For example, for conflicting package water<1.1.2 and water1.1.2, pip should prefer to install water1.1.2.
- Allow users to override this default behavior by specifying the version of the conflicting packages. For example, `pip install tea coffee water==1.1.1 --ignore-conflicts`
- Warn users that they used the `--ignore-conflicts` flag and that this may cause unexpected behavior in their program

383
docs/html/ux-research-design/2020-research-outputs/personas.md Normal file
View File

@ -0,0 +1,383 @@
# pip personas
## Research question
From early interviews with pip users, and from desk research into the different communities that use Python, it was our expectation that there were large communities who were not professional software developers. For example the SciPy library is widely used in the science and engineering communities for mathematical analysis, signal and image processing.
Based on this we expected a lot of these users would have different expectations, challenges and needs from pip.
Our hypothesis was that:
1. Python users fall into 3 main user types - a software user, a software maker and a software/package maintainer
2. That the majority (over 60%) would define themselves as Python software users
3. That the minority would define themselves as Python software maintainers
### Usertype definitions
During the research we've met different user types in the Python community. The 3 types of Python users, we proposed were:
#### The Python Software User
“I use Python software mainly as a tool to help me do what I want to do. This might be running scientific experiments, making music or analysing data with Python software I install with pip. I don't write Python software for others.”
#### The Python Software Maker
“I use the Python software language and Python software packages to make software for others, mostly for other people. An example might be - building web applications for my customers. To make this web application I might use the Django framework, and a number of Python packages and libraries.”
#### The Python Package Maintainer
“I spend a lot of my time creating Python software packages and libraries for other people to use in the software they make. I might make Python packages and libraries and then publish them on pypi.org or other software repositories.”
## Summary
During our research we found that these user types did fit with participants' sense of their usage of Python. Participants did not identify significantly different Python user types when asked.
Each of these user types is a spectrum. Some Python users after time, and with experience/training, a need to use code more than once, started to make their own Python software.
Identifying as one of these user types does not preclude users from also being another user type. Python users were more likely to Python software makers, but rarely Python software maintainers.
Most (86%) participants identified as being a Python software user. This ranged a) from using Python applications - SciPy, Scikit-Learn - as a tool, with no knowledge, or interest to do more, to b) more advanced usage of Python involving modifying others code/scripts, possibly using libraries to create code specifically for their needs.
75% identified as a Python software maker - as with Python software user, this ranged from writing basic scripts, code, to being a professional software developer.
Only 40% identified as a Python software maintainer - the activities of a maintainer were seen as only available to someone who had many years of Python experience, was heavily involved in a particular package or application, or did it as part of their job.
## Recommendations
### Provide documentation recommending “best/recommended ways”
The majority of participants were using Python as a tool, as a participant said “_it's a broad general purpose language designed to get stuff done.” _
The majority of participants - scientists, product/electronic engineers, data analysts, nuclear physicists - used Python for their work - they may write Python software, for themselves, possibly for colleagues. A small number will be maintainers of widely used Python packages.
As a result they are not classically trained software developers and so may not have “the right” understanding of important software programming concepts.
Users of all types, and experience struggled with knowing the “right” way to do something. They often spoke about the “recommended way” to do something - to start a new project, to make a package”, quoting one “as a new comer, it's not easy to figure out what should be in the right way to structure a _setup.py_ or _pyproject.toml_. There is a good guide, but it's not easy to figure out what to use. I wish there was a guide like Make an application (or library) in 30 minutes.”
## Results
### I am a Python software user
As expected, almost all participants identified as a Python software user (86%). This was the most fundamental user type - both trained software developers and those who came to Python as a result of their job were users.
Non-software developer users identified Python as a language to get stuff done -
“_Almost everyone falls into the user (category) - thats the target. It's not an obscure language that's meant for specific domains - it's a broad general purpose language designed to get stuff done._
_It's used by many who don't know other languages, they just need a language to get what they're doing finished._“ -- Participant 240312164
However, “using Python software” meant different things depending on who you ask - participants identified as a Python software user on a spectrum.
<table>
<tr>
<td>
</td>
<td>
</td>
</tr>
<tr>
<td><strong>I am a Python software user</strong>
</td>
<td>Number of responses
</td>
</tr>
<tr>
<td>I agree
</td>
<td><p style="text-align: right">
50</p>
</td>
</tr>
<tr>
<td>I disagree
</td>
<td><p style="text-align: right">
4</p>
</td>
</tr>
<tr>
<td>I have no opinion
</td>
<td><p style="text-align: right">
11</p>
</td>
</tr>
<tr>
<td>I strongly agree
</td>
<td><p style="text-align: right">
70</p>
</td>
</tr>
<tr>
<td>I strongly disagree
</td>
<td><p style="text-align: right">
4</p>
</td>
</tr>
<tr>
<td><strong>Grand Total</strong>
</td>
<td><p style="text-align: right">
<strong>140</strong></p>
</td>
</tr>
</table>
<p id="gdcalert1" ><span style="color: red; font-weight: bold">>>>>> gd2md-html alert: inline image link here (to images/image1.png). Store image on your image server and adjust path/filename/extension if necessary. </span><br>(<a href="#">Back to top</a>)(<a href="#gdcalert2">Next alert</a>)<br><span style="color: red; font-weight: bold">>>>>> </span></p>
![alt_text](images/image1.png "image_tooltip")
<span style="text-decoration:underline;">Low end of the spectrum</span>
Python software applications were identified by some as a tool they use to do their “actual work - the scientist, the data analyst, the engineer, the journalist.
Here, they were “using” Python applications like SciPy, PsychPi, NumPy, to run scientific experiments, to gather data, to analyse data, with the objective of creating knowledge to make decisions, to identify what to do next.
These were users who 1) who were new to Python software, 2) came across these Python applications in their profession, and used them as tools.
They describe NumPy, or SciPy as a Python software application in itself, analogous to being a Windows user, or a Mac user.
These users are not “classically trained programmers” as one participant identified themselves. As a result, they may not have the training, or knowledge about programming concepts like software dependencies. When they are expected to deal with complex or confusing error messages or instructions they have problems, often stopping them.
<span style="text-decoration:underline;">High-end of the spectrum </span>
Python users who “move up the spectrum” to more advanced Python usage had been using Python for longer periods - many years.
Again they may not have been classically trained developers, but through exposure - from work colleagues and their own usage - they started to experiment. This experimentation was in the form of modifying others scripts, taking classes, reading books so they could use code for other purposes.
This was _making_ software - this software could be used by them as part of their day-job, but it could also be used by many others.
We asked participants to explain the progression on this user spectrum - what is the difference between a user and a maker? \
\
Participants spoke about “are you working on something reusable or are you using the tools to achieve a one time task?“
_“I didn't have classic software development training, more statistical analysis experience. I was clueless to the idea that it was a repository that anyone could upload packages to and become a maintainer.” -- _Participant _240396891 _Data scientist at an applied research lab using Python do to network traffic analysis/parsing or Machine Learning_._
_“Firstly I use my own software written in Python, I use Python libraries from pip. I use Django, Flask, libraries like requests.”_ -- Participant 240302171
\
_I write a lot of Python code that relies on the code of others. I'd go nowhere without Matplotlib, Numpy, Jypter, etc. One of my favourite things to do use Itertools library is for "[Advent of code](https://adventofcode.com/2019/about)".[ ](https://adventofcode.com/2019/about)_
_“I am not a classically trained programmer, so it's a great way for me to learn and keep current in techniques. Not being a classically trained programmer, in some cases it detracts, I have a reasonable knowledge of the way to use hashes, but if I wanted to change Python's hash I'd have to read books. I can find information out there.” \
_-- Participant 240312164, Nuclear physicist using Python for computer simulations, designing experimental methods
###
### I am a Python software maker
Being a “Python software maker” was a natural progression for some Python users, particularly those who had software development training - either on the job, personal learning or formal education. This training was important to understand fundamental programming concepts.
As discussed earlier, some participants identified as “advanced” Python users, using Python software to modify or create other software. These users were likely to progress onto being software makers.
55% of participants who identified as a software maker had between 5-20+ years of experience with Python. Only 18% of software makers had less than 2 years of experience.
<p id="gdcalert2" ><span style="color: red; font-weight: bold">>>>>> gd2md-html alert: inline image link here (to images/image2.png). Store image on your image server and adjust path/filename/extension if necessary. </span><br>(<a href="#">Back to top</a>)(<a href="#gdcalert3">Next alert</a>)<br><span style="color: red; font-weight: bold">>>>>> </span></p>
![alt_text](images/image2.png "image_tooltip")
We did not ask these participants about the “quality” of the software they created, but apart from the professional software developers, the opinion of these users was they were not software developers.
<table>
<tr>
<td><strong>I am a Python software maker</strong>
</td>
<td>
</td>
</tr>
<tr>
<td><em>Choose the option that most closely matches your situation:</em>
</td>
<td>Number of responses
</td>
</tr>
<tr>
<td>I agree
</td>
<td><p style="text-align: right">
50</p>
</td>
</tr>
<tr>
<td>I disagree
</td>
<td><p style="text-align: right">
9</p>
</td>
</tr>
<tr>
<td>I have no opinion
</td>
<td><p style="text-align: right">
14</p>
</td>
</tr>
<tr>
<td>I strongly agree
</td>
<td><p style="text-align: right">
56</p>
</td>
</tr>
<tr>
<td>I strongly disagree
</td>
<td><p style="text-align: right">
10</p>
</td>
</tr>
<tr>
<td><strong>Grand Total</strong>
</td>
<td><p style="text-align: right">
<strong>140</strong></p>
</td>
</tr>
</table>
Making software was as defined earlier as “are you working on something reusable or are you using the tools to achieve a one time task?“
_“I'm using Python software and libraries to make this product I'm working on, it's foundation is based on Python, with React, D3 and all built on Python. The cloud assets are Python and testing is Python.” -- _Participant 240315927, a professional IT developer building a Python based data analysis application
_“I make software in Python. My day job is making software in python. Mainly Django web design. I work for a retail company, where I write calculating orders, creating data in other inventory management systems. Data analysis.” -- _Participant 240393825
“_I have written software, sometimes for business and personal reasons. At one point I worked on a django website project, that was being used by 1000s of people. I don't think any of my live projects are based._
_Most of it is for sysadmin, automation. I lke to use python instead of shell scripting. I manage a server with wordpress sites. I wrote a script to update these sites, mailman list and sql DB management, and for different utilities.” -- Participant 240313542_
_“I use Python for creating things - like outputs for data scientist, software engineer. I make software to look at patterns, and analyse stuff. I think I'm a maker because someone else is using - they are colleagues. Usually its non-technical colleagues. I produce outputs - make data understandable. They use the results, or a package it behind a flask app. Or analyse graphs. -- _Participant 240426799
###
### I am a Python software maintainer
The Python software/package maintainer user type was seen as requiring a significant amount of time and experience - domain experience as the software could be very specific (e.g. SciKit Learn, SciPy, etc), technical/coding experience, and experience in the community. You need to have spent time in doing the other jobs, before you could become a maintainer.
For large projects it was seen as necessary to have core code contributors, and maintainers. Maintainers did not always write code - they could be more involved with technical architecture, technical design, than writing code.
An aspect of the software maintainer role that wasnt mentioned a lot was the community management aspect.
<p id="gdcalert3" ><span style="color: red; font-weight: bold">>>>>> gd2md-html alert: inline image link here (to images/image3.png). Store image on your image server and adjust path/filename/extension if necessary. </span><br>(<a href="#">Back to top</a>)(<a href="#gdcalert4">Next alert</a>)<br><span style="color: red; font-weight: bold">>>>>> </span></p>
![alt_text](images/image3.png "image_tooltip")
<table>
<tr>
<td><strong>I am a Python package maintainer</strong>
</td>
<td>
</td>
</tr>
<tr>
<td>
</td>
<td>Number of responses
</td>
</tr>
<tr>
<td>I agree
</td>
<td><p style="text-align: right">
39</p>
</td>
</tr>
<tr>
<td>I disagree
</td>
<td><p style="text-align: right">
24</p>
</td>
</tr>
<tr>
<td>I have no opinion
</td>
<td><p style="text-align: right">
20</p>
</td>
</tr>
<tr>
<td>I strongly agree
</td>
<td><p style="text-align: right">
18</p>
</td>
</tr>
<tr>
<td>I strongly disagree
</td>
<td><p style="text-align: right">
38</p>
</td>
</tr>
<tr>
<td><strong>Grand Total</strong>
</td>
<td><p style="text-align: right">
<strong>140</strong></p>
</td>
</tr>
</table>
_“You can become a maintainer once you get past a certain level of experience.”_
-- Participant 240278297
_“To be a package maintainer, you'd have to spend a lot of time fixing issues, e.g. your package is on Github and you'd be looking at issues, reviewing PRs, writing documentation. A package maintainer is someone heavily involved in the project. They deal with more support calls, they do more thinking about issues to get your package into multiple environments. That's the good thing about the Python community - I was trying to use a Python package but there was an issue with the documentation. I said, there's a better way of doing this example. They answered and said "great, do you want to do it? Doing package maintaining, it doesn't interest me, I don't have time for it really - if I have a specific issue I will focus on it. It'd be nice (to do more).” \
-- _Participant 240278297, professional Python software developer
_“I am a core developer of scikit-learn, I spend time writing code. These days strictly speaking - writing code is the least thing I do - mostly I do reviews of other people's code. There is a lot of API design work, it can translate into writing code. I may be the one writing the code or not. I am involved with the CI every now and then. [...] I have been the release manager for the last 2 releases. There are different types of maintainer - writing code maintainers, but you do need core devs writing code. But being a maintainer and building a community -that is about communication and PRs, and mentoring people.“_ \
-- Participant 240306385, core maintainer of SciKit-Learn

97
docs/html/ux-research-design/2020-research-outputs/pip-force-reinstall.md Normal file
View File

@ -0,0 +1,97 @@
# pip --force-reinstall
## Problem
Currently, when `pip install [package-name] --force-reinstall` is executed, instead of reinstalling the package at the version previously installed, pip installs the package at the newest version available.
i.e. `pip install [package name] --force-reinstall` acts as `pip [package name] --upgrade`
We want to find out if users understand (or desire) this implicit behaviour.
More information can be found on [this GitHub issue](https://github.com/pypa/pip/issues/8238).
## Research
To help us understand what users want from the `--force-reinstall` option, we launched a survey with the following scenario:
```
You have the requests package and its dependencies installed:
requests==2.22.0
asgiref==3.2.10
certifi==2020.6.20
chardet==3.0.4
Django==3.1
idna==2.8
pytz==2020.1
sqlparse==0.3.1
urllib3==1.25.10
You run 'pip install requests --force-reinstall'. What should happen?
```
Respondents could choose from one of the following options:
- pip reinstalls the same version of requests. pip does not reinstall request's dependencies.
- pip reinstalls requests and its dependencies, updating all these packages to the latest compatible versions
- pip reinstalls requests and its dependencies, keeping every package on the same version
- pip reinstalls requests, updating it to the latest version. pip updates request's dependencies where necessary to support the newer version.
- I don't know what pip should do
- I don't understand the question
- Other (allows respondent to provide their own answer)
We also asked how useful `pip --force-reinstall` is, and how often it is used.
## Response
In total we received 190 responses to our survey, with 186 people telling us what pip should do when the `--force-reinstall` option is executed.
![](https://i.imgur.com/yoN02o9.png)
- **31.7%** (59/186) of respondents said that pip should reinstall requests and its dependencies, keeping every package on the same version
- **28%** (52/186) of respondents said that pip should reinstall requests, updating it to the latest version, with pip updating request's dependencies where necessary to support the newer version.
- **15.6%** (29/186) of respondents said that pip should reinstall requests and its dependencies, updating all these packages to the latest compatible versions
- **14%** (26/186) of respondents said that pip should reinstall the same version of requests, and not reinstall request's dependencies
If we group responses into "uprade" or "do not upgrade" (ignoring responses that could not be grouped), we find:
- 46.32% (88/186) of respondents thought that pip should install the same version of requests - i.e. that `--force-reinstall` should *not* implicitly upgrade
- 43.16% (82/186) of respondents thought that pip should upgrade requests to the lastest version - i.e that `--force-reinstall` *should* implicitly upgrade
Most respondents use `--force-reinstall` "almost never" (65.6%):
![](https://i.imgur.com/fjLQUPV.png)
![](https://i.imgur.com/Xe1XDkI.png)
Amongst respondents who said they use `--force-resinstall` often or very often:
- 54.54% (6/11) of respondents thought that pip should install the same version of requests - i.e. that `--force-reinstall` should *not* implicitly upgrade
- 45.45% (5/11) of respondents thought that pip should upgrade requests to the lastest version - i.e that `--force-reinstall` *should* implicitly upgrade
Respondents find `--force-reinstall` less useful than useful:
![](https://i.imgur.com/6cv4lFn.png)
![](https://i.imgur.com/gMUBDBo.png)
Amongst respondents who said they find `--force-resinstall` useful or very useful:
- 38.46% (20/52) of respondents thought that pip should install the same version of requests - i.e. that `--force-reinstall` should *not* implicitly upgrade
- 50% (26/52) of respondents thought that pip should upgrade requests to the lastest version - i.e that `--force-reinstall` *should* implicitly upgrade
## Recommendations
Given that this option is not regularly used and not strongly rated as useful, we recommend that the development team consider removing `--force-reinstall` _should they wish to reduce maintenance overhead_.
In this case, we recommend showing the following message when a user tries to use `--force-reinstall`:
> Error: the pip install --force-reinstall option no longer exists. Use pip uninstall then pip install to replace up-to-date packages, or pip install --upgrade to update your packages to the latest available versions.
Should the pip development team wish to keep `--force-resintall`, we recommend maintaining the current (implicit upgrade) behaviour, as pip's users have not expressed a clear preference for a different behaviour.
In this case, we recommend upgrading the [help text](https://pip.pypa.io/en/stable/reference/pip_install/#cmdoption-force-reinstall) to be more explicit:
Old help text:
> Reinstall all packages even if they are already up-to-date.
New help text:
> Reinstall package(s), and their dependencies, even if they are already up-to-date. Where package(s) are not up-to-date, upgrade these to the latest version (unless version specifiers are used).

213
docs/html/ux-research-design/2020-research-outputs/pip-logo.md Normal file
View File

@ -0,0 +1,213 @@
# Design brief for pip logo
**PART 1: The pip logo should be**
**Overall**
- **A balance of youthfulness (27.5%) and maturity (25.1%)**
- **Playful (31.5%) over sophisticated (20.3%)**
- **Abstract (34.9%) over literal (18.5%)**
- The visual inspirations and references submitted correspond with these above results.
**Mature or youthful?**
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Screen_Shot_2020-11-19_at_16.30.05.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Screen_Shot_2020-11-19_at_16.30.05.png)
1. Very mature
2. Mature
3. Neutral
4. **Youthful**
5. Very youthful
**Playful or sophisticated?**
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Screen_Shot_2020-11-19_at_16.30.39.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Screen_Shot_2020-11-19_at_16.30.39.png)
1. Very playful
2. **Playful**
3. Neutral
4. Sophisticated
5. Very sophisticated
**Literal or abstract?**
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Screen_Shot_2020-11-19_at_16.31.00.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Screen_Shot_2020-11-19_at_16.31.00.png)
1. Very literal
2. Literal
3. Neutral
4. **Abstract**
5. Very abstract
**PART 2: How do you view pip?**
**1.** **If you had to describe pip to someone who doesn't know what it is, what would you say?**
Total responses: 214
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Screen_Shot_2020-11-24_at_12.28.15.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Screen_Shot_2020-11-24_at_12.28.15.png)
*Top 10 words used for description*
**by Frequency (times)**
1. python 137
2. package 122
3. python package 56
4. package manager 44
5. tools 37
6. pip 32
7. python package manager 15
8. python library 8
9. python package installer 6
10. package management tools 3
**Description of PIP:**
**Nouns** *Pip is*
- a manager, an installer, a librarian, a bee, a software, a program, a tool, a thing, a dog, a magic spell, a way, B, ACME, a buyer, a chain, an Italian chef, a CLI, the developer version of app store, the Etsy of Python software, the Play Store of Python, a command line, a vending machine, magic, savior, a 'packagist', a personal assistant, a source, a keeper (of package), the go-to place, the smart kid
**Verbs** *that*
- install, manage and fetch (package), organize, download, load, resolve (dependencies), maintain, ease (pain), remove, centralize (libs), bring, deliver and provide (access to packages), distribute (libs and apps), improve (Python), take care (of dependencies),
**Adjectives / Adverbs** *and is*
- must-have, slow, smart, capable, automated, default, heroic, standard, important, enormous, easiest, most common,
- easily, safely, magically, friendly
**Selected quotes:**
"A tool to ease pain"
"A very smart dog capable of fetching anything. Or the accio spell if they're a Harry Potter nerd."
"NOT Gladys Knight's backup singers"
"Automated buyer of your shopping list"
"...an Italian chef pops into your kitchen with all the ingredients and recipes"
"Unlock the potential of python"
"Your window to the Python world"
**2.** **If pip was an object, person or animal, what or who would it be?**
**Total responses: 210**
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Screen_Shot_2020-11-24_at_13.10.29.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Screen_Shot_2020-11-24_at_13.10.29.png)
Top 50 words used
**Top 10 words used - by Frequency (times)**
1. Snake 35
2. Python 20
3. Pip 19
4. Bird 12
5. Package 12
6. Owl 5
7. Librarian 5
8. Snake charmer 4
9. Elephant 3
10. Magpie 2
11. Delivery guy 2
**Object:** robot, robot's arm, rack, drawer, pneumatic tube, conveyor belt, beverage dispenser, pipe, box, crane, crate, gift package, house, mine cart, die, string, rubber band, tank truck, tap, toolbox, well, cargo boat, door, container, block, flute, card catalog, library index, lorry, trolley, trowel, vending machine, wrench
**Person:** delivery guy, librarian, butler, hobbit, snake charmer, magician, bricklayer, electrician, lifter, herpetologist, Chef de cuisine, handyman, a pipsqueak - [Edward Elric](https://fma.fandom.com/wiki/Edward_Elric), plumber, shepherd, waiter, facilitator, warehouse manager, Greg, [Joe MacMillan](https://haltandcatchfire.fandom.com/wiki/Joe_MacMillan), postman, store keeper, construction worker,
**Animal:** snake, delivery snake, baby snake, baby python, python, chameleon, chicken, cobra, ****elephant lizard, cat, kitten, squirrel, piggy, mouse, mole, octopus, mule, badger, bee, beaver, [Monty Python rabbit,](https://www.google.com/search?q=monty+python+rabbit&rlz=1C5CHFA_enVN761VN761&source=lnms&tbm=isch&sa=X&ved=2ahUKEwi_mYiLlpvtAhWtzIUKHUc0CdIQ_AUoAXoECCMQAw&biw=1920&bih=921) spider, dog, pug, puppy, Golden Retriever, donkey, hippo, horse, platypus, honey badger, penguin, a variety of birds including owl, magpie, parrot, crow, sandpiper
**Other:** python's skin, heart beat, root, snake egg, Prometheus (the app), [The Blue Racer](https://en.wikipedia.org/wiki/The_Blue_Racer), super market, beehive,
**Selected quotes:**
"A crow, or any kind of bird that collects shinnies for their nest. The logic is that people use it to fetch things to improve their scripts/programs, and a crow does the same for it's nest"
"A magpie, gathering up shiny baubles."
"A dog that always has your back but sometimes goes off on its own and makes mistakes you didnt want it to !"
"A mail/package carrier who is a snake, obviously!"
"Mom (knows where things are located) 😬"
"A peppy and very smol animal (intentionally spelling small as 'smol' because memes). Maybe a big-eyed baby snake? Maybe a cute koala or something with a snake wrapped around its ankle?"
"an eight-armed raccoon (or other beastie who's inclined to grab stuff)?"
- Some say there is no need to present pip as a person or an animal, object is a better choice.
**PART 3: Inspiration**
**Please list any logos that you think could act as inspiration for the pip logo**
**Total responses: 115**
- Python-related
- Fedora Linux, Git, Node.js, Postman
- Conda logo
- Coverage tool logo
- Coveragepy Snake
- Anything with fruits
- Dropbox
- Figma
- Garden
- Firefox
- Github
- Docker logo
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Docker_logo_011.0.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Docker_logo_011.0.png)
- Bower logo
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/bower.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/bower.png)
- Go gopher
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/go.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/go.png)
- Hadoop
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/1024px-Hadoop_logo.svg.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/1024px-Hadoop_logo.svg.png)
- Jenkins
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/jenkins-ci_512.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/jenkins-ci_512.png)
- Lacoste
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/download.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/download.png)
- Snyk dog
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/1_1BpMZNLrn4wThTOQWduXrw.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/1_1BpMZNLrn4wThTOQWduXrw.png)
- Tux the Linux penguin
**Submitted links**
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/artboard_4.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/artboard_4.png)
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/image.jpeg](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/image.jpeg)
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Screen_Shot_2020-11-24_at_13.21.11.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Screen_Shot_2020-11-24_at_13.21.11.png)
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/col348.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/col348.png)
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/trowel-icon-trendy-logo-concept-white-background-construction-collection-suitable-use-web-apps-mobile-print-media-131181843.jpg](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/trowel-icon-trendy-logo-concept-white-background-construction-collection-suitable-use-web-apps-mobile-print-media-131181843.jpg)
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/800px-Charmeur_de_serpents_a_Jaipur_(2).jpeg](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/800px-Charmeur_de_serpents_a_Jaipur_(2).jpeg)
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/download_rpmpackage.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/download_rpmpackage.png)
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/attachment_100462796.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/attachment_100462796.png)
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Blueracercartoon.jpg](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Blueracercartoon.jpg)
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Screen_Shot_2020-11-23_at_18.41.00.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Screen_Shot_2020-11-23_at_18.41.00.png)
![Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Screen_Shot_2020-11-23_at_18.41.11.png](Design%20brief%20for%20pip%20logo%2079fffcb1ff5641af9fb97a70b1a2358b/Screen_Shot_2020-11-23_at_18.41.11.png)

141
docs/html/ux-research-design/2020-research-outputs/pip-search.md Normal file
View File

@ -0,0 +1,141 @@
# Pip search
## Problem
By default, `pip search` searches packages on PyPI.org from the command line. However, the team are [considering removing it](https://github.com/pypa/pip/issues/5216), because they think it's not that useful and using too many resources on PyPI ([PyPI XMLRPC search has been disabled](https://status.python.org/incidents/grk0k7sz6zkp) because of abuse/overuse).
## Research
Prior to PyPI XMLRPC search being disabled, we:
- Gathered feedback on pip search via the "buy a feature" survey
- Published a survey specifically about pip search, asking users about:
- Their current use of pip search
- How useful they find pip search results
- How clear they find pip search results
- Where users expect pip to search (e.g. PyPI vs private index)
- What data pip should search _other_ than project name
- What changes or additions they would make to pip search
## Response
In total, we received 1070 responses to the buy a feature survey, with 541 (50.4%) respondents selecting "Search pypi.org for packages" in their top 10 features.
However, search ranked lower than the following features:
1. Run pip without requiring any user input (e.g. in CI) *718*
2. Show information about all installed packages *707*
3. Show information about a single installed package *596*
We received 302 respones to the pip search survey, with 62 of the 302 (20.5%) respondends either not knowing that the command existed, never using it, or using it "rarely".
We found that the remaining ~80% of respondends who do use pip search use it to:
- Find/search for the right/new/alternate packages to install:
- Checking package name (verify correct spelling)
- Assessing functionality (check a package's description)
- Verifying availability (check if such package exists)
- Search for the latest version of a package (verify version)
- Find package libraries and new modules
In general, pip search is regarded as:
- more useful than not useful
- more clear than not clear
When asked if pip should search on items _other_ than the package name, respondends most commonly asked to search the package description:
![](https://i.imgur.com/lxS2TG6.png)
Some users also mentioned that they would like the search to be configurable, e.g. by passing flags/options.
When asked how they would improve pip search, users said they would improve:
**1. Search methods:**
- fuzzy search and insensitive case should be acceptable
- users should have the option to filter/sort by description, name, tag
**2. Search results:**
- relevancy: the results should show both the exact match and closest match
- order/category: the result should display items in a certain order, e.g highest number of downloads (popularity), development status (last updated/latest version), etc.
- there should be a limited number of search results
**3. User interface:**
- link package to pypi page
- use color coding / system for better clarity
- distinguish exact match search results from others: by highlighting, or using a different color
- indicate version compatibility
## Recommendations
### Deprecation strategy
Given that the [PyPI](https://pypi.org/pypi) search API is currently disabled (as of 1st Jan, 2021) for technical and sustainability reasons, we recommend that the pip team display a clear error message to users who use the command:
```
The PyPI search API has been disabled due to unmanageable load.
To search PyPI, open your browser to search for packages at https://pypi.org
Alternatively, you can search a different index using the --index command.
```
In the longer term, **we recommend that the PyPI team investigate alternative methods of serving search results (e.g. via caching)** that would enable pip search to work again. This recommendation is supported by our research which suggests that many pip users find this functionality useful.
If this is not possible, the pip team should create clear instructions that tells users what to use instead. Some suggestions (based on common user flows) are listed below:
#### Finding a new package based on tags and keywords
This is the most common feature that you would expect from `pip search` and likely the hardest to replace after deprecation.
As mentioned above, the pip CLI should - as soon as possible - hide the full-trace error message present when a user types `pip search`. Instead, pip should show a message that encourages users to use the search index on the website itself (in their browser) by providing a link directly to [https://pypi.org](https://pypi.org). Also, pip should provide a short hint on how to use an alternative index.
```
$ pip search pytest
The PyPI search API has been disabled due to unmanageable load.
Please open your browser to search for packages at https://pypi.org
Alternatively, you can use a different index using the --index command.
pip search pytest --index <URL>
```
In addition, the pip team could implement an alternative to the PyPI search API that works without a hard dependency on a centralized service. Similar to other distribution systems like `apt` and `yum`, the metadata of all package names could be downloaded on the user's machine with an opt-in workflow:
```
$ pip search pytest
Using pip search on the command line requires you to download the index first.
Alternatively, you can open your browser to search for packages at https://pypi.org
Download the index to /System/Library/Frameworks/Python.framework/
Versions/2.7/Resources/Python.app/Contents/MacOS/search.db? (y/n) y
......... done!
<results>
$ pip search pytest
<results>
```
This is a more complex route that will require more engineering time, but can aim to provide command line users with a similar functionality to the old `pip search` command. It can also check the age of the local index and show a warning if it is getting old.
#### Verifying the latest version of a package
Users also use the `pip search` command to find or verify a particular package's version.
As a replacement, the pip team could do either of the following:
1. Extend the `pip show` feature to include known latest versions of the package;
2. Create a `pip outdated` command which scans the current dependency tree and outputs the packages that are outdated (compared to the latest versions on the configured index).
### UX improvements
Should it be possible to continue to support pip search, we strongly recommend the following UX improvements:
- Adding support for [fuzzy search](https://en.wikipedia.org/wiki/Approximate_string_matching), or suggesting alternative/related search terms
- Adding support for case insensitive search
- Searching based on a package's description
- Linking search results to a package's PyPI page (where appropriate)
Other user feedback (as detailed above) should also be considered by the team on a case-by-case basis.

62
docs/html/ux-research-design/2020-research-outputs/pip-upgrade-conflict.md Normal file
View File

@ -0,0 +1,62 @@
# Pip upgrade conflict
## Problem
Currently, pip does *not* take into account packages that are already installed when a user asks pip to upgrade a package. This can cause dependency conflicts for pip's users.
## Research
We published a [survey](https://bit.ly/2ZqJijr) asking users how they would solve the following scenario:
```
Imagine you have package tea and coffee with the following dependencies:
tea 1.0.0 - depends on water<1.12
tea 2.0.0 - depends on water>=1.12
coffee 1.0.0 - depends on water<1.12
coffee 2.0.0 - depends on water>=1.12
You have the following packages installed:
tea 1.0.0
coffee 1.0.0
water 1.11.0
You ask pip to upgrade tea. What should pip do?
If pip upgrades tea to 2.0.0, water needs to be upgraded as well, creating a conflict with coffee...
```
We gave users four choices:
1. Upgrade tea and water. Show a warning explaining that coffee now has unsatisfied requirements.
2. Upgrade coffee automatically to 2.0.0
3. Install nothing. Tell the user that everything is up-to-date (since the version of tea they have installed is the latest version without conflicts).
4. Install nothing. Show an error explaining that the upgrade would cause incompatibilities.
We allowed users to post their own solution, and asked why they came to their decision.
## Response
In total, we received 693 responses, 407 of which included an explanation of why a particular solution was best.
![](https://i.imgur.com/UdBWkaQ.png)
- 497 responses (71.7%) preferred option 4: that pip should install nothing and raise an error message
- 102 responses (14.7%) preferred option 2: that pip should upgrade package_coffee
- 79 responses (11.4%) preferred option 1: that pip should upgrade tea and water
- 15 responses (2.2%) preferred option 3: that pip should install nothing and tell the user that everything is up to date
From the 407 responses that answered "why" a particular solution was best, the following key themes emerged:
- "explicit is better than implicit" - pip should not create "side effects" that the user does not understand, has not anticipated, and has not consented to
- pip should do everything in its power to avoid introducing conflicts (pip should not "break" the development environment)
- Telling the user that everything is up to date (option 3) is misleading / dishonest
- pip could be more flexible by:
- allowing the user to choose how they want to resolve the situation
- allowing the user to override the default behaviour (using flags)
## Recommendations
Based on the results of this research, the pip UX team has made the following recommendations to the development team:
- While the current behaviour exists, [warn the user when conflicts are introduced](https://github.com/pypa/pip/issues/7744#issuecomment-717573440)
- [Change the current behaviour](https://github.com/pypa/pip/issues/9094), so that pip takes into account packages that are already installed when upgrading other packages. Show the user a warning when pip anticipates a depdenency conflict (as per option 4)
- Explore [the possibility of adding additional flags to the upgrade command](https://github.com/pypa/pip/issues/9095), to give users more control

138
docs/html/ux-research-design/2020-research-outputs/prioritizing-features.md Normal file
View File

@ -0,0 +1,138 @@
# Prioritizing features
## Problem
The pip development team is small, and has limited time and energy to work on issues reported via the [issue tracker](https://github.com/pypa/pip/issues). There is also a significant backlog of issues (782 as of November, 2020) for the team to respond to.
For the team to prioritize their work based on what will have the most impact, we need to develop a better understanding of what users want from pip.
## Research
To help answer this question, we developed a "buy a feature" survey, with the following scenario:
```
Help us to understand what's important to you by participating in our "buy a feature" game:
You have an allocated budget of $200 to spend on redesigning pip.
With your $200 budget, "buy" the functionality you'd most like to keep. You don't have to spend the whole $200, but you should also not overspend your budget!
```
We asked users to spend their first $100 on features related to `pip install`, and to spend their remaining $100 on other pip features. We also gave users an additional $10 to suggest a new feature:
![](https://i.imgur.com/2QShgYo.png)
![](https://i.imgur.com/sY8gdXD.png)
![](https://i.imgur.com/hvgjdEG.png)
## Response
We received 1076 responses, 1070 of which were valid. The most popular features included the core competencies of pip:
- Recreating an environment from a list of installed dependencies;
- Install, uninstall, and upgrade packages from a virtual control system, file, or local directory;
- Warn about broken or conflicting dependencies.
### pip install
The top ten features related to pip install were:
![](https://i.imgur.com/1rNIOB7.png)
1. Install and uninstall packages
2. Upgrade packages to the latest version
3. Warn about broken dependencies
4. Install a package from a version control system (e.g. Git, Mercurial, etc.)
5. Install packages as specified in a file
6. Install a package from a local directory
7. Verify downloaded packages against hashes
8. Install packages from an alternative package index, or indexes (default is PyPI only)
9. Install a package from wheels (no need for compiling code)
10. Control where you want your installed package to live on your computer
### Other pip functionality
The top ten features related to other pip functionality were:
![](https://i.imgur.com/xrp9XWw.png)
1. Generate a list of installed packages that can be used to recreate the environment
2. Check that your installed packages do not have dependency conflicts
3. Run pip without requiring any user input (e.g. in CI)
4. Show information about all installed packages
5. Show information about a single installed package
6. Search pypi.org for packages
7. Show information about pip (version information, help information, etc.)
8. Download packages, build wheels and keep them in a directory for offline use
9. Manage pip's default configuration (e.g. by using configuration files)
10. Customise pip's output (e.g. reduce or increase verbosity, suppress colors, send output to a log)
Results varied by the amount of Python experience the user had.
<details>
<summary>See how likely users are to select a feature based on their experience level</summary>
#### Verify downloaded packages against hashes
![](https://i.imgur.com/oVHOGBQ.png)
#### Warn about broken dependencies
![](https://i.imgur.com/uNv2tnG.png)
#### Upgrade packages to the lastest version
![](https://i.imgur.com/pQgCLBO.png)
#### Install packages from an alternative package index, or indexes
![](https://i.imgur.com/E1LnTBt.png)
#### Install packages as specified in a file
![](https://i.imgur.com/87uh4xp.png)
#### Install and uninstall packages
![](https://i.imgur.com/GRsazBy.png)
#### Install packages from a version control system
![](https://i.imgur.com/iW7d0Sq.png)
#### Install a package from wheels
![](https://i.imgur.com/9DMBfNL.png)
#### Install apackage from a local directory
![](https://i.imgur.com/Jp95rak.png)
#### Control where you want your installed package to live on your computer
![](https://i.imgur.com/32fpww2.png)
</details>
## Recommendations
### Environment recreation
Environment recreation is already included in pip as part of the `requirements.txt` feature; however, with it's popularity and demand, we recommend that **pip should improve it's support of this feature.**
- Improve environment recreation user output and help guides directly in the pip CLI;
- Improve pip documentation & user guide to prominently feature environment recreation as a core feature of pip;
- Improve environment recreation process itself by considering virtual environments as a core competency "built-in" to pip.
**Recreating an environment from a list of installed dependencies was the most valued feature request overall** as well as in each user group, *except for those with less than 6 months of experience and those with 16-19 years of experience (for which it was the second most valued).*
When asked to enter a feature request with freetext, users placed the words 'built-in,' 'virtual,' 'automatic,' and 'isolation' alongside the word 'environment,' which suggest that users expect pip to recreate environments with a high level of intelligence and usability.
**Selected direct quotes**
> Make pip warn you when you are not in virtualenv
> Automatic virtual env creation with a command line argument
> Eliminate virtual environments. Just use ./python_modules/ like everyone else
> I would love to see pip manage the python version and virtual env similar to the minicona
> Would spend all my $200 on this: Integrate pipenv or venv into pip so installing an application doesn't install it's dependencies in the system package store. And allow pinning dependency versions for application packages (like how pip-compile does it)
### Dependency management
We recommend that the pip team improve warning and error messages related to dependencies (e.g., conflicts) with practical hints for resolution. This can be rolled out in multiple timescales, including:
- Give hints to the user on how to resolve this issue directly alongside the error message;
- Prominently include virtual environment creation in the documentation, upon `pip install` conflict errors, and if possible as a built-in feature of pip;
- Upgrading the dependency resolver (in progress).
It is clear that dependency management, including warning about conflicting packages and upgrades, is important for pip users. By helping users better manage their dependencies through virtual environments, pip can reduce the overall warnings and conflict messages that users encounter.

322
docs/html/ux-research-design/2020-research-outputs/users-and-security.md Normal file
View File

@ -0,0 +1,322 @@
# Users behaviours and opinions to package and code security
## Research question
We asked participants about their behaviours and practices in terms of the security and integrity of the Python packages they install with pip, and of the software they create.
We asked participants to tell us how often they:
1. carry out a code audit of the Python software they install with pip
2. Think about the security and integrity of the (Python) software they install (with pip)
3. Think about the security and integrity of the (Python) code they create
## Summary
While the security and integrity of the software they install (51%) and they make (71%) is important to research participants, less than 7% of them do code audits of the packages or code they install with pip.
This is due to lack of time to audit large packages, lack of expertise, reliance on widely adopted Python packages, the expectation that pip automatically checks hashes, and reliance of the wider Python community to act as canary in the coalmine.
This behaviour was common across all user types, and baselines of software development experience.
These results - particularly the lack of expertise in auditing packages fits in with the overall findings that the majority of participants, pip users, are not “classically trained” (i.e. having formally learned software development) software developers and so lack the expertise, the formal training in software development practices.
There is a gulf between what the maintainers expect users to think, and worry about, and what the users actually worry and think about. Right now, pip leaves them to “fend for themselves” in terms of providing them with assurance of the software they install. This isnt meant as a criticism, but an observation.
## Recommendations
### Provide package security guidance or auditing mechanism
A small number of participants (3-4) over the research period mentioned the[ NPM audit command](https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities) as an example of a good way to assess package security. It may provide a model for how to approach this user need.
### Automatically check package hashes
pip should by default check packages hashes during install, providing a way for users to turn this behaviour off.
In the case of no hash being available, pip should warn users and provide recommendations for users - from simplest to most advanced.
### Mechanism to report suspicious packages
Users should have a mechanism to report suspicious, or malicious, packages/behaviour. Where this mechanism should exist is open to discussion. The minimum should be a mechanism for users to flag download packages from pypi.org.
### Improve the output of pips activities easier to understand
Right now pips output is overwhelming and while it contains a lot of information, little of it is perceivable to the user - meaning is lost in “the wall of text”.
Pips output must be redesigned to provide users with the right information at the right time.
##
## Results
### Before I install any Python software with pip, I carry out a code audit
The vast majority of participants, 82%, do not (rarely or never) do a code audit of the software packages they install using pip, the reasons are explained below.
<p id="gdcalert1" ><span style="color: red; font-weight: bold">>>>>> gd2md-html alert: inline image link here (to images/image1.png). Store image on your image server and adjust path/filename/extension if necessary. </span><br>(<a href="#">Back to top</a>)(<a href="#gdcalert2">Next alert</a>)<br><span style="color: red; font-weight: bold">>>>>> </span></p>
![alt_text](images/image1.png "image_tooltip")
<table>
<tr>
<td><strong>Before I install any Python software with pip, I carry out a code audit:</strong>
</td>
<td><p style="text-align: right">
<strong>Number of responses:</strong></p>
</td>
</tr>
<tr>
<td>Always
</td>
<td><p style="text-align: right">
3</p>
</td>
</tr>
<tr>
<td>Frequently
</td>
<td><p style="text-align: right">
9</p>
</td>
</tr>
<tr>
<td>I'm not sure what this means
</td>
<td><p style="text-align: right">
5</p>
</td>
</tr>
<tr>
<td>Never
</td>
<td><p style="text-align: right">
68</p>
</td>
</tr>
<tr>
<td>No opinion
</td>
<td><p style="text-align: right">
13</p>
</td>
</tr>
<tr>
<td>Rarely
</td>
<td><p style="text-align: right">
66</p>
</td>
</tr>
<tr>
<td><strong>Number of participants</strong>
</td>
<td><p style="text-align: right">
<strong>164</strong></p>
</td>
</tr>
</table>
###
### Selected quotes
_Never I should but I never do. I don't stray, I am risk adverse. I install packages that are good already. I consider my risk surface small. I don't have time or resources to audit them. I have sufficient faith in the ecosystem to be self-auditing. If something turned up in a well known package, the community is well known for making a stink. And anyway a code audit wouldn't pick it up._ \
— 240326752 Professional Python developer
<p id="gdcalert2" ><span style="color: red; font-weight: bold">>>>>> gd2md-html alert: inline image link here (to images/image2.png). Store image on your image server and adjust path/filename/extension if necessary. </span><br>(<a href="#">Back to top</a>)(<a href="#gdcalert3">Next alert</a>)<br><span style="color: red; font-weight: bold">>>>>> </span></p>
![alt_text](images/image2.png "image_tooltip")
The vast majority of participants did think about the security and integrity of the software they installed - and unlike responses about code audits, in some cases participants made attempts to verify the security and integrity of the software they installed.
Most attempts were made by those who had experience in software development, however in some cases, people gave up.
Those who were not classically trained software developers did not know where to start.
Both of these groups identified their “sphere of influence” and did their best to cover this.
<p id="gdcalert3" ><span style="color: red; font-weight: bold">>>>>> gd2md-html alert: inline image link here (to images/image3.png). Store image on your image server and adjust path/filename/extension if necessary. </span><br>(<a href="#">Back to top</a>)(<a href="#gdcalert4">Next alert</a>)<br><span style="color: red; font-weight: bold">>>>>> </span></p>
![alt_text](images/image3.png "image_tooltip")
With the exception of users who develop web applications (e.g those who deploy packages to the web), few users actively work towards any good security objective. Several users said that they know that they _should_ be more concerned, but do not have time to look into it in more detail.
User's knowledge of security issues (e.g. typosquatting) varies. Some users expect/assume that pip (and PyPI) should "protect" them from malicious actors - e.g. by automatically checking hashes, or detecting malicious packages.
Many users try to use more popular open-source packages, as they feel that they can trust these better.
In terms of control or impact, participants felt they could do more about the security and integrity of the code they created.
### **Responsibility as author**
Participants who spent a lot of their time writing Python code - either for community or as part of their job - expressed a responsibility to their users for the code they wrote - people who wrote code which was made public expressed a stronger responsibility.
They thought about where the software would be used, who would use it, and possible attack surfaces.
On the basic point, I have to think about attack surfaces. If I am writing the thing (software), I have to give a crap. I have to answer the emails! In the code I push to[ pypi.org](http://pypi.org/) I think about it doubley. What could people do with this code? Whether I do a good job, that's different! I am aware of it when publishing it or making it publically available. Whether I do a good job, that's different! I am aware of it when publishing it or making it publically available. I rely on community resources - Python security related, I follow security people blogs, Twitter. I use Hypothesis for fuzz-testing. I also rely on having security policies in place and a reporting mechanism. I steer clear of crypto, I rely on other peoples. There's a certain amount of knowledge in the Python community, I am actively involved in it. If something happens, I will hear about it. I use Twitter, if something happens, in the morning it can take me awhile to figure out what's happened. I have a lot of trust in the ecosystem to be self healing. As long as you don't stray too far-off the reservation (into using odd or uncommon or new packages), it's a better sense of security.
--- Participant, data scientist turned Python developer
Yes, because I'm liable for that. If the problem is my code, and I deliver something and they get attacked. I'm screwed.
-- Participant, professional Python developer and trainer
### **Reliance on software packages**
Participants also explained they rely on code security scanning and checking software packages.
I use linters (Bandit), I scan the code I have created and when there is an issue I raise a red flag.
I use Hypothesis for fuzz-testing.
###
### **Good software development practices**
A small number of participants explained they have good software practices in place, which help with writing secure software.
We have a book about ethics of code - we have mandatory certification.
I also rely on having security policies in place and a reporting mechanism. I steer clear of crypto, I rely on other peoples.
Of the users who have used pip's hash checking functionality:
* One finds the error messages "too annoying and loud", and has difficulty matching the file name to the hash
* Another finds the process of explicitly pinning hashes to be too tiresome (especially for dependencies)
One user mentioned that he likes[ NPM audit](https://docs.npmjs.com/cli/v6/commands/npm-audit) and would like to see something similar in the Python ecosystem.
#### Lack of time
The lack of time to carry out the audit of the package code, and that of the dependencies, was cited as a very common reason. In most cases participants used Python code as a means to achieving their goal.
#### Lack of expertise to carry out the audit
The lack of expertise or knowledge of auditing software was mainly due to participants expertise not being software development. However, in the case participants were "classically" software developers, lack of expertise was also a commonly given reason for not carrying out audits.
####
#### Use of only widely used, well-established packages
Use of well-established, high-quality packages was a common reason amongst all types of participants - professional Python software developers and those who used Python as a tool.
“Well-established, high-quality packages" were defined by users as packages that:
* have been in existence for many years
* are popular, or commonly used by those in their community or industry
* have responsive maintainers
* maintained by people the participant has heard of
* have many hundreds or thousands of users
* are in active development (many open issues, many forks, Github stars)
* are developed in the open, and transparently
* their history is known, or can be found out publicly
### **Reliance on the Python community to find issues**
There was a reliance on the community to find issues and make them know publicly - “Many eyes shallow bugs”.
### **Use of only internal packages**
“I only install internal packages, so I don't need to worry about this.”
This theme was not that common, mainly in large software development environments or where security was of high importance.
### **Expectation that[ pypi.org](http://pypi.org) or pip assures security and integrity of packages**
To assure the security and integrity of packages uploaded
### Selected quotes from research participants
#### About security audits, and security of software installed or created
_I rarely do code audits. Most of the time I rely on the opinions of the community. I look at how many maintainers there are. Maybe it's not good practice but I don't have time to go through the code._ — 240315091
_Never I should but I never do. I don't stray, I am risk adverse. I install packages that are good already. I consider my risk surface small. I don't have time or resources to audit them. I have sufficient faith in the ecosystem to be self-auditing. If something turned up in a well known package, the community is well known for making a stink. And anyway a code audit wouldn't pick it up._ — 240326752 Professional Python developer
_On the private level (work) the code is developed internally. I don't audit the code on pypi - due to lack of time auditing the dependencies, and I trust it. I know they had a security breach a few years ago, but it doesn't happen that often. I know they don't audit anything but I still don't audit the code._
_I wouldn't know how to, also I'm writing this stuff for myself. It'll work or not. Sometimes I end up installing 2 or 3 packages and find out that I need to install something else. I move on if it doesn't work. The last resort is I will write the code myself._
_I'm quite trusting - Python is open source, I'm assuming that if a package is on[ pypi.org](http://pypi.org/) - it must be alright. I install the package first, then I look at it. I find a package by figuring out - we need to do a certain task, we search for it on the Internet, look at the documentation, we install it and then see if it is what we want. _
_— _Participant 240278297
If I want to install a package, it's for a reason. I want to calculate the azimuth and elevation of the moon with PyEphem. Do a code audit? Pffff. Most of the stuff I do is banal. It needs to meet a dependency, so I install it. I'm not going to do a code audit. I don't care. Never, but this is one of the things - is the package on pypi the exact source I see on Github? You could end up with files that are distributed differently. Probably (I don't do it) because I am too scared to look. There is this thing that pip verifies (the packages) hash - so that is a feature to guard against this. What is the hash of? No idea. It's located in the local python install. \
— Participant 240426799, systems administrator
No. [laughs] Coz, I'm not going to read thousands of lines of code before I install a package. Oh my God. [..] I wouldn't be able to find it. I'm trading off - honestly how popular the package is, number of stars on GH. pypi doesn't have any UI way to tell me how many downloads it has. If it did I would use that.
— Participant 240386315, IT administrator
Well, I don't have the background to do a code audit of something like Numerical Python. Most packages I use are huge. Most people aren't doing code of those packages, except the maintainer. I am relying on whatever is built into pip to do package security. I also assume if there is an exploit someone will find it and let the world now. I'm really lazy.
— Participant 240312164, Nuclear physicist
#### About security guidance and hash checking
I would like some security advisor, [like in npm](https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities) - it works very well, when you install a package "there are security vulns. with this package - 1 low, 5 medium, 8 high. I havent come across security issues with Python packages.”
-- CZI convening research participant
If I was downloading a package on my own I check the hash, if it's installed by pip, then no. I expect pip to do it. If it doesn't do it, it does surprise me. Every package manager checks the hash against what it downloads. The hashes are already known on pypi. \
— Participant 240312164, Nuclear physicist

268
docs/html/ux-research-design/research-results.md
View File

@ -15,9 +15,9 @@ Some key outcomes from the 2020 work are:
- A pip UX research panel ([Sign up here!](https://mail.python.org/mailman3/lists/pip-ux-studies.python.org/))
- New and expanded GitHub issues
- UX improvements in 2020
- UX work supporting the dependency resolver
- Improved error messaging
- Supporting Documentation
- UX work supporting the dependency resolver
- Improved error messaging
- Supporting Documentation
- UX Training for the Pypa + pip maintainers
This work was made possible through the [pip donor funded roadmap](https://wiki.python.org/psf/Pip2020DonorFundedRoadmap).
@ -188,119 +188,153 @@ We **published 10 surveys** to gather feedback about pip's users and their prefe
Below is a compiled list of all research outputs and recommendations made by the pip UX team based on the research conducted in 2020.
We are currently looking for volunteers to take recommendations made by the UX team and move them into pip's issue tracker. This will ensure that the research conducted in 2020 is leveraged by the pip development team.
We are currently looking for volunteers to take recommendations made by the UX team and move them into pip's issue tracker. This will ensure that the research conducted in 2020 is leveraged by the pip development team.
<table>
<tr>
<td>Title
</td>
<td>Category
</td>
<td>Description
</td>
</tr>
<tr>
<td><a href="https://docs.google.com/document/d/1GUkcEIdu-3Bkk43AwPJ0ExtPxdU4nUYieTlWfcfp4O8/edit?usp=sharing">About our users</a>
</td>
<td>Who uses pip
</td>
<td>High-level summary of who uses pip. Includes recommendations for supporting languages other than English, supporting users with disabilities, and improving pip's output
</td>
</tr>
<tr>
<td><a href="https://docs.google.com/document/d/1730saWFkRUhKC_c0m92gfm3NLySDDtydBY9sDs9BMhk/edit?usp=sharing">Pip personas</a>
</td>
<td>Who uses pip
</td>
<td>Defines and explores three Python user personas
</td>
</tr>
<tr>
<td><a href="https://docs.google.com/document/d/1EsDNsuahXOrsfYpTmWXsIb-iQPYIEZUejRqZlCo1r9c/edit?usp=sharing">Mental models of pip</a>
</td>
<td>Who uses pip
</td>
<td>Explores users' general knowledge of package management, what pip is, and what pip does during an install process.
</td>
</tr>
<tr>
<td><a href="https://docs.google.com/document/d/1gltjYEIzswjSipFI7MfRH6OT8LdVIIGFKzZZLIVBbhI/edit?usp=sharing">Behaviours and attitudes towards code security and integrity</a>
</td>
<td>Who uses pip
</td>
<td>Explores pip users behaviour and attitudes towards security and makes recommendations on how to improve pips security experience
</td>
</tr>
<tr>
<td><a href="https://docs.google.com/document/d/1dnkj7SG9fThsjjdCoQrf94U4eHeC6lE_cvS33ULufx4/edit?usp=sharing">Usage of pip in automated and interactive environments</a>
</td>
<td>Who uses pip
</td>
<td>Assessment of use of pip in automated environments (i.e. continuous integration, continuous deployment) vs manual input from the command line
</td>
</tr>
<tr>
<td><a href="https://hackmd.io/@LE2CG9ODQ0CZOIcMC47VyQ/SyVrUekoD">Improving pip's documentation</a>
</td>
<td>Documentation
</td>
<td>Summarises how pip users get pip help, and make recommendations on how to improve pip's documentation
</td>
</tr>
<tr>
<td><a href="https://www.notion.so/simplysecure/Design-brief-for-pip-logo-8186d239892f442ca0cc763a88997ec2">Pip's identity: In search of a logo</a>
</td>
<td>Pip community
</td>
<td>Summarises community ideas for a new pip logo as input for a design brief
</td>
</tr>
<tr>
<td><a href="https://hackmd.io/@LE2CG9ODQ0CZOIcMC47VyQ/HJD8DTepw">Prioritizing features (buy a feature)</a>
</td>
<td>How pip works
</td>
<td>Summarises which features are most important to pip's users
</td>
</tr>
<tr>
<td><a href="https://hackmd.io/okbYASpyQJ-XDIdDAZFQYQ">Pip Search</a>
</td>
<td>How pip works
</td>
<td>Summarises current use of pip search and makes recommendations on how to move forward with pip search, given that PyPI XMLRPC search has been disabled
</td>
</tr>
<tr>
<td><a href="https://hackmd.io/2naLnfq-SKCaUTZxZmYDNA">Pip Force reinstall</a>
</td>
<td>How pip works
</td>
<td>Looks at at current use of `pip --force-reinstall` and whether the current behavior matches users expectations
</td>
</tr>
<tr>
<td><a href="https://hackmd.io/2F74AQYbRzeHl3zTgoWUvQ">Dependency conflict resolution when upgrading packages</a>
</td>
<td>2020 dependency resolver
</td>
<td>Recommends whether pip should take into account packages that are already installed when a user asks pip to upgrade a package
</td>
</tr>
<tr>
<td><a href="https://hackmd.io/MIRY9jpRSNyuzMXoWmSqIg?both">Providing an override to install packages with conflicting dependencies</a>
</td>
<td>2020 dependency resolver
</td>
<td>Recommends weather or not to provide an override for users to install packages with conflicts (the new pip resolver blocks this behaviour by default)
</td>
</tr>
<thead>
<tr>
<th>Title</th>
<th>Category</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<a href="/2020-research-outputs/about-our-users">About our users</a>
</td>
<td>
Who uses pip
</td>
<td>
High-level summary of who uses pip. Includes recommendations for supporting languages other than English, supporting users with disabilities, and improving pip's output
</td>
</tr>
<tr>
<td>
<a href="/2020-research-outputs/personas">Pip personas</a>
</td>
<td>
Who uses pip
</td>
<td>
Defines and explores three Python user personas
</td>
</tr>
<tr>
<td>
<a href="/2020-research-outputs/mental-models">Mental models of pip</a>
</td>
<td>
Who uses pip
</td>
<td>
Explores users' general knowledge of package management, what pip is, and what pip does during an install process.
</td>
</tr>
<tr>
<td>
<a href="/2020-research-outputs/users-and-security">Behaviours and attitudes towards code security and integrity</a>
</td>
<td>
Who uses pip
</td>
<td>
Explores pip users behaviour and attitudes towards security and makes recommendations on how to improve pips security experience
</td>
</tr>
<tr>
<td>
<a href="/2020-research-outputs/ci-cd">Usage of pip in automated and interactive environments</a>
</td>
<td>
Who uses pip
</td>
<td>
Assessment of use of pip in automated environments (i.e. continuous integration, continuous deployment) vs manual input from the command line
</td>
</tr>
<tr>
<td>
<a href="/2020-research-outputs/improving-pips-documentation">Improving pip's documentation</a>
</td>
<td>
Documentation
</td>
<td>
Summarises how pip users get pip help, and make recommendations on how to improve pip's documentation
</td>
</tr>
<tr>
<td>
<a href="/2020-research-outputs/pip-logo">Pip's identity: In search of a logo</a>
</td>
<td>
Pip community
</td>
<td>
Summarises community ideas for a new pip logo as input for a design brief
</td>
</tr>
<tr>
<td>
<a href="/2020-research-outputs/prioritizing-features">Prioritizing features (buy a feature)</a>
</td>
<td>
How pip works
</td>
<td>
Summarises which features are most important to pip's users
</td>
</tr>
<tr>
<td>
<a href="/2020-research-outputs/pip-search">Pip Search</a>
</td>
<td>
How pip works
</td>
<td>
Summarises current use of pip search and makes recommendations on how to move forward with pip search, given that PyPI XMLRPC search has been disabled
</td>
</tr>
<tr>
<td>
<a href="/2020-research-outputs/pip-force-reinstall">Pip Force reinstall</a>
</td>
<td>
How pip works
</td>
<td>
Looks at at current use of `pip --force-reinstall` and whether the current behavior matches users expectations
</td>
</tr>
<tr>
<td>
<a href="/2020-research-outputs/pip-upgrade-conflict">Dependency conflict resolution when upgrading packages</a>
</td>
<td>
2020 dependency resolver
</td>
<td>
Recommends whether pip should take into account packages that are already installed when a user asks pip to upgrade a package
</td>
</tr>
<tr>
<td>
<a href="/2020-research-outputs/override-conflicting-dependencies">Providing an override to install packages with conflicting dependencies</a>
</td>
<td>
2020 dependency resolver
</td>
<td>
Recommends weather or not to provide an override for users to install packages with conflicts (the new pip resolver blocks this behaviour by default)
</td>
</tr>
</tbody>
</table>
### **Read More**
## Read More
- [Pip team midyear report (blog, July 2020)](https://pyfound.blogspot.com/2020/07/pip-team-midyear-report.html)
- [Creating rapid CLI prototypes with cli-output (blog, Oct 2020)](https://www.ei8fdb.org/thoughts/2020/10/prototyping-command-line-interfaces-with-cli-output/)
@ -310,8 +344,8 @@ We are currently looking for volunteers to take recommendations made by the UX t
- [How do you deal with conflicting dependencies caused by pip installs? (blog, April 2020)](https://www.ei8fdb.org/thoughts/2020/04/how-do-you-deal-with-conflicting-dependencies-caused-by-pip-installs/)
- [pip UX studies: response data (blog, March 2020)](https://www.ei8fdb.org/thoughts/2020/03/pip-ux-studies-response-data/)
- Other PyPA UX work:
- [PyPI User Research (blog, July 2018)](https://whoisnicoleharris.com/2018/07/22/pypi-user-research.html)
- [Warehouse - The Future of PyPI](https://whoisnicoleharris.com/warehouse/)<span style="text-decoration:underline;"> (overview)</span>
- [Accessibility on Warehouse (PyPI) (blog, May 2018)](https://whoisnicoleharris.com/2018/05/17/warehouse-accessibility.html)
- [User Testing Warehouse (blog, Mar 2018)](https://whoisnicoleharris.com/2018/03/13/user-testing-warehouse.html)
- [Designing Warehouse - An Overview (blog, Dec 2015)](https://whoisnicoleharris.com/2015/12/31/designing-warehouse-an-overview.html)
- [PyPI User Research (blog, July 2018)](https://whoisnicoleharris.com/2018/07/22/pypi-user-research.html)
- [Warehouse - The Future of PyPI](https://whoisnicoleharris.com/warehouse/)<span style="text-decoration:underline;"> (overview)</span>
- [Accessibility on Warehouse (PyPI) (blog, May 2018)](https://whoisnicoleharris.com/2018/05/17/warehouse-accessibility.html)
- [User Testing Warehouse (blog, Mar 2018)](https://whoisnicoleharris.com/2018/03/13/user-testing-warehouse.html)
- [Designing Warehouse - An Overview (blog, Dec 2015)](https://whoisnicoleharris.com/2015/12/31/designing-warehouse-an-overview.html)