[Catalog-sig] Troubled by changes to PyPI usage agreement
Robert Kern
robert.kern at gmail.com
Tue Dec 8 23:58:29 CET 2009
On 2009-12-08 16:04 PM, Ben Finney wrote:
> VanL<van at python.org> writes:
>
>> The irrevocability is there to protect the PSF. It is so that no one
>> can claim later that they got mad at the PSF and revoked the PSF's
>> ability to redistribute something that they previously uploaded.
>
> I think the best way to ensure this is to constrain PyPI users to only
> upload free-software works. (Any license terms that can restroactively
> revoke the license without violating its specific terms, necessarily
> make a non-free work and would thus be excluded from PyPI.)
Who determines the freeness of the software? The OSI? That would exclude
licenses like the CeCILL license which appears to be close enough to free
(certainly in the respects that concerns redistribution by PyPI) but it has not
been submitted to the OSI and might not pass every point of the Open Source
Definition (I'm pretty sure that it is not DFSG-free).
> Attempting to get an *additional*, broader, license from the uploader
> strikes me as over-reaching.
Who would audit the packages to make sure that the uploaded code actually has an
acceptable license? While I hope that the language can be narrowed or at least
clarified, I definitely think that the PyPI needs a separate usage agreement
such that uploading packages to PyPI grants specific permission for PyPI to
redistribute the package. At the very least, uploading a package to PyPI would
have to "represent and warrant" that the package complies with some definition
of freeness, but that's even more vague than the current language.
--
Robert Kern
"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco
More information about the Catalog-SIG
mailing list