[Catalog-sig] [PSF-Board] Troubled by changes to PyPI usage agreement

Steve Holden steve at holdenweb.com
Sat Jan 23 14:14:06 CET 2010 

M.-A. Lemburg wrote:
> "Martin v. Löwis" wrote:
>>>> However, I don't think this is factually the case: *anybody*
>>>> can indeed mirror the data in any way they like. This is how
>>>> it is, and how it should be.
>>> Sure, downloading things from PyPI is its main intent and
>>> that's also what the proposed PyPI terms allow the PSF to
>>> do.
>>>
>>> However, there's a huge difference between just downloading
>>> content and redistributing it. The latter is what we're discussing
>>> here.
>> Indeed, that's what we are discussing here. And, I can only
>> repeat myself: anybody can download the data and redistribute
>> it in any way they like. This is how it is, and how it should
>> be.
> 
> They can technically, yes, but the fact that they can doesn't
> map to any kind of permission for doing so.
> 
> Otherwise, anyone could take any content on the web and copy it
> freely and use it for their own purposes, without having to ask
> for permission or being restricted in the way the content is
> used.
> 
> The package authors who signed up before the change to the PyPI
> registration terms on 2009-11-29 have not given this permission:
> 
> """
> By signing up to this system, you agree to:
>  * Not upload inappropriate material (only Python packages are
>    allowed).
>  * You agree that all information you post is published (email
>    addresses are obfuscated).
> """
> 
> so being ignorant about this doesn't really help.
> 
> The authors who have signed up since were forced to accept
> terms which do give permission to anyone to do anything
> they like with the content - and that's what started this
> thread: the terms are too permissive to be acceptable.
> 
> """
> By registering to upload content to PyPI, I agree and affirmatively acknowledge the following:
> 
>    1. Content is restricted to Python packages and related information only.
>    2. Any content uploaded to PyPI is provided on a non-confidential basis.
>    3. The PSF is free to use or disseminate any content that I upload on an unrestricted basis for
> any purpose. In particular, the PSF and all other users of the web site are granted an irrevocable,
> worldwide, royalty-free, nonexclusive license to reproduce, distribute, transmit, display, perform,
> and publish the content, including in digital form.
>    4. I represent and warrant that I have complied with all government regulations concerning the
> transfer or export of any content I upload to PyPI. In particular, if I am subject to United States
> law, I represent and warrant that I have obtained the proper governmental authorization for the
> export of the content I upload. I further affirm that any content I provide is not intended for use
> by a government end-user as defined in part 772 of the United States Export Administration Regulations.
> """
> 
> The version I proposed restricts those permissions to redistribution by the
> PSF - which is enough to run PyPI services:
> 
> """
> PyPI is a service provided by the PSF. In order to be able to distribute the content you upload to
> PyPI to web site users, the PSF asks you to agree to and affirmatively acknowledge the following:
> 
> 1. Content is restricted to Python packages and related information only.
> 
> 2. Any content uploaded to PyPI is provided on a non-confidential basis.
> 
> 3. The PSF is granted an irrevocable, worldwide, royalty-free, nonexclusive license to reproduce,
> distribute, transmit, display, perform, and publish the content, including in digital form. This
> licence is for the sole purpose of enabling the PSF to display, distribute and promote the content
> on PyPI.
> 
> 4. I represent and warrant that I have complied with all government regulations concerning the
> transfer or export of any content I upload to the PyPI servers in The Netherlands. In particular, if
> I am subject to United States law, I represent and warrant that I have obtained the proper
> governmental authorization for the export of the content I upload. I further affirm that any content
> I provide is not intended for use by a government end-user as defined in part 772 of the United
> States Export Administration Regulations.
> """
> 

In (4) I would change "... upload. I further affirm" to "... upload, and
further affirm". Incorporating both assertions into a single sentence
clarifies that only those subject to US law are required to make that
declaration. The exception seems prudent given that the PSF is
incorporated in the USA.

The second version does seem much more user-friendly, somehow, and
should calm fears about potential abuse of content by the Foundation.

Are we going to go with that?

regards
 Steve
-- 
Steve Holden           +1 571 484 6266   +1 800 494 3119
PyCon is coming! Atlanta, Feb 2010  http://us.pycon.org/
Holden Web LLC                 http://www.holdenweb.com/
UPCOMING EVENTS:        http://holdenweb.eventbrite.com/

More information about the Catalog-SIG mailing list