[Catalog-sig] The "Softpedia" spam

Noah Kantrowitz noah at coderanger.net
Fri May 7 10:00:52 CEST 2010 

On May 7, 2010, at 12:57 AM, M.-A. Lemburg wrote:

> Noah Kantrowitz wrote:
>> 
>> On May 7, 2010, at 12:47 AM, M.-A. Lemburg wrote:
>> 
>>> Noah Kantrowitz wrote:
>>>> I think most FOSS authors are aware that putting their email in a package is effectively putting it in the clear on the internet. I think we have come beyond the days of "noah (at) coderanger [dot] net" and all those silly tricks that were popular not too long ago. If an author is excessively concerned about spam, they shouldn't put their email in author_email. Is that field mandatory now or something? Softpedia is a little annoying with the emails, but I've found them useful personally (along with versiontracker) when looking for OS X software before. Freshmeat is a similar index of FOSS projects, and I've definitely used that before. Is there some reason we are objecting to including PyPI data in other software catalogs? If it makes it a tiny bit easier to find Python software, I'm all for it.
>>> 
>>> No, but the PSF should be asked for permission before using the data
>>> on some other site.
>> 
>> Permission is probably not a good thing to inject, too much risk of being picky on who can use the data. If it is available to anyone, it should be available to all. I would agree that as a professional courtesy it would be nice if people would let us know if they are mining PyPI, but you are dipping into dangerous territory if you put a gate in front of it.
> 
> Why do you think so ?
> 
> The PSF would most certainly apply the same openness it is applying
> for its own trademarks.
> 
> I believe that package authors uploading things to PyPI should be able
> to trust that the PSF (being behind PyPI) uses this data with the
> appropriate care.
> 
> The same is true if you upload data to Freshmeat, Sourceforge and
> other such sites. Why should PyPI be different ?

I just don't think the PSF or this SIG should be in the business of saying who can access PyPI (which is what this boils down to at a philosophical level). That said, I also have a lot of faith in the judgement of the PSF and if they felt they could take on this (large) responsibility I wouldn't fight it that hard. I would fight harder to say that this shouldn't be the job of the SIG though.

--Noah

More information about the Catalog-SIG mailing list