[Catalog-sig] Use user-specific site-packages by default?
holger krekel
holger at merlinux.eu
Tue Feb 5 23:59:39 CET 2013
On Tue, Feb 05, 2013 at 15:54 -0500, Terry Reedy wrote:
> On 2/5/2013 11:35 AM, Lennart Regebro wrote:
> >On Tue, Feb 5, 2013 at 5:03 PM, Donald Stufft <donald.stufft at gmail.com> wrote:
> >>Besides the issues with validating that the package We are mirroring
> >>is the authentic one there's also a legal issue. We don't know for sure
> >>that we have the legal rights to redistribute those files. When you upload
> >>a file to PyPI you grant the PSF a license to do that, no upload from the
> >>author = no license. IANAL but i think i'm correct on that.
> >
> >Absolutely, but if the package is marked with a license that allows
> >redistribution in the metadata, then we can.
>
> The last I read (and I cannot find the seemingly hidden page) the
> author (or rights-holder) of code must grant PSF something more than
> just redistribution rights before uploading it. The same must also
> certify some mumbo-jumbo about compliance with national laws and
> cryptography. No 3rd party can do that.
Not sure i understand. Are you referring to a procedure that is in place
already or that should be in place?
I consider the activity of caching 3rd party packages that are offered
through PyPI's metadata and which can be downloaded freely from
everwhere as similar to what web caches like squid do. A quick scan
produced this sentence from http://en.wikipedia.org/wiki/Web_cache :
In 1998, the DMCA added rules to the United States Code (17 U.S.C.
§: 512) that relinquishes system operators from copyright liability
for the purposes of caching.
best,
holger
More information about the Catalog-SIG
mailing list