From mal at egenix.com Fri Mar 1 14:42:22 2013 From: mal at egenix.com (M.-A. Lemburg) Date: Fri, 01 Mar 2013 14:42:22 +0100 Subject: [Python-legal-sig] PyPI terms (moved here from the catalog-sig) In-Reply-To: <68D705AC-BBD0-415D-8AC3-8DEA93F02FE3@gmail.com> References: <813CA10EF6554A019B6FC98A2C9AC2EF@gmail.com> <512EED5E.1080700@zopyx.com> <20130228094343.GY9677@merlinux.eu> <20130228200848.GB9677@merlinux.eu> <513073E5.20900@egenix.com> <5130954A.2050805@egenix.com> <51309D27.4000204@egenix.com> <68D705AC-BBD0-415D-8AC3-8DEA93F02FE3@gmail.com> Message-ID: <5130B03E.6070801@egenix.com> I've wanted to have this discussion for a long time, so here goes (this is long...): There's an issue with the terms we use on the Python website and in particular the PyPI site. The issue is related to the license we ask users uploading content to the site to sign up to. I'm focusing here specifically on the PyPI side of things, where package authors want to upload package distribution files to the PyPI hosts. The terms we currently have are overly broad, in fact much broader than needed for providing and maintaining the PyPI service. There may be other areas where we need such broad terms, e.g. comments on blog posts, postings to mailing lists (which are archived and displayed on the website) or content in the wiki, but those can be subject of a different discussion. These are the current terms (taken from http://www.python.org/about/legal/): """ Third-Party Content The Python Software Foundation (PSF) does not claim ownership of any third-party code or content (third party content) placed on the web site and has no obligation of any kind with respect to such third party content. Any third party content provided in connection with this web site is provided on a non-confidential basis. The PSF is free to use or disseminate such content on an unrestricted basis for any purpose, and third party content providers grant the PSF and all other users of the web site an irrevocable, worldwide, royalty-free, nonexclusive license to reproduce, distribute, transmit, display, perform, and publish such content, including in digital form. Third party content providers represent and warrant that they have obtained the proper governmental authorizations for the export and reexport of any software or other content contributed to this web site by the third-party content provider, and further affirm that any United States-sourced cryptographic software is not intended for use by a foreign government end-user. Individuals and organizations are advised that the PyPI website is hosted in the US, with mirrors in several countries outside the US (see http://www.pypi-mirrors.org/). Any uploads of packages must comply with United States export controls under the Export Administration Regulations. """ Let's look at this sentence by sentence: > The Python Software Foundation (PSF) does not claim ownership of > any third-party code or content (third party content) placed on > the web site and has no obligation of any kind with respect to > such third party content. Any third party content provided in > connection with this web site is provided on a non-confidential > basis. This part is obviously necessary and makes it clear that the PSF is not claiming ownership (we'd be foolish to take ownership without review, anyway). > The PSF is free to use or disseminate such content on an > unrestricted basis for any purpose, and third party content > providers grant the PSF and all other users of the web site an > irrevocable, worldwide, royalty-free, nonexclusive license to > reproduce, distribute, transmit, display, perform, and publish > such content, including in digital form. This part would be mostly fine as well, except for an important detail: "...the PSF and all other users of the web site..." The small addition "and all other users of the web site" implies a license agreement between the content providers and all other users of the web site. I'm sure that most package authors wouldn't have a problem with granting the PSF the above license rights, but do have a problem with extending those same rights irrevocably to all users of the web site. By agreeing to the above term, the authors are giving up control of the distribution of their distribution files completely. Note that the above does not include a use license and it just refers to the distribution files, not their content, so that does not override the terms of the licenses which control the distribution file contents - this appears to be a misunderstanding that has sometimes cropped up on the catalog-sig. Now, I can see where the terms originated. They were added when I requested the addition of the export rule clauses further below in 2011. At the time, there was a big discussion about a PyPI mirror framework and the above terms make it easily possible for any user of the website to set up such a mirror, so I guess that motivated the addition of "all other users of the web site". However, the number of public PyPI mirrors is small and may get even smaller once we have a CDN setup to feed distribution files directly to all users of our website, so its easy to narrow down those "other users of the web site" that would actually need such distribution rights. I'd suggest to do what many other hosting sites do: make the terms only apply to the provided service and only include those parts which are absolutely necessary to be able to provide the service: * restrict the redistribution rights to just the PSF and allow the PSF to sublicense these rights to public PyPI mirror providers (which also gives the PSF more control over who is allowed to host such mirrors) * only allow the redistribution rights for the purpose of providing the PyPI service * allow users of the website to maintain non-public mirrors of the PyPI service Next, I don't see a need for the license between the PSF and the content provider to be irrevocable, but perhaps there's some IP law requirement for this. I don't think anyone would have an issue with giving the PSF irrevocable rights to the above rights. However, I also don't think the license should be irrevocable between the content provider and all other users of the web site. Simply because, a content provider may actually need to revoke those rights due to e.g. trademark, patent copyright issues, or conflicts with restrictions such as export restrictions, or conflicts with local laws in certain countries, or for non-legal issues such as preventing users from losing data or to resolve a naming issue. The PSF would always play nice with content providers, but it is not at all clear that all other web site users would. Now, on to the next clauses: > Third party content providers represent and warrant that they > have obtained the proper governmental authorizations for the > export and reexport of any software or other content contributed > to this web site by the third-party content provider, and further > affirm that any United States-sourced cryptographic software is > not intended for use by a foreign government end-user. > > Individuals and organizations are advised that the PyPI website > is hosted in the US, with mirrors in several countries outside > the US (see http://www.pypi-mirrors.org/). Any uploads of > packages must comply with United States export controls under the > Export Administration Regulations. These are export rules the PSF has to implement as US organization, so there's nothing much we can do about this. The part "affirm that any United States-sourced cryptographic software is not intended for use by a foreign government end-user" goes a bit too far as well, AFAIR, since the EAR only applies to certain government end-users. Then again, keeping up with the constant changes in export regulation is probably not what we want to spend our time on as PSF. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Mar 01 2013) >>> Python Projects, Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ From jnoller at gmail.com Fri Mar 1 15:18:11 2013 From: jnoller at gmail.com (Jesse Noller) Date: Fri, 1 Mar 2013 09:18:11 -0500 Subject: [Python-legal-sig] PyPI terms (moved here from the catalog-sig) In-Reply-To: <5130B03E.6070801@egenix.com> References: <813CA10EF6554A019B6FC98A2C9AC2EF@gmail.com> <512EED5E.1080700@zopyx.com> <20130228094343.GY9677@merlinux.eu> <20130228200848.GB9677@merlinux.eu> <513073E5.20900@egenix.com> <5130954A.2050805@egenix.com> <51309D27.4000204@egenix.com> <68D705AC-BBD0-415D-8AC3-8DEA93F02FE3@gmail.com> <5130B03E.6070801@egenix.com> Message-ID: On Friday, March 1, 2013 at 8:42 AM, M.-A. Lemburg wrote: > I've wanted to have this discussion for a long time, so here goes > (this is long...): > > There's an issue with the terms we use on the Python website and > in particular the PyPI site. The issue is related to the license > we ask users uploading content to the site to sign up to. > > I'm focusing here specifically on the PyPI side of things, where > package authors want to upload package distribution files to the > PyPI hosts. > > The terms we currently have are overly broad, in fact much broader > than needed for providing and maintaining the PyPI service. > > There may be other areas where we need such broad terms, e.g. > comments on blog posts, postings to mailing lists (which are > archived and displayed on the website) or content in the wiki, > but those can be subject of a different discussion. > > These are the current terms (taken from http://www.python.org/about/legal/): > > """ > Third-Party Content > > The Python Software Foundation (PSF) does not claim ownership of > any third-party code or content (third party content) placed on > the web site and has no obligation of any kind with respect to > such third party content. Any third party content provided in > connection with this web site is provided on a non-confidential > basis. The PSF is free to use or disseminate such content on an > unrestricted basis for any purpose, and third party content > providers grant the PSF and all other users of the web site an > irrevocable, worldwide, royalty-free, nonexclusive license to > reproduce, distribute, transmit, display, perform, and publish > such content, including in digital form. > > Third party content providers represent and warrant that they > have obtained the proper governmental authorizations for the > export and reexport of any software or other content contributed > to this web site by the third-party content provider, and further > affirm that any United States-sourced cryptographic software is > not intended for use by a foreign government end-user. > > Individuals and organizations are advised that the PyPI website > is hosted in the US, with mirrors in several countries outside > the US (see http://www.pypi-mirrors.org/). Any uploads of > packages must comply with United States export controls under the > Export Administration Regulations. > """ > > Let's look at this sentence by sentence: > > > The Python Software Foundation (PSF) does not claim ownership of > > any third-party code or content (third party content) placed on > > the web site and has no obligation of any kind with respect to > > such third party content. Any third party content provided in > > connection with this web site is provided on a non-confidential > > basis. > > > > This part is obviously necessary and makes it clear that the PSF > is not claiming ownership (we'd be foolish to take ownership > without review, anyway). > > > The PSF is free to use or disseminate such content on an > > unrestricted basis for any purpose, and third party content > > providers grant the PSF and all other users of the web site an > > irrevocable, worldwide, royalty-free, nonexclusive license to > > reproduce, distribute, transmit, display, perform, and publish > > such content, including in digital form. > > > > This part would be mostly fine as well, except for an important > detail: > > "...the PSF and all other users of the web site..." > > The small addition "and all other users of the web site" implies > a license agreement between the content providers and all other > users of the web site. > > I'm sure that most package authors wouldn't have a problem > with granting the PSF the above license rights, but do have > a problem with extending those same rights irrevocably to > all users of the web site. > > By agreeing to the above term, the authors are giving up > control of the distribution of their distribution files > completely. > > Note that the above does not include a use license and it > just refers to the distribution files, not their content, > so that does not override the terms of the licenses which > control the distribution file contents - this appears to be > a misunderstanding that has sometimes cropped up on > the catalog-sig. > > Now, I can see where the terms originated. They were added > when I requested the addition of the export rule clauses > further below in 2011. > > At the time, there was a big discussion about a PyPI mirror > framework and the above terms make it easily possible for any > user of the website to set up such a mirror, so I guess > that motivated the addition of "all other users of the web site". > > However, the number of public PyPI mirrors is small and may > get even smaller once we have a CDN setup to feed distribution > files directly to all users of our website, so its easy > to narrow down those "other users of the web site" that > would actually need such distribution rights. > > I'd suggest to do what many other hosting sites do: make the > terms only apply to the provided service and only include > those parts which are absolutely necessary to be able to > provide the service: > > * restrict the redistribution rights to just the PSF and > allow the PSF to sublicense these rights to public PyPI mirror > providers (which also gives the PSF more control over who > is allowed to host such mirrors) > Ubuntu does this with the PPA agreement - the only way they allow UGC uploads - Notice however they restrict what licenses users can use: https://help.launchpad.net/PPATermsofUse See also: http://fedoraproject.org/wiki/Infrastructure/Mirroring Also: http://help.rubygems.org/discussions/problems/411-rubygemsorg-toseula https://raw.github.com/isaacs/npm/master/LICENSE https://code.google.com/projecthosting/terms.html https://help.github.com/articles/github-terms-of-service Specifically on the last one: "We claim no intellectual property rights over the material you provide to the Service. Your profile and materials uploaded remain yours. However, by setting your pages to be viewed publicly, you agree to allow others to view your Content. By setting your repositories to be viewed publicly, you agree to allow others to view and fork your repositories." In short: making it available means people can take it > > * only allow the redistribution rights for the purpose > of providing the PyPI service > > * allow users of the website to maintain non-public mirrors > of the PyPI service > > Next, I don't see a need for the license between the PSF and the > content provider to be irrevocable, but perhaps there's some > IP law requirement for this. I don't think anyone would have > an issue with giving the PSF irrevocable rights to the above > rights. > > However, I also don't think the license should be irrevocable between > the content provider and all other users of the web site. > Simply because, a content provider may actually need to revoke > those rights due to e.g. trademark, patent copyright issues, > or conflicts with restrictions such as export restrictions, or > conflicts with local laws in certain countries, or for non-legal > issues such as preventing users from losing data or to resolve a > naming issue. > > The PSF would always play nice with content providers, but > it is not at all clear that all other web site users would. > > Now, on to the next clauses: > > > Third party content providers represent and warrant that they > > have obtained the proper governmental authorizations for the > > export and reexport of any software or other content contributed > > to this web site by the third-party content provider, and further > > affirm that any United States-sourced cryptographic software is > > not intended for use by a foreign government end-user. > > > > Individuals and organizations are advised that the PyPI website > > is hosted in the US, with mirrors in several countries outside > > the US (see http://www.pypi-mirrors.org/). Any uploads of > > packages must comply with United States export controls under the > > Export Administration Regulations. > > > > These are export rules the PSF has to implement as US organization, > so there's nothing much we can do about this. > > The part "affirm that any United States-sourced cryptographic software is > not intended for use by a foreign government end-user" goes a bit > too far as well, AFAIR, since the EAR only applies to certain government > end-users. Then again, keeping up with the constant changes in > export regulation is probably not what we want to spend our time on > as PSF. > > -- > Marc-Andre Lemburg > eGenix.com (http://eGenix.com) > > Professional Python Services directly from the Source (#1, Mar 01 2013) > > > > Python Projects, Consulting and Support ... http://www.egenix.com/ > > > > mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ > > > > mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ > > > > > > > > ________________________________________________________________________ > > ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: > > eGenix.com (http://eGenix.com) Software, Skills and Services GmbH Pastor-Loeh-Str.48 > D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg > Registered at Amtsgericht Duesseldorf: HRB 46611 > http://www.egenix.com/company/contact/ From jnoller at gmail.com Fri Mar 1 15:19:40 2013 From: jnoller at gmail.com (Jesse Noller) Date: Fri, 1 Mar 2013 09:19:40 -0500 Subject: [Python-legal-sig] PyPI terms (moved here from the catalog-sig) In-Reply-To: References: <813CA10EF6554A019B6FC98A2C9AC2EF@gmail.com> <512EED5E.1080700@zopyx.com> <20130228094343.GY9677@merlinux.eu> <20130228200848.GB9677@merlinux.eu> <513073E5.20900@egenix.com> <5130954A.2050805@egenix.com> <51309D27.4000204@egenix.com> <68D705AC-BBD0-415D-8AC3-8DEA93F02FE3@gmail.com> <5130B03E.6070801@egenix.com> Message-ID: <7CA38DC21F1747F7AF85C9FCFA3243F9@gmail.com> Oh, and: http://cran.r-project.org/web/packages/policies.html On Friday, March 1, 2013 at 9:18 AM, Jesse Noller wrote: > On Friday, March 1, 2013 at 8:42 AM, M.-A. Lemburg wrote: > > I've wanted to have this discussion for a long time, so here goes > > (this is long...): > > > > There's an issue with the terms we use on the Python website and > > in particular the PyPI site. The issue is related to the license > > we ask users uploading content to the site to sign up to. > > > > I'm focusing here specifically on the PyPI side of things, where > > package authors want to upload package distribution files to the > > PyPI hosts. > > > > The terms we currently have are overly broad, in fact much broader > > than needed for providing and maintaining the PyPI service. > > > > There may be other areas where we need such broad terms, e.g. > > comments on blog posts, postings to mailing lists (which are > > archived and displayed on the website) or content in the wiki, > > but those can be subject of a different discussion. > > > > These are the current terms (taken from http://www.python.org/about/legal/): > > > > """ > > Third-Party Content > > > > The Python Software Foundation (PSF) does not claim ownership of > > any third-party code or content (third party content) placed on > > the web site and has no obligation of any kind with respect to > > such third party content. Any third party content provided in > > connection with this web site is provided on a non-confidential > > basis. The PSF is free to use or disseminate such content on an > > unrestricted basis for any purpose, and third party content > > providers grant the PSF and all other users of the web site an > > irrevocable, worldwide, royalty-free, nonexclusive license to > > reproduce, distribute, transmit, display, perform, and publish > > such content, including in digital form. > > > > Third party content providers represent and warrant that they > > have obtained the proper governmental authorizations for the > > export and reexport of any software or other content contributed > > to this web site by the third-party content provider, and further > > affirm that any United States-sourced cryptographic software is > > not intended for use by a foreign government end-user. > > > > Individuals and organizations are advised that the PyPI website > > is hosted in the US, with mirrors in several countries outside > > the US (see http://www.pypi-mirrors.org/). Any uploads of > > packages must comply with United States export controls under the > > Export Administration Regulations. > > """ > > > > Let's look at this sentence by sentence: > > > > > The Python Software Foundation (PSF) does not claim ownership of > > > any third-party code or content (third party content) placed on > > > the web site and has no obligation of any kind with respect to > > > such third party content. Any third party content provided in > > > connection with this web site is provided on a non-confidential > > > basis. > > > > > > > > > > > > This part is obviously necessary and makes it clear that the PSF > > is not claiming ownership (we'd be foolish to take ownership > > without review, anyway). > > > > > The PSF is free to use or disseminate such content on an > > > unrestricted basis for any purpose, and third party content > > > providers grant the PSF and all other users of the web site an > > > irrevocable, worldwide, royalty-free, nonexclusive license to > > > reproduce, distribute, transmit, display, perform, and publish > > > such content, including in digital form. > > > > > > > > > > > > This part would be mostly fine as well, except for an important > > detail: > > > > "...the PSF and all other users of the web site..." > > > > The small addition "and all other users of the web site" implies > > a license agreement between the content providers and all other > > users of the web site. > > > > I'm sure that most package authors wouldn't have a problem > > with granting the PSF the above license rights, but do have > > a problem with extending those same rights irrevocably to > > all users of the web site. > > > > By agreeing to the above term, the authors are giving up > > control of the distribution of their distribution files > > completely. > > > > Note that the above does not include a use license and it > > just refers to the distribution files, not their content, > > so that does not override the terms of the licenses which > > control the distribution file contents - this appears to be > > a misunderstanding that has sometimes cropped up on > > the catalog-sig. > > > > Now, I can see where the terms originated. They were added > > when I requested the addition of the export rule clauses > > further below in 2011. > > > > At the time, there was a big discussion about a PyPI mirror > > framework and the above terms make it easily possible for any > > user of the website to set up such a mirror, so I guess > > that motivated the addition of "all other users of the web site". > > > > However, the number of public PyPI mirrors is small and may > > get even smaller once we have a CDN setup to feed distribution > > files directly to all users of our website, so its easy > > to narrow down those "other users of the web site" that > > would actually need such distribution rights. > > > > I'd suggest to do what many other hosting sites do: make the > > terms only apply to the provided service and only include > > those parts which are absolutely necessary to be able to > > provide the service: > > > > * restrict the redistribution rights to just the PSF and > > allow the PSF to sublicense these rights to public PyPI mirror > > providers (which also gives the PSF more control over who > > is allowed to host such mirrors) > > > Ubuntu does this with the PPA agreement - the only way they allow UGC uploads - Notice however they restrict what licenses users can use: > > https://help.launchpad.net/PPATermsofUse > > See also: > > http://fedoraproject.org/wiki/Infrastructure/Mirroring > > Also: > > http://help.rubygems.org/discussions/problems/411-rubygemsorg-toseula > https://raw.github.com/isaacs/npm/master/LICENSE > https://code.google.com/projecthosting/terms.html > https://help.github.com/articles/github-terms-of-service > > Specifically on the last one: > > "We claim no intellectual property rights over the material you provide to the Service. Your profile and materials uploaded remain yours. However, by setting your pages to be viewed publicly, you agree to allow others to view your Content. By setting your repositories to be viewed publicly, you agree to allow others to view and fork your repositories." > > In short: making it available means people can take it > > > > > * only allow the redistribution rights for the purpose > > of providing the PyPI service > > > > * allow users of the website to maintain non-public mirrors > > of the PyPI service > > > > Next, I don't see a need for the license between the PSF and the > > content provider to be irrevocable, but perhaps there's some > > IP law requirement for this. I don't think anyone would have > > an issue with giving the PSF irrevocable rights to the above > > rights. > > > > However, I also don't think the license should be irrevocable between > > the content provider and all other users of the web site. > > Simply because, a content provider may actually need to revoke > > those rights due to e.g. trademark, patent copyright issues, > > or conflicts with restrictions such as export restrictions, or > > conflicts with local laws in certain countries, or for non-legal > > issues such as preventing users from losing data or to resolve a > > naming issue. > > > > The PSF would always play nice with content providers, but > > it is not at all clear that all other web site users would. > > > > Now, on to the next clauses: > > > > > Third party content providers represent and warrant that they > > > have obtained the proper governmental authorizations for the > > > export and reexport of any software or other content contributed > > > to this web site by the third-party content provider, and further > > > affirm that any United States-sourced cryptographic software is > > > not intended for use by a foreign government end-user. > > > > > > Individuals and organizations are advised that the PyPI website > > > is hosted in the US, with mirrors in several countries outside > > > the US (see http://www.pypi-mirrors.org/). Any uploads of > > > packages must comply with United States export controls under the > > > Export Administration Regulations. > > > > > > > > > > > > These are export rules the PSF has to implement as US organization, > > so there's nothing much we can do about this. > > > > The part "affirm that any United States-sourced cryptographic software is > > not intended for use by a foreign government end-user" goes a bit > > too far as well, AFAIR, since the EAR only applies to certain government > > end-users. Then again, keeping up with the constant changes in > > export regulation is probably not what we want to spend our time on > > as PSF. > > > > -- > > Marc-Andre Lemburg > > eGenix.com (http://eGenix.com) > > > > Professional Python Services directly from the Source (#1, Mar 01 2013) > > > > > Python Projects, Consulting and Support ... http://www.egenix.com/ > > > > > mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ > > > > > mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ > > > > > > > > > > > > > > > > > ________________________________________________________________________ > > > > ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: > > > > eGenix.com (http://eGenix.com) Software, Skills and Services GmbH Pastor-Loeh-Str.48 > > D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg > > Registered at Amtsgericht Duesseldorf: HRB 46611 > > http://www.egenix.com/company/contact/ > From van.lindberg at gmail.com Fri Mar 1 15:37:49 2013 From: van.lindberg at gmail.com (VanL) Date: Fri, 1 Mar 2013 08:37:49 -0600 Subject: [Python-legal-sig] [Catalog-sig] PyPI terms In-Reply-To: <5130B37B.6050501@egenix.com> References: <813CA10EF6554A019B6FC98A2C9AC2EF@gmail.com> <512EED5E.1080700@zopyx.com> <20130228094343.GY9677@merlinux.eu> <20130228200848.GB9677@merlinux.eu> <513073E5.20900@egenix.com> <5130954A.2050805@egenix.com> <5130B37B.6050501@egenix.com> Message-ID: <948E0503DDAA4FB496104EC483F993F4@gmail.com> Please forward to catalog-sig if this gets bounced. I'm not on that list. I drafted these terms of service. I know they are broad. They were made exactly as broad as was needed. This was not the case that we took the cheap-and-easy route of a maximal rights grant. (And besides, it would have been equally cheap for the PSF either way). What it was is that we investigated and found out all the different ways that people were using PyPI. Of particular importance were these: - Automated access from scripts (We can't pass through any license terms - no click through or agreement to use - Automated mirroring - and re-mirroring of mirrors - without any agreement, both to public and private repositories (We need the right to distribute and to allow others to distribute. We needed to protect our downstream and make sure that their common use cases aren't infringing) These terms were chosen so that our community would have the rights to do these very common things and not be infringing. The only way we could do this was by asking for a broader grant at the time of distribution. Also, what no one gets is that *the license does not allow modification!* So you can distribute far and wide for any purpose - but you can only distribute what the original author uploaded without being liable for infringement. People have also said that this overrules the licenses on their packages. That is not so! The licenses in this case run in parallel, and distribution needs to satisfy both licenses or it cannot be done at all. This was the subject of a lot of thought and a lot of work that a lot of people have not even considered, and it was chosen very deliberately to protect our overall community. Because the protection of the community is a broad purpose, it needed some broad provisions - but it is as tightly crafted as I could get while still not making our known downstream uses infringing. If it gets changed, it will be over my strenuous objections. Van ____________________________ Van Lindberg van.lindberg at gmail.com On Friday, March 1, 2013 at 7:56 AM, M.-A. Lemburg wrote: > On 01.03.2013 12:47, M.-A. Lemburg wrote: > > On 01.03.2013 12:30, Jesse Noller wrote: > > > Marc Andre: I'm cc'ing Van: can you explain why the pypi terms are a bummer so we can see if there is actually an issue to be resolved or a matter of taste? > > > > > > We need to protect the foundation while preserving author rights - but I don't want one user / subset dictating how we evolve the technology. > > > > I think we should move this discussion to the python-legal-sig list: > > > > http://mail.python.org/mailman/listinfo/python-legal-sig > > > > Let me know when you've subscribed and then we can hash things > > out on that list. The catalog sig is not really the suitable > > place for these discussions. > > > > > I've kicked off the discussion on the other list. See you there. > > -- > Marc-Andre Lemburg > eGenix.com (http://eGenix.com) > > Professional Python Services directly from the Source (#1, Mar 01 2013) > > > > Python Projects, Consulting and Support ... http://www.egenix.com/ > > > > mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ > > > > mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ > > > > > > > > > > > ________________________________________________________________________ > > ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: > > eGenix.com (http://eGenix.com) Software, Skills and Services GmbH Pastor-Loeh-Str.48 > D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg > Registered at Amtsgericht Duesseldorf: HRB 46611 > http://www.egenix.com/company/contact/ > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mal at egenix.com Fri Mar 1 17:50:18 2013 From: mal at egenix.com (M.-A. Lemburg) Date: Fri, 01 Mar 2013 17:50:18 +0100 Subject: [Python-legal-sig] [Catalog-sig] PyPI terms In-Reply-To: <948E0503DDAA4FB496104EC483F993F4@gmail.com> References: <813CA10EF6554A019B6FC98A2C9AC2EF@gmail.com> <512EED5E.1080700@zopyx.com> <20130228094343.GY9677@merlinux.eu> <20130228200848.GB9677@merlinux.eu> <513073E5.20900@egenix.com> <5130954A.2050805@egenix.com> <5130B37B.6050501@egenix.com> <948E0503DDAA4FB496104EC483F993F4@gmail.com> Message-ID: <5130DC4A.1030406@egenix.com> Hi Van, please read my long posting to the python-legal list. This explains the concerns and makes suggestions on how to improve things in a way that is compatible with what PyPI is and how it is used today: http://mail.python.org/pipermail/python-legal-sig/2013-March/000000.html PS: I'd prefer if you not cross-post to both lists and keep the discussion to the legal list. Thanks, -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Mar 01 2013) >>> Python Projects, Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ From mal at egenix.com Fri Mar 1 19:07:18 2013 From: mal at egenix.com (M.-A. Lemburg) Date: Fri, 01 Mar 2013 19:07:18 +0100 Subject: [Python-legal-sig] [Catalog-sig] PyPI terms In-Reply-To: <5130DC4A.1030406@egenix.com> References: <813CA10EF6554A019B6FC98A2C9AC2EF@gmail.com> <512EED5E.1080700@zopyx.com> <20130228094343.GY9677@merlinux.eu> <20130228200848.GB9677@merlinux.eu> <513073E5.20900@egenix.com> <5130954A.2050805@egenix.com> <5130B37B.6050501@egenix.com> <948E0503DDAA4FB496104EC483F993F4@gmail.com> <5130DC4A.1030406@egenix.com> Message-ID: <5130EE56.5010805@egenix.com> Oh, and I forgot to mention: none of this is urgent :-) We can discuss these things after the dust on the trademark opposition has settled. On 01.03.2013 17:50, M.-A. Lemburg wrote: > Hi Van, > > please read my long posting to the python-legal list. This explains the > concerns and makes suggestions on how to improve things in a way > that is compatible with what PyPI is and how it is used today: > > http://mail.python.org/pipermail/python-legal-sig/2013-March/000000.html > > PS: I'd prefer if you not cross-post to both lists and keep the > discussion to the legal list. > > Thanks, > -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Mar 01 2013) >>> Python Projects, Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/