On Thu, Apr 21, 2016 at 2:24 PM, Alexander Walters <tritium-list@sdamon.com> wrote:
On 4/21/2016 15:02, Chris Barker wrote:
Good evidence that the "first come first served, and then you get to keep it forever" is not ideal.

Criminal violations of trademark are evidence that its not ideal, and therefor we should make pypi untrustworthy for all other cases? This case is /criminal/ violation of trademarks. 

IANL, but I don't think there is anything criminal about using a registered trademark for a Pypi name -- it all depends on how you represent your use of the name.

But even if it is, we really don't want to have to go through a legal proceeding for this sort of thing, do we?

This is different than 'I have a package that hasn't been updated for a year and you want my name on pypi'.


But again, I at least never proposed anything about "I have a package that hasn't been updated for a year and you want my name on pypi." I was suggesting we do something about:

"I put up a package on pypi in a whim, and no longer am paying any attention to it years later"

The mypy situation has gotten attention because it's a high profile package with high profile people interested in it. but I just took a look at mypy on PiPy:


" a wsgi framework"

it has published ONE version, in 2011. no activity of any sort since then, no documentation, no meta-data, nada. And  82 downloads in the last day. Do you REALLY think that 82 people decided to use a half-baked, undocumented, ancient wsgi framework today?

This in fact, looks like a perfect example of an abandoned name -- regardless of whether anyone wants to re-use that name or not.

And I was just thinking: if we are worried about security -- this is a pretty good example of a dangerous situation:

If that author were to suddenly decide to publish some malware under that name -- it would get a  lot of traffic!. Highly unlikely, I grant you (after all, if I'm right, that person is no longer paying any attention) But it wouldn't be hard to publish all sorts of stuff under all sorts of names, and if you hit a name that was close to a popular project, you'd get a lot of hits --maybe "jango"? it doesn't seem to be taken.

Anyway, all I'm saying is that current free for all leaves a lot to be desired -- but anything else will take administrative energy, and since I'm not offering to do that work, I'll  shut up now.



Christopher Barker, Ph.D.

Emergency Response Division
NOAA/NOS/OR&R            (206) 526-6959   voice
7600 Sand Point Way NE   (206) 526-6329   fax
Seattle, WA  98115       (206) 526-6317   main reception
