[Catalog-sig] Troubled by changes to PyPI usage agreement

Robert Kern robert.kern at gmail.com
Tue Dec 8 23:58:29 CET 2009

On 2009-12-08 16:04 PM, Ben Finney wrote:

> VanL<van at python.org>  writes:
>> The irrevocability is there to protect the PSF. It is so that no one
>> can claim later that they got mad at the PSF and revoked the PSF's
>> ability to redistribute something that they previously uploaded.
> I think the best way to ensure this is to constrain PyPI users to only
> upload free-software works. (Any license terms that can restroactively
> revoke the license without violating its specific terms, necessarily
> make a non-free work and would thus be excluded from PyPI.)

Who determines the freeness of the software? The OSI? That would exclude 
licenses like the CeCILL license which appears to be close enough to free 
(certainly in the respects that concerns redistribution by PyPI) but it has not 
been submitted to the OSI and might not pass every point of the Open Source 
Definition (I'm pretty sure that it is not DFSG-free).

> Attempting to get an *additional*, broader, license from the uploader
> strikes me as over-reaching.

Who would audit the packages to make sure that the uploaded code actually has an 
acceptable license? While I hope that the language can be narrowed or at least 
clarified, I definitely think that the PyPI needs a separate usage agreement 
such that uploading packages to PyPI grants specific permission for PyPI to 
redistribute the package. At the very least, uploading a package to PyPI would 
have to "represent and warrant" that the package complies with some definition 
of freeness, but that's even more vague than the current language.

Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
  that is made terrible by our own mad attempt to interpret it as though it had
  an underlying truth."
   -- Umberto Eco

More information about the Catalog-SIG mailing list