[Catalog-sig] Troubled by changes to PyPI usage agreement
robert.kern at gmail.com
Wed Dec 9 06:13:42 CET 2009
On 2009-12-08 17:33 , Ben Finney wrote:
> Robert Kern<robert.kern at gmail.com> writes:
>> On 2009-12-08 16:04 PM, Ben Finney wrote:
>>> I think the best way to ensure this is to constrain PyPI users to
>>> only upload free-software works.
>> Who determines the freeness of the software?
> The PSF needs to determine that, since they're the ones who are
> responsible for further redistributing the work.
> This could be made simpler by using the license declaration in the
> package metadata.
You snipped the substantive point. Let me rephrase: Who determines the freeness
of the declared license? There are many, many licenses out there.
>>> Attempting to get an *additional*, broader, license from the
>>> uploader strikes me as over-reaching.
>> Who would audit the packages to make sure that the uploaded code
>> actually has an acceptable license?
> Who audits them now, to ensure that the works don't have license terms
> that prohibit some action that the PSF takes?
No one. The usage agreement now gives the PSF the permission to perform PyPI's
function without needing to be concerned about the license terms at all. That's
the entire point of having the usage agreement. The license of the code is
irrelevant given that secondary agreement. If the uploader does not have the
rights to give that permission, then PyPI may still have to take down the
offending package, but I believe the existence of the agreement helps them avoid
damages (IANAL and am not sure on this point). Without such an agreement, the
PSF *would* have to audit the packages and their licenses. The usage agreement
is a more efficient way to ensure that the PSF gets the necessary assurance that
it has the right to redistribute the uploaded packages.
"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco
More information about the Catalog-SIG