[Catalog-sig] [PSF-Board] Troubled by changes to PyPI usage agreement

M.-A. Lemburg mal at egenix.com
Mon Jan 25 11:59:32 CET 2010

"Martin v. Löwis" wrote:
> Terry Reedy wrote:
>> On 1/23/2010 5:03 AM, "Martin v. Löwis" wrote:
>>> Indeed, that's what we are discussing here. And, I can only
>>> repeat myself: anybody can download the data and redistribute
>>> it in any way they like. This is how it is, and how it should
>>> be.
>> Many sites have the restriction that people can download for own use but
>> *not* redistribute, at least not publicly.
> Can you give examples of such sites (preferably examples where the
> content is not originally owned by the site distributing it)?

Google Code - the example I used as basis for the updated terms -
is a popular OSS site.

Most commercial sites don't allow redistribution of the applications
you download - at least not without explicit permission.

Many freeware applications also restrict the way you may distribute
the apps, e.g. they often explicitly disallow putting them on CDs
in order to prevent magazines from cashing in on the drive-by-revenue.

For software containing crypto code, managing the distribution channels
is required by government law in most countries (see

Software using GPL-like terms also put special requirements on
distribution channels, in fact, a major part of the GPL mechanism
is built around public distribution of software (which is one of
the issues some people have with it and the reason why the AGPL
was created).

The current terms on PyPI have the potential of overriding all such

>> And people should *not* be
>> able to 'redistribute in any way they like', for instance with claim of
>> authorship or copyright or malware attached.
> Either case would involve modification. Copying and creating derivative
> works are fairly different, so when one is granted people wouldn't
> assume to have the other as well.

I think we now all know that you're not in favor of changing
anything reagrding the new terms on PyPI. That's fine.

Please do acknowledge, though, that there are a number of people
who do not feel comfortable with those new terms.

Whether or not to change them, is up to the PSF board. I've posted
a proposal which tries to find a balance between what the PSF
has to ask from the uploading developer and what the PyPI user
can reasonably expect.

It's now up to the board to decide.

Marc-Andre Lemburg

Professional Python Services directly from the Source  (#1, Jan 25 2010)
>>> Python/Zope Consulting and Support ...        http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/

::: Try our new mxODBC.Connect Python Database Interface for free ! ::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the Catalog-SIG mailing list