From venkat83 at gmail.com Wed May 5 05:02:35 2010
From: venkat83 at gmail.com (Venkatraman S)
Date: Wed, 5 May 2010 08:32:35 +0530
Subject: [Catalog-sig] Callbacks and Data access
Message-ID: <w2sa3b05e8b1005042002w9ece603buaa60b64861f75123@mail.gmail.com>
Hi
I happened to stumble on PypiXMLrpc wiki link
<http://wiki.python.org/moin/PyPiXmlRpc>and was wondering whether the
following can be done or not:
1) Is it possible to get the download statistics on a timeline basis?
2) Can i have some callbacks which tells me when Pypi is updated - as in,
when a new package is updated, or an existing package is updated or a new
release is launched?
3) Is it possible to get all the data from PyPi in one go? basically get an
export?
4) I am not sure whether XMLRPC is the best way to access data - is there
some other way?(other than crawling?)
Regards,
Venkat
http://twitter.com/venkasub
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20100505/780d747c/attachment.html>
From martin at v.loewis.de Wed May 5 07:09:32 2010
From: martin at v.loewis.de (=?UTF-8?B?Ik1hcnRpbiB2LiBMw7Z3aXMi?=)
Date: Wed, 05 May 2010 07:09:32 +0200
Subject: [Catalog-sig] Callbacks and Data access
In-Reply-To: <w2sa3b05e8b1005042002w9ece603buaa60b64861f75123@mail.gmail.com>
References: <w2sa3b05e8b1005042002w9ece603buaa60b64861f75123@mail.gmail.com>
Message-ID: <4BE0FD8C.70609@v.loewis.de>
> 1) Is it possible to get the download statistics on a timeline basis?
Unfortunately, I don't understand the question: what statistics do you
want to download, and what does "timeline basis" mean?
> 2) Can i have some callbacks which tells me when Pypi is updated - as
> in, when a new package is updated, or an existing package is updated or
> a new release is launched?
Yes, there is a pubsubhubbub notification set up for the RSS feed
http://pypi.python.org/pypi?:action=lasthour
> 3) Is it possible to get all the data from PyPi in one go? basically
> get an export?
If, by "all data", you really mean "all data" (including the actual
package files), then no.
It isn't possible to get *all* data even one-by-one. Some data (e.g.
account information) is not available to the public.
If you plan to do mirroring, please be careful not to download
everything repeatedly, or else your IP may get blocked.
> 4) I am not sure whether XMLRPC is the best way to access data - is
> there some other way?(other than crawling?)
Yes, there is the Simple API, which is REST-based
http://pypi.python.org/simple/
Regards,
Martin
From venkat83 at gmail.com Wed May 5 07:23:33 2010
From: venkat83 at gmail.com (Venkatraman S)
Date: Wed, 5 May 2010 10:53:33 +0530
Subject: [Catalog-sig] Callbacks and Data access
In-Reply-To: <4BE0FD8C.70609@v.loewis.de>
References: <w2sa3b05e8b1005042002w9ece603buaa60b64861f75123@mail.gmail.com>
<4BE0FD8C.70609@v.loewis.de>
Message-ID: <l2sa3b05e8b1005042223l3b6624b0od760f55bfd277d78@mail.gmail.com>
On Wed, May 5, 2010 at 10:39 AM, "Martin v. L?wis" <martin at v.loewis.de>wrote:
> > 1) Is it possible to get the download statistics on a timeline basis?
>
> Unfortunately, I don't understand the question: what statistics do you
> want to download, and what does "timeline basis" mean?
>
Basically, i would like to know how many downloads have happened over a
course of time.
Think in terms of a chart with the X-axis being the months/year and y-axis
being number of downloads.
>
> > 3) Is it possible to get all the data from PyPi in one go? basically
> > get an export?
>
> If, by "all data", you really mean "all data" (including the actual
> package files), then no.
>
> It isn't possible to get *all* data even one-by-one. Some data (e.g.
> account information) is not available to the public.
>
> If you plan to do mirroring, please be careful not to download
> everything repeatedly, or else your IP may get blocked.
>
I want to build some charting on top of the pypi data so that people will
know the usage and popularity of the data.
Think in terms of a wrapper on top of the data.
-V
http://twitter.com/venkasub
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20100505/7df2eca2/attachment.html>
From martin at v.loewis.de Wed May 5 07:35:15 2010
From: martin at v.loewis.de (=?UTF-8?B?Ik1hcnRpbiB2LiBMw7Z3aXMi?=)
Date: Wed, 05 May 2010 07:35:15 +0200
Subject: [Catalog-sig] Callbacks and Data access
In-Reply-To: <l2sa3b05e8b1005042223l3b6624b0od760f55bfd277d78@mail.gmail.com>
References: <w2sa3b05e8b1005042002w9ece603buaa60b64861f75123@mail.gmail.com>
<4BE0FD8C.70609@v.loewis.de>
<l2sa3b05e8b1005042223l3b6624b0od760f55bfd277d78@mail.gmail.com>
Message-ID: <4BE10393.2060901@v.loewis.de>
> Basically, i would like to know how many downloads have happened over a
> course of time.
> Think in terms of a chart with the X-axis being the months/year and
> y-axis being number of downloads.
No, that is currently not available.
Regards,
Martin
From martin at v.loewis.de Wed May 5 07:43:02 2010
From: martin at v.loewis.de (=?UTF-8?B?Ik1hcnRpbiB2LiBMw7Z3aXMi?=)
Date: Wed, 05 May 2010 07:43:02 +0200
Subject: [Catalog-sig] Callbacks and Data access
In-Reply-To: <4BE10393.2060901@v.loewis.de>
References: <w2sa3b05e8b1005042002w9ece603buaa60b64861f75123@mail.gmail.com>
<4BE0FD8C.70609@v.loewis.de>
<l2sa3b05e8b1005042223l3b6624b0od760f55bfd277d78@mail.gmail.com>
<4BE10393.2060901@v.loewis.de>
Message-ID: <4BE10566.5080802@v.loewis.de>
Martin v. L?wis wrote:
>> Basically, i would like to know how many downloads have happened over a
>> course of time.
>> Think in terms of a chart with the X-axis being the months/year and
>> y-axis being number of downloads.
>
> No, that is currently not available.
Actually, it *is* available, see
http://pypi.python.org/webstats/
Regards,
Martin
From venkat83 at gmail.com Wed May 5 08:05:08 2010
From: venkat83 at gmail.com (Venkatraman S)
Date: Wed, 5 May 2010 11:35:08 +0530
Subject: [Catalog-sig] Callbacks and Data access
In-Reply-To: <4BE10566.5080802@v.loewis.de>
References: <w2sa3b05e8b1005042002w9ece603buaa60b64861f75123@mail.gmail.com>
<4BE0FD8C.70609@v.loewis.de>
<l2sa3b05e8b1005042223l3b6624b0od760f55bfd277d78@mail.gmail.com>
<4BE10393.2060901@v.loewis.de> <4BE10566.5080802@v.loewis.de>
Message-ID: <k2oa3b05e8b1005042305xb0073d19s53bbf20d80529635@mail.gmail.com>
On Wed, May 5, 2010 at 11:13 AM, "Martin v. L?wis" <martin at v.loewis.de>wrote:
> Martin v. L?wis wrote:
> >> Basically, i would like to know how many downloads have happened over a
> >> course of time.
> >> Think in terms of a chart with the X-axis being the months/year and
> >> y-axis being number of downloads.
> >
> > No, that is currently not available.
>
> Actually, it *is* available, see
>
> http://pypi.python.org/webstats/
>
>
Looks good, but the page suffers from information overload.
I basically want to know given a package X, the download and release
history(timeline) of it along with the package details.
Also, i want to know whether it would be 'legally' correct if i present the
data in my website in a 'better way' and link to pypi for downloading the
package?
The idea is I want to develop a Python Toolbox that the community doesnt
have presently (i am working on a prototype
here<http://pytoolbox.appspot.com/>- the site is still in its alpha
and i am working on it). Presenting
information in a much visually appealing way and also helping to choose
between the packages would be the goal. Any money generated will be used for
promoting Python in India (like sponsoring python based events or tech
contests). (I can write more, but reserve it for latter)
-Venkat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20100505/536d5892/attachment-0001.html>
From martin at v.loewis.de Wed May 5 08:23:45 2010
From: martin at v.loewis.de (=?UTF-8?B?Ik1hcnRpbiB2LiBMw7Z3aXMi?=)
Date: Wed, 05 May 2010 08:23:45 +0200
Subject: [Catalog-sig] Callbacks and Data access
In-Reply-To: <k2oa3b05e8b1005042305xb0073d19s53bbf20d80529635@mail.gmail.com>
References: <w2sa3b05e8b1005042002w9ece603buaa60b64861f75123@mail.gmail.com>
<4BE0FD8C.70609@v.loewis.de>
<l2sa3b05e8b1005042223l3b6624b0od760f55bfd277d78@mail.gmail.com>
<4BE10393.2060901@v.loewis.de> <4BE10566.5080802@v.loewis.de>
<k2oa3b05e8b1005042305xb0073d19s53bbf20d80529635@mail.gmail.com>
Message-ID: <4BE10EF1.20409@v.loewis.de>
> Looks good, but the page suffers from information overload.
Tough luck.
> I basically want to know given a package X, the download and release
> history(timeline) of it along with the package details.
I understand. I'm not going to publish the web server access logs.
> Also, i want to know whether it would be 'legally' correct if i present
> the data in my website in a 'better way' and link to pypi for
> downloading the package?
As long as you comply with copyright law, certainly.
> The idea is I want to develop a Python Toolbox that the community doesnt
> have presently (i am working on a prototype here
> <http://pytoolbox.appspot.com/> - the site is still in its alpha and i
> am working on it). Presenting information in a much visually appealing
> way and also helping to choose between the packages would be the goal.
Hmm. I would rather prefer if you contributed any enhancements to PyPI
directly, instead of building a separate site.
Regards,
Martin
From venkat83 at gmail.com Wed May 5 08:51:26 2010
From: venkat83 at gmail.com (Venkatraman S)
Date: Wed, 5 May 2010 12:21:26 +0530
Subject: [Catalog-sig] Callbacks and Data access
In-Reply-To: <4BE10EF1.20409@v.loewis.de>
References: <w2sa3b05e8b1005042002w9ece603buaa60b64861f75123@mail.gmail.com>
<4BE0FD8C.70609@v.loewis.de>
<l2sa3b05e8b1005042223l3b6624b0od760f55bfd277d78@mail.gmail.com>
<4BE10393.2060901@v.loewis.de> <4BE10566.5080802@v.loewis.de>
<k2oa3b05e8b1005042305xb0073d19s53bbf20d80529635@mail.gmail.com>
<4BE10EF1.20409@v.loewis.de>
Message-ID: <l2ga3b05e8b1005042351ze23a3a55x665f273f205ebe@mail.gmail.com>
On Wed, May 5, 2010 at 11:53 AM, "Martin v. L?wis" <martin at v.loewis.de>wrote:
>
> > I basically want to know given a package X, the download and release
> > history(timeline) of it along with the package details.
>
> I understand. I'm not going to publish the web server access logs.
>
Is the download information(per package) stored in the database (instead of
being the server logs)?
> As long as you comply with copyright law, certainly.
>
Link?
-Venkat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20100505/a066faf1/attachment.html>
From simon at ikanobori.jp Thu May 6 00:14:33 2010
From: simon at ikanobori.jp (Simon de Vlieger)
Date: Thu, 6 May 2010 00:14:33 +0200
Subject: [Catalog-sig] Callbacks and Data access
In-Reply-To: <l2ga3b05e8b1005042351ze23a3a55x665f273f205ebe@mail.gmail.com>
References: <w2sa3b05e8b1005042002w9ece603buaa60b64861f75123@mail.gmail.com>
<4BE0FD8C.70609@v.loewis.de>
<l2sa3b05e8b1005042223l3b6624b0od760f55bfd277d78@mail.gmail.com>
<4BE10393.2060901@v.loewis.de> <4BE10566.5080802@v.loewis.de>
<k2oa3b05e8b1005042305xb0073d19s53bbf20d80529635@mail.gmail.com>
<4BE10EF1.20409@v.loewis.de>
<l2ga3b05e8b1005042351ze23a3a55x665f273f205ebe@mail.gmail.com>
Message-ID: <394E1A32-4FA0-48A6-B4A9-198D065B2BA1@ikanobori.jp>
It used to be available through the XMLRPC API PyPi exposes but was
removed at a later date.
I noticed this earlier on, see the bugreport here: https://sourceforge.net/tracker/index.php?func=detail&aid=2979587&group_id=66150&atid=513503
Is your website going to be just a prettier representation of the PyPi
listings and if so, what would you like to improve on the current PyPi
website (to give a constructive spin to this).
Regards,
Simon de Vlieger
On 5 mei 2010, at 08:51, Venkatraman S wrote:
>
> On Wed, May 5, 2010 at 11:53 AM, "Martin v. L?wis"
> <martin at v.loewis.de> wrote:
>
> > I basically want to know given a package X, the download and release
> > history(timeline) of it along with the package details.
>
> I understand. I'm not going to publish the web server access logs.
>
> Is the download information(per package) stored in the database
> (instead of being the server logs)?
>
> As long as you comply with copyright law, certainly.
>
> Link?
>
> -Venkat
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20100506/3bc4e065/attachment.html>
From ziade.tarek at gmail.com Thu May 6 16:34:24 2010
From: ziade.tarek at gmail.com (=?ISO-8859-1?Q?Tarek_Ziad=E9?=)
Date: Thu, 6 May 2010 16:34:24 +0200
Subject: [Catalog-sig] The "Softpedia" spam
Message-ID: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
Hello,
The Softpedia website sends an email to everyone that register or
uploads something at PyPI. This is clearly a spam and their website
don't care about our projects.
I am not sure if they use the PubSubHubbub thing, but I was wondering
how we could prevent these unsolicited mails.
If they use PubSubHubbub, maybe we could set up a black list of
subscribers people can manage at their level,
if they reconstruct the emails by reading the RSS feed, maybe we
should not publish this info (even with the @ transformed into " at
").
Regards
Tarek
---------- Forwarded message ----------
From: Softpedia Editorial Team <linuxeditor at softpedia.com>
Date: Thu, May 6, 2010 at 4:11 PM
Subject: Distutils2 included in the Softpedia Linux software database
To: tarek at ziade.org
Congratulations,
Distutils2, one of your products, has been added to Softpedia's database of
software programs for Linux. It is featured with a description text,
screenshots, download links and technical details on this page:
http://linux.softpedia.com/get/Programming/Libraries/Distutils2-56577.shtml
The description text was created by our editors, using sources such as text
from your product's homepage, information from its help system, the PAD
file (if available) and the editor's own opinions on the program itself.
If you feel that having your product listed on Softpedia is not a benefit
for you or simply need something changed or updated, please contact us via
email at webmaster at softpedia.com and we will work with you to fix any
problem you may have found with the product's listing.
--
Sincerely,
The Softpedia Team
-----------------------------------------------------------------------
Softpedia is a library of over 400,000 free and free-to-try software
programs for Windows, Mac OS and Linux, games and gaming tools, Windows
device drivers, mobile devices and IT-related articles.
-----------------------------------------------------------------------
Softpedia - the encyclopedia of free software downloads
http://www.softpedia.com/
--
Tarek Ziad? | http://ziade.org
From mal at egenix.com Thu May 6 16:50:06 2010
From: mal at egenix.com (M.-A. Lemburg)
Date: Thu, 06 May 2010 16:50:06 +0200
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
Message-ID: <4BE2D71E.5040009@egenix.com>
Tarek Ziad? wrote:
> Hello,
>
> The Softpedia website sends an email to everyone that register or
> uploads something at PyPI. This is clearly a spam and their website
> don't care about our projects.
>
> I am not sure if they use the PubSubHubbub thing, but I was wondering
> how we could prevent these unsolicited mails.
>
> If they use PubSubHubbub, maybe we could set up a black list of
> subscribers people can manage at their level,
> if they reconstruct the emails by reading the RSS feed, maybe we
> should not publish this info (even with the @ transformed into " at
> ").
Unfortunately, that's what you get when providing APIs to extract
all the data from PyPI.
Not even the terms on the PyPI service can be used to prevent
that (something I'll try to change now that I'm on the PSF board
again).
We should really disallow redistribution of the PyPI meta data
and uploads without prior written consent from the PSF.
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, May 06 2010)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
From ziade.tarek at gmail.com Thu May 6 17:03:02 2010
From: ziade.tarek at gmail.com (=?ISO-8859-1?Q?Tarek_Ziad=E9?=)
Date: Thu, 6 May 2010 17:03:02 +0200
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <4BE2D71E.5040009@egenix.com>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
<4BE2D71E.5040009@egenix.com>
Message-ID: <x2p94bdd2611005060803n46b2258aj8c54d3f9912ca76b@mail.gmail.com>
On Thu, May 6, 2010 at 4:50 PM, M.-A. Lemburg <mal at egenix.com> wrote:
> Tarek Ziad? wrote:
>> Hello,
>>
>> The Softpedia website sends an email to everyone that register or
>> uploads something at PyPI. This is clearly a spam and their website
>> don't care about our projects.
>>
>> I am not sure if they use the PubSubHubbub thing, but I was wondering
>> how we could prevent these unsolicited mails.
>>
>> If they use PubSubHubbub, maybe we could set up a black list of
>> subscribers people can manage at their level,
>> if they reconstruct the emails by reading the RSS feed, maybe we
>> should not publish this info (even with ?the @ transformed into " at
>> ").
>
> Unfortunately, that's what you get when providing APIs to extract
> all the data from PyPI.
>
> Not even the terms on the PyPI service can be used to prevent
> that (something I'll try to change now that I'm on the PSF board
> again).
>
> We should really disallow redistribution of the PyPI meta data
> and uploads without prior written consent from the PSF.
Well the problem is not about the distribution of the metadata because
for OSS projects, you'll always have your email somewhere in the tarball.
I am not sure what you want to do at PSF level, but I wouldn't want the PSF to
restrict the usage of my own project info if I upload them at PyPI. PyPI
is just *one* recipient for projects and don't own people data.
The problem is about the usage of the APIs PyPI provides : Softpedia
has set up a
automatic process that gets triggered every time something is uploaded.
So It's all about spam, as usual. If we can control how the APIs are
used, we will defeat this bot.
What I propose is:
- set up authentication for the XML-RPC APIs, in order to control
this. If a user starts to use
XML-RPC calls in his bots, it's easy to shut it down.
- set up a restricted list of subscribers for the PubSubHubbub
protocol (I am not sure if this protocol
supports authentication, but I guess we can set something up)
- avoid displaying any email or derived emails on anonymous page
>
> --
> Marc-Andre Lemburg
> eGenix.com
>
> Professional Python Services directly from the Source ?(#1, May 06 2010)
>>>> Python/Zope Consulting and Support ... ? ? ? ?http://www.egenix.com/
>>>> mxODBC.Zope.Database.Adapter ... ? ? ? ? ? ? http://zope.egenix.com/
>>>> mxODBC, mxDateTime, mxTextTools ... ? ? ? ?http://python.egenix.com/
> ________________________________________________________________________
>
> ::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
>
>
> ? eGenix.com Software, Skills and Services GmbH ?Pastor-Loeh-Str.48
> ? ?D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
> ? ? ? ? ? Registered at Amtsgericht Duesseldorf: HRB 46611
> ? ? ? ? ? ? ? http://www.egenix.com/company/contact/
>
--
Tarek Ziad? | http://ziade.org
From mal at egenix.com Thu May 6 17:18:00 2010
From: mal at egenix.com (M.-A. Lemburg)
Date: Thu, 06 May 2010 17:18:00 +0200
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <x2p94bdd2611005060803n46b2258aj8c54d3f9912ca76b@mail.gmail.com>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com> <4BE2D71E.5040009@egenix.com>
<x2p94bdd2611005060803n46b2258aj8c54d3f9912ca76b@mail.gmail.com>
Message-ID: <4BE2DDA8.5080805@egenix.com>
Tarek Ziad? wrote:
> On Thu, May 6, 2010 at 4:50 PM, M.-A. Lemburg <mal at egenix.com> wrote:
>> Tarek Ziad? wrote:
>>> Hello,
>>>
>>> The Softpedia website sends an email to everyone that register or
>>> uploads something at PyPI. This is clearly a spam and their website
>>> don't care about our projects.
>>>
>>> I am not sure if they use the PubSubHubbub thing, but I was wondering
>>> how we could prevent these unsolicited mails.
>>>
>>> If they use PubSubHubbub, maybe we could set up a black list of
>>> subscribers people can manage at their level,
>>> if they reconstruct the emails by reading the RSS feed, maybe we
>>> should not publish this info (even with the @ transformed into " at
>>> ").
>>
>> Unfortunately, that's what you get when providing APIs to extract
>> all the data from PyPI.
>>
>> Not even the terms on the PyPI service can be used to prevent
>> that (something I'll try to change now that I'm on the PSF board
>> again).
>>
>> We should really disallow redistribution of the PyPI meta data
>> and uploads without prior written consent from the PSF.
>
> Well the problem is not about the distribution of the metadata because
> for OSS projects, you'll always have your email somewhere in the tarball.
>
> I am not sure what you want to do at PSF level, but I wouldn't want the PSF to
> restrict the usage of my own project info if I upload them at PyPI. PyPI
> is just *one* recipient for projects and don't own people data.
Sorry, perhaps I wasn't clear: when uploading things to PyPI
you accept the PyPI terms. These terms currently allow anyone
to take the data from PyPI and publically redistribute it
without any restrictions.
I think it's better to only allow the PSF to redistribute data
that it got from the PyPI package authors.
Redistribution in the form that Softpedia uses to attract
visitors and make revenue on the ads they have on their
site is not something the PSF would normally tolerate.
However, with the current terms, there's nothing the PSF
can do about it.
As package author, you are, of course, free to upload your
packages wherever you want, the PyPI terms only apply to the
data that you passed on to the PSF for display.
> The problem is about the usage of the APIs PyPI provides : Softpedia
> has set up a
> automatic process that gets triggered every time something is uploaded.
>
> So It's all about spam, as usual. If we can control how the APIs are
> used, we will defeat this bot.
>
> What I propose is:
>
> - set up authentication for the XML-RPC APIs, in order to control
> this. If a user starts to use
> XML-RPC calls in his bots, it's easy to shut it down.
>
> - set up a restricted list of subscribers for the PubSubHubbub
> protocol (I am not sure if this protocol
> supports authentication, but I guess we can set something up)
>
> - avoid displaying any email or derived emails on anonymous page
I'm not sure how that would work. Package manager tools would
then all have to use this authentication mechanism.
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, May 06 2010)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
From ziade.tarek at gmail.com Thu May 6 17:37:19 2010
From: ziade.tarek at gmail.com (=?ISO-8859-1?Q?Tarek_Ziad=E9?=)
Date: Thu, 6 May 2010 17:37:19 +0200
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <4BE2DDA8.5080805@egenix.com>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
<4BE2D71E.5040009@egenix.com>
<x2p94bdd2611005060803n46b2258aj8c54d3f9912ca76b@mail.gmail.com>
<4BE2DDA8.5080805@egenix.com>
Message-ID: <g2q94bdd2611005060837k8c1bc951x4f5345b1b545db47@mail.gmail.com>
On Thu, May 6, 2010 at 5:18 PM, M.-A. Lemburg <mal at egenix.com> wrote:
[..]
> Sorry, perhaps I wasn't clear: when uploading things to PyPI
> you accept the PyPI terms. These terms currently allow anyone
> to take the data from PyPI and publically redistribute it
> without any restrictions.
>
> I think it's better to only allow the PSF to redistribute data
> that it got from the PyPI package authors.
I am not sure what it means that the PSF redistributes data. Is this
http://www.python.org/about/legal or another text ?
A list of prohibited usage (combined with authentication) should be
enough to prevent the problem
as far as I understand.
For instance, here's SourceForge's one
http://sourceforge.net/apps/trac/sitelegal/wiki/Terms_of_Use#a2.YOURUSEOFSOURCEFORGE.NET
Extract:
...using any information obtained from SourceForge.net in order to
contact, advertise to, solicit, or sell to any
user without such user's prior explicit consent (including
non-commercial contacts like chain letters);
[..]
>> What I propose is:
>>
>> - set up authentication for the XML-RPC APIs, in order to control
>> this. If a user starts to use
>> ? XML-RPC calls in his bots, it's easy to shut it down.
>>
>> - set up a restricted list of subscribers for the PubSubHubbub
>> protocol (I am not sure if this protocol
>> supports authentication, but I guess we can set something up)
>>
>> - avoid displaying any email or derived emails on anonymous page
>
> I'm not sure how that would work. Package manager tools would
> then all have to use this authentication mechanism.
Yes but they would need to use an account therefore have an identity
when they run their scripts.
For instance, PyPI can have API calls quota per user, and a white list
of users that are allowed to have
an unlimited number of API calls. (managed manually)
IOW, allow stuff like cheesecake ratings or whatever, to subscribe,
and be able to block Softpedia.
It's a limited protection but should be enough: I don't think the
Softpedia staff will work on
defeating this by registering hundreds of zombies at PyPI.
But I understand that it also needs the legal part,
Regards,
Tarek
--
Tarek Ziad? | http://ziade.org
From mal at egenix.com Thu May 6 17:53:36 2010
From: mal at egenix.com (M.-A. Lemburg)
Date: Thu, 06 May 2010 17:53:36 +0200
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <g2q94bdd2611005060837k8c1bc951x4f5345b1b545db47@mail.gmail.com>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com> <4BE2D71E.5040009@egenix.com> <x2p94bdd2611005060803n46b2258aj8c54d3f9912ca76b@mail.gmail.com> <4BE2DDA8.5080805@egenix.com>
<g2q94bdd2611005060837k8c1bc951x4f5345b1b545db47@mail.gmail.com>
Message-ID: <4BE2E600.5090208@egenix.com>
Tarek Ziad? wrote:
> On Thu, May 6, 2010 at 5:18 PM, M.-A. Lemburg <mal at egenix.com> wrote:
> [..]
>> Sorry, perhaps I wasn't clear: when uploading things to PyPI
>> you accept the PyPI terms. These terms currently allow anyone
>> to take the data from PyPI and publically redistribute it
>> without any restrictions.
>>
>> I think it's better to only allow the PSF to redistribute data
>> that it got from the PyPI package authors.
>
> I am not sure what it means that the PSF redistributes data. Is this
> http://www.python.org/about/legal or another text ?
That text needs some care as well, yes. I was referring to this text
on PyPI:
http://pypi.python.org/pypi?%3Aaction=register_form
"""
By registering to upload content to PyPI, I agree and affirmatively acknowledge the following:
1. Content is restricted to Python packages and related information only.
2. Any content uploaded to PyPI is provided on a non-confidential basis.
3. The PSF is free to use or disseminate any content that I upload on an unrestricted basis for
any purpose. In particular, the PSF and all other users of the web site are granted an irrevocable,
worldwide, royalty-free, nonexclusive license to reproduce, distribute, transmit, display, perform,
and publish the content, including in digital form.
4. I represent and warrant that I have complied with all government regulations concerning the
transfer or export of any content I upload to PyPI. In particular, if I am subject to United States
law, I represent and warrant that I have obtained the proper governmental authorization for the
export of the content I upload. I further affirm that any content I provide is not intended for use
by a government end-user as defined in part 772 of the United States Export Administration Regulations.
"""
> A list of prohibited usage (combined with authentication) should be
> enough to prevent the problem
> as far as I understand.
>
> For instance, here's SourceForge's one
>
> http://sourceforge.net/apps/trac/sitelegal/wiki/Terms_of_Use#a2.YOURUSEOFSOURCEFORGE.NET
>
> Extract:
>
> ...using any information obtained from SourceForge.net in order to
> contact, advertise to, solicit, or sell to any
> user without such user's prior explicit consent (including
> non-commercial contacts like chain letters);
Right, we'd need something along those lines.
> [..]
>>> What I propose is:
>>>
>>> - set up authentication for the XML-RPC APIs, in order to control
>>> this. If a user starts to use
>>> XML-RPC calls in his bots, it's easy to shut it down.
>>>
>>> - set up a restricted list of subscribers for the PubSubHubbub
>>> protocol (I am not sure if this protocol
>>> supports authentication, but I guess we can set something up)
>>>
>>> - avoid displaying any email or derived emails on anonymous page
>>
>> I'm not sure how that would work. Package manager tools would
>> then all have to use this authentication mechanism.
>
> Yes but they would need to use an account therefore have an identity
> when they run their scripts.
Hmm, wouldn't that require all pip users to have PyPI account ?
> For instance, PyPI can have API calls quota per user, and a white list
> of users that are allowed to have
> an unlimited number of API calls. (managed manually)
>
> IOW, allow stuff like cheesecake ratings or whatever, to subscribe,
> and be able to block Softpedia.
>
> It's a limited protection but should be enough: I don't think the
> Softpedia staff will work on
> defeating this by registering hundreds of zombies at PyPI.
>
> But I understand that it also needs the legal part,
I'll work on the legal stuff and leave the technical side
to you :-)
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, May 06 2010)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
From tseaver at palladion.com Thu May 6 20:36:06 2010
From: tseaver at palladion.com (Tres Seaver)
Date: Thu, 06 May 2010 14:36:06 -0400
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <4BE2E600.5090208@egenix.com>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com> <4BE2D71E.5040009@egenix.com> <x2p94bdd2611005060803n46b2258aj8c54d3f9912ca76b@mail.gmail.com> <4BE2DDA8.5080805@egenix.com> <g2q94bdd2611005060837k8c1bc951x4f5345b1b545db47@mail.gmail.com>
<4BE2E600.5090208@egenix.com>
Message-ID: <hrv26m$nmc$1@dough.gmane.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
M.-A. Lemburg wrote:
> Tarek Ziad? wrote:
>> On Thu, May 6, 2010 at 5:18 PM, M.-A. Lemburg <mal at egenix.com> wrote:
>> [..]
>>> Sorry, perhaps I wasn't clear: when uploading things to PyPI
>>> you accept the PyPI terms. These terms currently allow anyone
>>> to take the data from PyPI and publically redistribute it
>>> without any restrictions.
>>>
>>> I think it's better to only allow the PSF to redistribute data
>>> that it got from the PyPI package authors.
>> I am not sure what it means that the PSF redistributes data. Is this
>> http://www.python.org/about/legal or another text ?
>
> That text needs some care as well, yes. I was referring to this text
> on PyPI:
>
> http://pypi.python.org/pypi?%3Aaction=register_form
> """
> By registering to upload content to PyPI, I agree and affirmatively acknowledge the following:
>
> 1. Content is restricted to Python packages and related information only.
> 2. Any content uploaded to PyPI is provided on a non-confidential basis.
> 3. The PSF is free to use or disseminate any content that I upload on an unrestricted basis for
> any purpose. In particular, the PSF and all other users of the web site are granted an irrevocable,
> worldwide, royalty-free, nonexclusive license to reproduce, distribute, transmit, display, perform,
> and publish the content, including in digital form.
> 4. I represent and warrant that I have complied with all government regulations concerning the
> transfer or export of any content I upload to PyPI. In particular, if I am subject to United States
> law, I represent and warrant that I have obtained the proper governmental authorization for the
> export of the content I upload. I further affirm that any content I provide is not intended for use
> by a government end-user as defined in part 772 of the United States Export Administration Regulations.
> """
>
>> A list of prohibited usage (combined with authentication) should be
>> enough to prevent the problem
>> as far as I understand.
>>
>> For instance, here's SourceForge's one
>>
>> http://sourceforge.net/apps/trac/sitelegal/wiki/Terms_of_Use#a2.YOURUSEOFSOURCEFORGE.NET
>>
>> Extract:
>>
>> ...using any information obtained from SourceForge.net in order to
>> contact, advertise to, solicit, or sell to any
>> user without such user's prior explicit consent (including
>> non-commercial contacts like chain letters);
>
> Right, we'd need something along those lines.
>
>> [..]
>>>> What I propose is:
>>>>
>>>> - set up authentication for the XML-RPC APIs, in order to control
>>>> this. If a user starts to use
>>>> XML-RPC calls in his bots, it's easy to shut it down.
>>>>
>>>> - set up a restricted list of subscribers for the PubSubHubbub
>>>> protocol (I am not sure if this protocol
>>>> supports authentication, but I guess we can set something up)
>>>>
>>>> - avoid displaying any email or derived emails on anonymous page
>>> I'm not sure how that would work. Package manager tools would
>>> then all have to use this authentication mechanism.
>> Yes but they would need to use an account therefore have an identity
>> when they run their scripts.
>
> Hmm, wouldn't that require all pip users to have PyPI account ?
I *think* PIP uses the "/simple" API (the RESTy one), rather than
XMLRPC. That is certainly how setuptools / distribute work, anyway.
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkvjDBAACgkQ+gerLs4ltQ5yCQCfV6Voc2nET6JtMJjDkrP0cPnc
TYwAnRNQDeE8KVBuGuqu8+OpN23oGWuf
=LKnD
-----END PGP SIGNATURE-----
From martin at v.loewis.de Fri May 7 00:59:37 2010
From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=)
Date: Fri, 07 May 2010 00:59:37 +0200
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
Message-ID: <4BE349D9.1050302@v.loewis.de>
> If they use PubSubHubbub, maybe we could set up a black list of
> subscribers people can manage at their level,
> if they reconstruct the emails by reading the RSS feed, maybe we
> should not publish this info (even with the @ transformed into " at
> ").
I don't think we should stop announcing new releases on the web site,
and, as long as we do, people can setup automated actions. People keep
asking for being notified, so I don't think the need for that will go
away, either. IOW, it is a good thing that automated reactions to new
releases are actually possible.
Now, with respect to these specific email messages: I agree they are
spam, and would support to see that stopped. However, I don't think
technical means are the right reaction. Instead, we should send them an
email message asking them to stop. Feel free to approach them.
Regards,
Martin
From ziade.tarek at gmail.com Fri May 7 01:33:46 2010
From: ziade.tarek at gmail.com (=?ISO-8859-1?Q?Tarek_Ziad=E9?=)
Date: Fri, 7 May 2010 01:33:46 +0200
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <4BE349D9.1050302@v.loewis.de>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
<4BE349D9.1050302@v.loewis.de>
Message-ID: <l2r94bdd2611005061633sf10c30fz5cab5dcf3aa75f72@mail.gmail.com>
2010/5/7 "Martin v. L?wis" <martin at v.loewis.de>:
>> If they use PubSubHubbub, maybe we could set up a black list of
>> subscribers people can manage at their level,
>> if they reconstruct the emails by reading the RSS feed, maybe we
>> should not publish this info (even with ?the @ transformed into " at
>> ").
>
> I don't think we should stop announcing new releases on the web site,
> and, as long as we do, people can setup automated actions. People keep
> asking for being notified, so I don't think the need for that will go
> away, either. IOW, it is a good thing that automated reactions to new
> releases are actually possible.
No one asked for stopping announcing the new releases. Having those automated
reaction is of course a good thing !
I just said that making it more secure would prevent spammers.
e.g. differentiate "people" from spammers.
>
> Now, with respect to these specific email messages: I agree they are
> spam, and would support to see that stopped. However, I don't think
> technical means are the right reaction. Instead, we should send them an
> email message asking them to stop. Feel free to approach them.
I don't think asking a spammer to stop spamming is the real solution.
PyPI and the PSF should protect its pypi.python.org users as much as possible,
here, and I still think it has to be addressed by making it harder for spammers
to bother us.
> Regards,
> Martin
>
--
Tarek Ziad? | http://ziade.org
From exarkun at twistedmatrix.com Fri May 7 01:43:54 2010
From: exarkun at twistedmatrix.com (exarkun at twistedmatrix.com)
Date: Thu, 06 May 2010 23:43:54 -0000
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <l2r94bdd2611005061633sf10c30fz5cab5dcf3aa75f72@mail.gmail.com>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
<4BE349D9.1050302@v.loewis.de>
<l2r94bdd2611005061633sf10c30fz5cab5dcf3aa75f72@mail.gmail.com>
Message-ID: <20100506234354.1681.1307873384.divmod.xquotient.66@localhost.localdomain>
On 11:33 pm, ziade.tarek at gmail.com wrote:
>2010/5/7 "Martin v. L?wis" <martin at v.loewis.de>:
>>>If they use PubSubHubbub, maybe we could set up a black list of
>>>subscribers people can manage at their level,
>>>if they reconstruct the emails by reading the RSS feed, maybe we
>>>should not publish this info (even with ?the @ transformed into " at
>>>").
>>
>>I don't think we should stop announcing new releases on the web site,
>>and, as long as we do, people can setup automated actions. People keep
>>asking for being notified, so I don't think the need for that will go
>>away, either. IOW, it is a good thing that automated reactions to new
>>releases are actually possible.
>
>No one asked for stopping announcing the new releases. Having those
>automated
>reaction is of course a good thing !
>
>I just said that making it more secure would prevent spammers.
>
>e.g. differentiate "people" from spammers.
>>
>>Now, with respect to these specific email messages: I agree they are
>>spam, and would support to see that stopped. However, I don't think
>>technical means are the right reaction. Instead, we should send them
>>an
>>email message asking them to stop. Feel free to approach them.
>
>I don't think asking a spammer to stop spamming is the real solution.
Softpedia is not an anonymous entity in an unknown legal jurisdiction.
I'm not going to claim to know what the best thing to do here is, but
asking Softpedia to stop doing this isn't like replying to a 411 email
asking to be taken off their mailing list. There's at least a small
chance that they care about their brand and reputation, and if not,
another chance that legal action can be brought against them.
>PyPI and the PSF should protect its pypi.python.org users as much as
>possible,
>here, and I still think it has to be addressed by making it harder for
>spammers
>to bother us.
>>Regards,
>>Martin
>
>
>
>--
>Tarek Ziad? | http://ziade.org
>_______________________________________________
>Catalog-SIG mailing list
>Catalog-SIG at python.org
>http://mail.python.org/mailman/listinfo/catalog-sig
From ziade.tarek at gmail.com Fri May 7 01:45:42 2010
From: ziade.tarek at gmail.com (=?ISO-8859-1?Q?Tarek_Ziad=E9?=)
Date: Fri, 7 May 2010 01:45:42 +0200
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <4BE3532A.9010005@v.loewis.de>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
<4BE349D9.1050302@v.loewis.de>
<l2r94bdd2611005061633sf10c30fz5cab5dcf3aa75f72@mail.gmail.com>
<4BE3532A.9010005@v.loewis.de>
Message-ID: <x2y94bdd2611005061645q5654cb42xd69d853aee350fe4@mail.gmail.com>
2010/5/7 "Martin v. L?wis" <martin at v.loewis.de>:
>> I don't think asking a spammer to stop spamming is the real solution.
>
> So you are saying we should *not* approach Softpedia? Why not?
I am not talking about Softpedia in particular, but about the PyPI
system that can
be used to spam people, whoever is the spammer.
IOW, I think we should fix this issue once for all and not focus on Softpedia.
Now I won't contact them, but anyone can try (beware you might get
more spam ;) )
>
> Regards,
> Martin
>
--
Tarek Ziad? | http://ziade.org
From martin at v.loewis.de Fri May 7 01:39:22 2010
From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=)
Date: Fri, 07 May 2010 01:39:22 +0200
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <l2r94bdd2611005061633sf10c30fz5cab5dcf3aa75f72@mail.gmail.com>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
<4BE349D9.1050302@v.loewis.de>
<l2r94bdd2611005061633sf10c30fz5cab5dcf3aa75f72@mail.gmail.com>
Message-ID: <4BE3532A.9010005@v.loewis.de>
> I don't think asking a spammer to stop spamming is the real solution.
So you are saying we should *not* approach Softpedia? Why not?
Regards,
Martin
From ziade.tarek at gmail.com Fri May 7 01:49:02 2010
From: ziade.tarek at gmail.com (=?ISO-8859-1?Q?Tarek_Ziad=E9?=)
Date: Fri, 7 May 2010 01:49:02 +0200
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <20100506234354.1681.1307873384.divmod.xquotient.66@localhost.localdomain>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
<4BE349D9.1050302@v.loewis.de>
<l2r94bdd2611005061633sf10c30fz5cab5dcf3aa75f72@mail.gmail.com>
<20100506234354.1681.1307873384.divmod.xquotient.66@localhost.localdomain>
Message-ID: <s2o94bdd2611005061649x1ff0942cs347e2689c3760f5d@mail.gmail.com>
2010/5/7 <exarkun at twistedmatrix.com>:
[..]
>
> Softpedia is not an anonymous entity in an unknown legal jurisdiction. I'm
> not going to claim to know what the best thing to do here is, but asking
> Softpedia to stop doing this isn't like replying to a 411 email asking to be
> taken off their mailing list. ?There's at least a small chance that they
> care about their brand and reputation, and if not, another chance that legal
> action can be brought against them.
Maybe it'll work, frankly I don't know who is behind them. But this
doesn't fix the real problem.
From steve at pearwood.info Fri May 7 02:43:31 2010
From: steve at pearwood.info (Steven D'Aprano)
Date: Fri, 7 May 2010 10:43:31 +1000
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
Message-ID: <201005071043.32009.steve@pearwood.info>
On Fri, 7 May 2010 12:34:24 am Tarek Ziad? wrote:
> Hello,
>
> The Softpedia website sends an email to everyone that register or
> uploads something at PyPI. This is clearly a spam and their website
> don't care about our projects.
>
> I am not sure if they use the PubSubHubbub thing, but I was wondering
> how we could prevent these unsolicited mails.
I don't know that we should be responsible for trying to prevent every
bad use of PyPI. I'm not even convinced that the Softpedia emails are
spam in any legal or ethical sense.
It's not a mass broadcast of email: each email gets sent to *one*
recipient. Re-distributing the software on PyPI is legal under the
terms of the licences (possibly with a few exceptions). I think you
would fail to convince a judge that, legally, Softpedia is spamming or
engaged in any unreasonable action. You certainly fail to convince me.
It would be different if you sent them clear instructions telling them
you prohibited them from redistributing the software, but that would be
in clear contradiction of any Open Source licence I know of, and you
won't get any sympathy from me.
You might not want to receive emails from Softpedia, but that doesn't
make them spam. I don't want to receive those stupid "chicken soup for
the soul" emails that my mum sends me, but that doesn't make them spam.
I don't think this is a problem we should be trying to solve. If you
don't want to see Softpedia's emails, teach your mail client to filter
them into the trash.
--
Steven D'Aprano
From steve at pearwood.info Fri May 7 02:50:22 2010
From: steve at pearwood.info (Steven D'Aprano)
Date: Fri, 7 May 2010 10:50:22 +1000
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <4BE3532A.9010005@v.loewis.de>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
<l2r94bdd2611005061633sf10c30fz5cab5dcf3aa75f72@mail.gmail.com>
<4BE3532A.9010005@v.loewis.de>
Message-ID: <201005071050.22610.steve@pearwood.info>
On Fri, 7 May 2010 09:39:22 am Martin v. L?wis wrote:
> > I don't think asking a spammer to stop spamming is the real
> > solution.
>
> So you are saying we should *not* approach Softpedia? Why not?
It is not up to us to decide on behalf of thousands of package authors
whether or not their software is mirrored on Softpedia, or whether
Softpedia contacts them.
I am strongly opposed to PyPI making that decision for me.
I am moderately opposed to PyPI prohibiting the redistribution of
metadata.
--
Steven D'Aprano
From tjreedy at udel.edu Fri May 7 06:28:24 2010
From: tjreedy at udel.edu (Terry Reedy)
Date: Fri, 07 May 2010 00:28:24 -0400
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <201005071043.32009.steve@pearwood.info>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
<201005071043.32009.steve@pearwood.info>
Message-ID: <hs04t6$5vu$1@dough.gmane.org>
On 5/6/2010 8:43 PM, Steven D'Aprano wrote:
> On Fri, 7 May 2010 12:34:24 am Tarek Ziad? wrote:
>> Hello,
>>
>> The Softpedia website sends an email to everyone that register or
>> uploads something at PyPI. This is clearly a spam and their website
>> don't care about our projects.
>>
>> I am not sure if they use the PubSubHubbub thing, but I was wondering
>> how we could prevent these unsolicited mails.
>
> I don't know that we should be responsible for trying to prevent every
> bad use of PyPI. I'm not even convinced that the Softpedia emails are
> spam in any legal or ethical sense.
>
> It's not a mass broadcast of email: each email gets sent to *one*
> recipient. Re-distributing the software on PyPI is legal under the
> terms of the licences (possibly with a few exceptions). I think you
> would fail to convince a judge that, legally, Softpedia is spamming or
> engaged in any unreasonable action. You certainly fail to convince me.
I am not completely convinced either. It appears to be a legitimate site
that people use to access FOSS software, with relatively subdued ads
(except for the double-underscore popup boxes). I do notice that
http://pypi.python.org/pypi/Distutils2/1.0a1
shows 0 downloads at the moment whereas
http://linux.softpedia.com/get/Programming/Libraries/Distutils2-56577.shtml
shows 14. The python3.1.2 page shows nearly 10000. That much, if
truthful, is good.
If one uploads often, I see how the 'curtesy' letter could be annoying.
Terry Jan Reedy
From noah at coderanger.net Fri May 7 09:22:53 2010
From: noah at coderanger.net (Noah Kantrowitz)
Date: Fri, 7 May 2010 00:22:53 -0700
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <hs04t6$5vu$1@dough.gmane.org>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
<201005071043.32009.steve@pearwood.info>
<hs04t6$5vu$1@dough.gmane.org>
Message-ID: <006A95EB-C897-48F8-ABAD-48E3E94E3BD3@coderanger.net>
On May 6, 2010, at 9:28 PM, Terry Reedy wrote:
> On 5/6/2010 8:43 PM, Steven D'Aprano wrote:
>> On Fri, 7 May 2010 12:34:24 am Tarek Ziad? wrote:
>>> Hello,
>>>
>>> The Softpedia website sends an email to everyone that register or
>>> uploads something at PyPI. This is clearly a spam and their website
>>> don't care about our projects.
>>>
>>> I am not sure if they use the PubSubHubbub thing, but I was wondering
>>> how we could prevent these unsolicited mails.
>>
>> I don't know that we should be responsible for trying to prevent every
>> bad use of PyPI. I'm not even convinced that the Softpedia emails are
>> spam in any legal or ethical sense.
>>
>> It's not a mass broadcast of email: each email gets sent to *one*
>> recipient. Re-distributing the software on PyPI is legal under the
>> terms of the licences (possibly with a few exceptions). I think you
>> would fail to convince a judge that, legally, Softpedia is spamming or
>> engaged in any unreasonable action. You certainly fail to convince me.
>
> I am not completely convinced either. It appears to be a legitimate site that people use to access FOSS software, with relatively subdued ads (except for the double-underscore popup boxes). I do notice that
> http://pypi.python.org/pypi/Distutils2/1.0a1
> shows 0 downloads at the moment whereas
> http://linux.softpedia.com/get/Programming/Libraries/Distutils2-56577.shtml
> shows 14. The python3.1.2 page shows nearly 10000. That much, if truthful, is good.
>
> If one uploads often, I see how the 'curtesy' letter could be annoying.
I think most FOSS authors are aware that putting their email in a package is effectively putting it in the clear on the internet. I think we have come beyond the days of "noah (at) coderanger [dot] net" and all those silly tricks that were popular not too long ago. If an author is excessively concerned about spam, they shouldn't put their email in author_email. Is that field mandatory now or something? Softpedia is a little annoying with the emails, but I've found them useful personally (along with versiontracker) when looking for OS X software before. Freshmeat is a similar index of FOSS projects, and I've definitely used that before. Is there some reason we are objecting to including PyPI data in other software catalogs? If it makes it a tiny bit easier to find Python software, I'm all for it.
--Noah
From ziade.tarek at gmail.com Fri May 7 09:31:45 2010
From: ziade.tarek at gmail.com (=?ISO-8859-1?Q?Tarek_Ziad=E9?=)
Date: Fri, 7 May 2010 09:31:45 +0200
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <hs04t6$5vu$1@dough.gmane.org>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
<201005071043.32009.steve@pearwood.info>
<hs04t6$5vu$1@dough.gmane.org>
Message-ID: <s2s94bdd2611005070031p83bd087aq1c8024b90c7c4332@mail.gmail.com>
On Fri, May 7, 2010 at 6:28 AM, Terry Reedy <tjreedy at udel.edu> wrote:
[..]
>>
>> I don't know that we should be responsible for trying to prevent every
>> bad use of PyPI. I'm not even convinced that the Softpedia emails are
>> spam in any legal or ethical sense.
>>
>> It's not a mass broadcast of email: each email gets sent to *one*
>> recipient. Re-distributing the software on PyPI is legal under the
>> terms of the licences (possibly with a few exceptions). I think you
>> would fail to convince a judge that, legally, Softpedia is spamming or
>> engaged in any unreasonable action. You certainly fail to convince me.
A spam is an unsolicited email you receive from someone you don't know,
that tries to sell or promote a service or a product to make money.
Softpedia qualifies in this definition.
> I am not completely convinced either. It appears to be a legitimate site
> that people use to access FOSS software, with relatively subdued ads (except
> for the double-underscore popup boxes). I do notice that
> http://pypi.python.org/pypi/Distutils2/1.0a1
> shows 0 downloads at the moment whereas
> http://linux.softpedia.com/get/Programming/Libraries/Distutils2-56577.shtml
> shows 14. The python3.1.2 page shows nearly 10000. That much, if truthful,
> is good.
>
> If one uploads often, I see how the 'curtesy' letter could be annoying.
Yes that what happens to me. But well I am just going to drop it, it
seems that I am
alone thinking this should be prevented, and that Softpedia is a spammer :)
From martin at v.loewis.de Fri May 7 09:35:32 2010
From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=)
Date: Fri, 07 May 2010 09:35:32 +0200
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <006A95EB-C897-48F8-ABAD-48E3E94E3BD3@coderanger.net>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com> <201005071043.32009.steve@pearwood.info> <hs04t6$5vu$1@dough.gmane.org>
<006A95EB-C897-48F8-ABAD-48E3E94E3BD3@coderanger.net>
Message-ID: <4BE3C2C4.8030709@v.loewis.de>
> I think most FOSS authors are aware that putting their email in a
> package is effectively putting it in the clear on the internet. I
> think we have come beyond the days of "noah (at) coderanger [dot]
> net" and all those silly tricks that were popular not too long ago.
> If an author is excessively concerned about spam, they shouldn't put
> their email in author_email. Is that field mandatory now or
> something? Softpedia is a little annoying with the emails, but I've
> found them useful personally (along with versiontracker) when looking
> for OS X software before. Freshmeat is a similar index of FOSS
> projects, and I've definitely used that before. Is there some reason
> we are objecting to including PyPI data in other software catalogs?
> If it makes it a tiny bit easier to find Python software, I'm all for
> it.
Ok. So I won't take any action, then.
Regards,
Martin
From ziade.tarek at gmail.com Fri May 7 09:36:49 2010
From: ziade.tarek at gmail.com (=?ISO-8859-1?Q?Tarek_Ziad=E9?=)
Date: Fri, 7 May 2010 09:36:49 +0200
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <006A95EB-C897-48F8-ABAD-48E3E94E3BD3@coderanger.net>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com>
<201005071043.32009.steve@pearwood.info>
<hs04t6$5vu$1@dough.gmane.org>
<006A95EB-C897-48F8-ABAD-48E3E94E3BD3@coderanger.net>
Message-ID: <i2s94bdd2611005070036v25b77253me64dcf455ff4cad7@mail.gmail.com>
On Fri, May 7, 2010 at 9:22 AM, Noah Kantrowitz <noah at coderanger.net> wrote:
[..]
>
> I think most FOSS authors are aware that putting their email in a package is effectively putting it in the clear on the internet. I think we have come beyond the days of "noah (at) coderanger [dot] net" and all those silly tricks that were popular not too long ago. If an author is excessively concerned about spam, they shouldn't put their email in author_email. Is that field mandatory now or something?
No it's not mandatory.
> Softpedia is a little annoying with the emails, but I've found them useful personally (along with versiontracker)
> when looking for OS X software before. Freshmeat is a similar index of FOSS projects, and I've definitely
> used that before. Is there some reason we are objecting to including PyPI data in other software catalogs? If
> it makes it a tiny bit easier to find Python software, I'm all for it.
You can't compare Freshmeat and Softpedia. Freshmeat is a legitimate
index developer manually fills, whereas Softpedia is bot-based and
just tries to attract people to make make money.
I don't mind having PyPI projects at Softpedia, but I think we should
prevent this automatic mail sending they set up. It got worse lately.
But I said I would drop it, so... :)
>
> --Noah
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig
>
--
Tarek Ziad? | http://ziade.org
From mal at egenix.com Fri May 7 09:47:21 2010
From: mal at egenix.com (M.-A. Lemburg)
Date: Fri, 07 May 2010 09:47:21 +0200
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <006A95EB-C897-48F8-ABAD-48E3E94E3BD3@coderanger.net>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com> <201005071043.32009.steve@pearwood.info> <hs04t6$5vu$1@dough.gmane.org>
<006A95EB-C897-48F8-ABAD-48E3E94E3BD3@coderanger.net>
Message-ID: <4BE3C589.1040109@egenix.com>
Noah Kantrowitz wrote:
> I think most FOSS authors are aware that putting their email in a package is effectively putting it in the clear on the internet. I think we have come beyond the days of "noah (at) coderanger [dot] net" and all those silly tricks that were popular not too long ago. If an author is excessively concerned about spam, they shouldn't put their email in author_email. Is that field mandatory now or something? Softpedia is a little annoying with the emails, but I've found them useful personally (along with versiontracker) when looking for OS X software before. Freshmeat is a similar index of FOSS projects, and I've definitely used that before. Is there some reason we are objecting to including PyPI data in other software catalogs? If it makes it a tiny bit easier to find Python software, I'm all for it.
No, but the PSF should be asked for permission before using the data
on some other site.
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, May 07 2010)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
2010-04-23: Released mxODBC.Zope.DA 2.0.1 http://zope.egenix.com/
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
From noah at coderanger.net Fri May 7 09:49:33 2010
From: noah at coderanger.net (Noah Kantrowitz)
Date: Fri, 7 May 2010 00:49:33 -0700
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <4BE3C589.1040109@egenix.com>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com> <201005071043.32009.steve@pearwood.info> <hs04t6$5vu$1@dough.gmane.org>
<006A95EB-C897-48F8-ABAD-48E3E94E3BD3@coderanger.net>
<4BE3C589.1040109@egenix.com>
Message-ID: <4954D092-40E7-445C-940B-217A0C03DDEF@coderanger.net>
On May 7, 2010, at 12:47 AM, M.-A. Lemburg wrote:
> Noah Kantrowitz wrote:
>> I think most FOSS authors are aware that putting their email in a package is effectively putting it in the clear on the internet. I think we have come beyond the days of "noah (at) coderanger [dot] net" and all those silly tricks that were popular not too long ago. If an author is excessively concerned about spam, they shouldn't put their email in author_email. Is that field mandatory now or something? Softpedia is a little annoying with the emails, but I've found them useful personally (along with versiontracker) when looking for OS X software before. Freshmeat is a similar index of FOSS projects, and I've definitely used that before. Is there some reason we are objecting to including PyPI data in other software catalogs? If it makes it a tiny bit easier to find Python software, I'm all for it.
>
> No, but the PSF should be asked for permission before using the data
> on some other site.
Permission is probably not a good thing to inject, too much risk of being picky on who can use the data. If it is available to anyone, it should be available to all. I would agree that as a professional courtesy it would be nice if people would let us know if they are mining PyPI, but you are dipping into dangerous territory if you put a gate in front of it.
--Noah
From mal at egenix.com Fri May 7 09:57:19 2010
From: mal at egenix.com (M.-A. Lemburg)
Date: Fri, 07 May 2010 09:57:19 +0200
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <4954D092-40E7-445C-940B-217A0C03DDEF@coderanger.net>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com> <201005071043.32009.steve@pearwood.info> <hs04t6$5vu$1@dough.gmane.org> <006A95EB-C897-48F8-ABAD-48E3E94E3BD3@coderanger.net> <4BE3C589.1040109@egenix.com>
<4954D092-40E7-445C-940B-217A0C03DDEF@coderanger.net>
Message-ID: <4BE3C7DF.3090005@egenix.com>
Noah Kantrowitz wrote:
>
> On May 7, 2010, at 12:47 AM, M.-A. Lemburg wrote:
>
>> Noah Kantrowitz wrote:
>>> I think most FOSS authors are aware that putting their email in a package is effectively putting it in the clear on the internet. I think we have come beyond the days of "noah (at) coderanger [dot] net" and all those silly tricks that were popular not too long ago. If an author is excessively concerned about spam, they shouldn't put their email in author_email. Is that field mandatory now or something? Softpedia is a little annoying with the emails, but I've found them useful personally (along with versiontracker) when looking for OS X software before. Freshmeat is a similar index of FOSS projects, and I've definitely used that before. Is there some reason we are objecting to including PyPI data in other software catalogs? If it makes it a tiny bit easier to find Python software, I'm all for it.
>>
>> No, but the PSF should be asked for permission before using the data
>> on some other site.
>
> Permission is probably not a good thing to inject, too much risk of being picky on who can use the data. If it is available to anyone, it should be available to all. I would agree that as a professional courtesy it would be nice if people would let us know if they are mining PyPI, but you are dipping into dangerous territory if you put a gate in front of it.
Why do you think so ?
The PSF would most certainly apply the same openness it is applying
for its own trademarks.
I believe that package authors uploading things to PyPI should be able
to trust that the PSF (being behind PyPI) uses this data with the
appropriate care.
The same is true if you upload data to Freshmeat, Sourceforge and
other such sites. Why should PyPI be different ?
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, May 07 2010)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
2010-04-23: Released mxODBC.Zope.DA 2.0.1 http://zope.egenix.com/
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
From noah at coderanger.net Fri May 7 10:00:52 2010
From: noah at coderanger.net (Noah Kantrowitz)
Date: Fri, 7 May 2010 01:00:52 -0700
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <4BE3C7DF.3090005@egenix.com>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com> <201005071043.32009.steve@pearwood.info> <hs04t6$5vu$1@dough.gmane.org> <006A95EB-C897-48F8-ABAD-48E3E94E3BD3@coderanger.net> <4BE3C589.1040109@egenix.com>
<4954D092-40E7-445C-940B-217A0C03DDEF@coderanger.net>
<4BE3C7DF.3090005@egenix.com>
Message-ID: <5B7B39BD-6659-44D7-91DC-32E1E6EC15D0@coderanger.net>
On May 7, 2010, at 12:57 AM, M.-A. Lemburg wrote:
> Noah Kantrowitz wrote:
>>
>> On May 7, 2010, at 12:47 AM, M.-A. Lemburg wrote:
>>
>>> Noah Kantrowitz wrote:
>>>> I think most FOSS authors are aware that putting their email in a package is effectively putting it in the clear on the internet. I think we have come beyond the days of "noah (at) coderanger [dot] net" and all those silly tricks that were popular not too long ago. If an author is excessively concerned about spam, they shouldn't put their email in author_email. Is that field mandatory now or something? Softpedia is a little annoying with the emails, but I've found them useful personally (along with versiontracker) when looking for OS X software before. Freshmeat is a similar index of FOSS projects, and I've definitely used that before. Is there some reason we are objecting to including PyPI data in other software catalogs? If it makes it a tiny bit easier to find Python software, I'm all for it.
>>>
>>> No, but the PSF should be asked for permission before using the data
>>> on some other site.
>>
>> Permission is probably not a good thing to inject, too much risk of being picky on who can use the data. If it is available to anyone, it should be available to all. I would agree that as a professional courtesy it would be nice if people would let us know if they are mining PyPI, but you are dipping into dangerous territory if you put a gate in front of it.
>
> Why do you think so ?
>
> The PSF would most certainly apply the same openness it is applying
> for its own trademarks.
>
> I believe that package authors uploading things to PyPI should be able
> to trust that the PSF (being behind PyPI) uses this data with the
> appropriate care.
>
> The same is true if you upload data to Freshmeat, Sourceforge and
> other such sites. Why should PyPI be different ?
I just don't think the PSF or this SIG should be in the business of saying who can access PyPI (which is what this boils down to at a philosophical level). That said, I also have a lot of faith in the judgement of the PSF and if they felt they could take on this (large) responsibility I wouldn't fight it that hard. I would fight harder to say that this shouldn't be the job of the SIG though.
--Noah
From mal at egenix.com Fri May 7 10:17:00 2010
From: mal at egenix.com (M.-A. Lemburg)
Date: Fri, 07 May 2010 10:17:00 +0200
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <5B7B39BD-6659-44D7-91DC-32E1E6EC15D0@coderanger.net>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com> <201005071043.32009.steve@pearwood.info> <hs04t6$5vu$1@dough.gmane.org> <006A95EB-C897-48F8-ABAD-48E3E94E3BD3@coderanger.net> <4BE3C589.1040109@egenix.com> <4954D092-40E7-445C-940B-217A0C03DDEF@coderanger.net> <4BE3C7DF.3090005@egenix.com>
<5B7B39BD-6659-44D7-91DC-32E1E6EC15D0@coderanger.net>
Message-ID: <4BE3CC7C.9080905@egenix.com>
Noah Kantrowitz wrote:
>
> On May 7, 2010, at 12:57 AM, M.-A. Lemburg wrote:
>
>> Noah Kantrowitz wrote:
>>>
>>> On May 7, 2010, at 12:47 AM, M.-A. Lemburg wrote:
>>>
>>>> Noah Kantrowitz wrote:
>>>>> I think most FOSS authors are aware that putting their email in a package is effectively putting it in the clear on the internet. I think we have come beyond the days of "noah (at) coderanger [dot] net" and all those silly tricks that were popular not too long ago. If an author is excessively concerned about spam, they shouldn't put their email in author_email. Is that field mandatory now or something? Softpedia is a little annoying with the emails, but I've found them useful personally (along with versiontracker) when looking for OS X software before. Freshmeat is a similar index of FOSS projects, and I've definitely used that before. Is there some reason we are objecting to including PyPI data in other software catalogs? If it makes it a tiny bit easier to find Python software, I'm all for it.
>>>>
>>>> No, but the PSF should be asked for permission before using the data
>>>> on some other site.
>>>
>>> Permission is probably not a good thing to inject, too much risk of being picky on who can use the data. If it is available to anyone, it should be available to all. I would agree that as a professional courtesy it would be nice if people would let us know if they are mining PyPI, but you are dipping into dangerous territory if you put a gate in front of it.
>>
>> Why do you think so ?
>>
>> The PSF would most certainly apply the same openness it is applying
>> for its own trademarks.
>>
>> I believe that package authors uploading things to PyPI should be able
>> to trust that the PSF (being behind PyPI) uses this data with the
>> appropriate care.
>>
>> The same is true if you upload data to Freshmeat, Sourceforge and
>> other such sites. Why should PyPI be different ?
>
> I just don't think the PSF or this SIG should be in the business of saying who can access PyPI (which is what this boils down to at a philosophical level). That said, I also have a lot of faith in the judgement of the PSF and if they felt they could take on this (large) responsibility I wouldn't fight it that hard. I would fight harder to say that this shouldn't be the job of the SIG though.
This would be the PSF's task, since the relationship is between the
package author and the PSF, not this SIG, although the PSF could
approach the SIG for help, e.g. in order to define where to draw
the line.
Please also note that the PSF would not be in the business of
saying who can access PyPI, only in the business of saying who is
allowed to publicly redistribute that data and under which conditions.
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, May 07 2010)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
2010-04-23: Released mxODBC.Zope.DA 2.0.1 http://zope.egenix.com/
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
From tjreedy at udel.edu Fri May 7 23:52:04 2010
From: tjreedy at udel.edu (Terry Reedy)
Date: Fri, 07 May 2010 17:52:04 -0400
Subject: [Catalog-sig] The "Softpedia" spam
In-Reply-To: <s2s94bdd2611005070031p83bd087aq1c8024b90c7c4332@mail.gmail.com>
References: <x2v94bdd2611005060734p7eb8db70w61df4ba0a9904141@mail.gmail.com> <201005071043.32009.steve@pearwood.info> <hs04t6$5vu$1@dough.gmane.org>
<s2s94bdd2611005070031p83bd087aq1c8024b90c7c4332@mail.gmail.com>
Message-ID: <hs2225$3hs$1@dough.gmane.org>
On 5/7/2010 3:31 AM, Tarek Ziad? wrote:
> A spam is an unsolicited email you receive from someone you don't know,
> that tries to sell or promote a service or a product to make money.
> Softpedia qualifies in this definition.
I suspect that they would claim that the purpose of the email is only to
afford you the opportunity to correct the info. I have no idea if they
really would make a change. In any case, by your definition, the
unsolicited email would not be spam if the *site* did not have ads.
Would you then not mind them?
>> If one uploads often, I see how the 'curtesy' letter could be annoying.
>
> Yes that what happens to me. But well I am just going to drop it, it
> seems that I am
> alone thinking this should be prevented, and that Softpedia is a spammer :)
I think they are on the border, perhaps cleverly so, perhaps too
cleverly. You could respond and say the writeup is ok, but that you
frequently upload revisions and detest getting a notification each time
they grab one and would they please put you on a list of authors not to
email again.
Terry Jan Reedy
From jjl at pobox.com Sat May 8 20:19:18 2010
From: jjl at pobox.com (John J Lee)
Date: Sat, 8 May 2010 19:19:18 +0100 (BST)
Subject: [Catalog-sig] Uploading existing source distributions
Message-ID: <alpine.DEB.2.00.1005081859050.2914@alice>
setup.py sdist builds project distributions (tarballs, zip files, eggs,
...), even if they're already built.
I'd like to build source distributions, test them, then upload
byte-for-byte identical source distributions to PyPI. However, the only
way I know to upload zip files using the upload command involves also
running sdist:
python setup.py sdist --formats=gztar,zip upload
Presumably that will cause sdist to rebuild the distributions, causing the
md5sums to change (presumably due to timestamps)
Of course, it works OK to just rebuild source distributions with identical
inputs after testing, but it's an annoyance that you can't just point
setup.py upload at an already-built source distribution.
Has anybody figured out how to do that? Or is there some other automated
means of uploading existing source distributions to PyPI? The latter
would need to set the appropriate metadata, as setup.py upload does, as
well as uploading the files themselves.
John
From tdoman at novell.com Mon May 10 23:40:37 2010
From: tdoman at novell.com (Tom Doman)
Date: Mon, 10 May 2010 15:40:37 -0600
Subject: [Catalog-sig] Bug fixes\enhancements for PyTNEF
Message-ID: <4BE828F5020000E40000ED0C@sinclair.provo.novell.com>
To whom it may concern,
I have made some bug fixes and debug enhancements to the PyTNEF package I found here: http://pypi.python.org/pypi/pytnef
It appears to be a relatively dead project, last uploaded 2006 but it appears to be hosted on google w/ updates as late as 2008. I have tried to contact the creator of this project w/o success but I would like to comply w/ the terms of the LGPL by posting my updates back to the same location. I realize it is not required under the terms of the LGPL but I'd like to follow a "best practice" and give the changes a proper home.
I'm brand new to this community and I haven't yet been able to determine how to submit an update especially when I can't get in touch w/ the maintainer. Can you help me w/ this procedure? I have only modified one python file in the entire package.
Thanks,
Tom Doman
Novell Inc.
tdoman at novell.com
(801)861-4397
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20100510/fbce1deb/attachment.html>
From martin at v.loewis.de Tue May 11 03:48:57 2010
From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=)
Date: Tue, 11 May 2010 03:48:57 +0200
Subject: [Catalog-sig] Bug fixes\enhancements for PyTNEF
In-Reply-To: <4BE828F5020000E40000ED0C@sinclair.provo.novell.com>
References: <4BE828F5020000E40000ED0C@sinclair.provo.novell.com>
Message-ID: <4BE8B789.3070006@v.loewis.de>
> I'm brand new to this community and I haven't yet been able to determine
> how to submit an update especially when I can't get in touch w/ the
> maintainer. Can you help me w/ this procedure? I have only modified
> one python file in the entire package.
My recommendation: fork the code under a new name, and publish it under
the new name as well. Then, the original author may become aware and
realize that you are serious about that (which he may doubt if you just
announced your intents by email). Ideally, this ends with a public handover.
Regards,
Martin
From martin at v.loewis.de Fri May 14 19:59:09 2010
From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=)
Date: Fri, 14 May 2010 19:59:09 +0200
Subject: [Catalog-sig] Sorting and grouping by multilink properties disabled
Message-ID: <4BED8F6D.6050204@v.loewis.de>
While investigating the load hit on roundup, we found that
Google somewhy issued queries that group by "nosy".
"nosy" being a multilink property, the implementation is a really
lame "download the entire database, sort in Python" approach.
Therefore, I have disabled sorting and grouping by multilink
properties. If that causes problems, please let me know.
Regards,
Martin
From martin at v.loewis.de Fri May 14 20:01:53 2010
From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=)
Date: Fri, 14 May 2010 20:01:53 +0200
Subject: [Catalog-sig] Sorting and grouping by multilink properties
disabled
In-Reply-To: <4BED8F6D.6050204@v.loewis.de>
References: <4BED8F6D.6050204@v.loewis.de>
Message-ID: <4BED9011.10402@v.loewis.de>
[oops, meant for a different mailing list]
Sorry,
Martin
From jcea at jcea.es Fri May 28 04:50:40 2010
From: jcea at jcea.es (Jesus Cea)
Date: Fri, 28 May 2010 04:50:40 +0200
Subject: [Catalog-sig] Renaming a pypi package
Message-ID: <4BFF2F80.8070605@jcea.es>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi, guys. I am pretty sure this is a FAQ, and I am certain I have read
other emails about this in the past, but I can't find any info online
now. Silly me!.
How can I rename a package in pypi?.
I would like to rename
<http://pypi.python.org/pypi?:action=display&name=BerkeleyDB%20Backend%20Storage%20Engine%20for%20DURUS&version=20070503>
to something actually installable via "easy_install".
Suggestions about the new name? :).
Thanks!.
- --
Jesus Cea Avion _/_/ _/_/_/ _/_/_/
jcea at jcea.es - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/_/_/_/
. _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQCVAwUBS/8vf5lgi5GaxT1NAQKVYQP9EEXIIaACfj2vYLD2OaZCPyVk9rQvvNuh
6CM7UEcDx+7ZtrhpXAk8Z1o1BLR28couSSFgaaV23MXjE2WEF96z6kXiqV8IVKQ8
ekCh7CFH49RmvDK1VhbLEvmZ/X8fqLG6Zdejx6oCyuCRoeD3qkNyyR3MryeRrHNx
CxTHcyL5MnI=
=2JbR
-----END PGP SIGNATURE-----
From martin at v.loewis.de Fri May 28 08:28:06 2010
From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=)
Date: Fri, 28 May 2010 08:28:06 +0200
Subject: [Catalog-sig] Renaming a pypi package
In-Reply-To: <4BFF2F80.8070605@jcea.es>
References: <4BFF2F80.8070605@jcea.es>
Message-ID: <4BFF6276.9020300@v.loewis.de>
> How can I rename a package in pypi?.
Submit a support request to the PyPI bug tracker asking to rename it.
Alternatively, create a new package, release it, and delete the old package.
Regards,
Martin
From jcea at jcea.es Fri May 28 14:59:26 2010
From: jcea at jcea.es (Jesus Cea)
Date: Fri, 28 May 2010 14:59:26 +0200
Subject: [Catalog-sig] Renaming a pypi package
In-Reply-To: <4BFF6276.9020300@v.loewis.de>
References: <4BFF2F80.8070605@jcea.es> <4BFF6276.9020300@v.loewis.de>
Message-ID: <4BFFBE2E.2060005@jcea.es>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 28/05/10 08:28, "Martin v. L?wis" wrote:
>> How can I rename a package in pypi?.
>
> Submit a support request to the PyPI bug tracker asking to rename it.
>
> Alternatively, create a new package, release it, and delete the old
> package.
Thanks, Martin. I rather prefer the renaming, since I would like to keep
the project history.
How do you validate that the guy requesting the rename in the bug
tracker is actually the owner?.
BTW, messing around PyPI, I have found a rename option under "manage
roles". Not sure what it does, it seems to be to rename packages inside
the project, so no useful here. I a
- --
Jesus Cea Avion _/_/ _/_/_/ _/_/_/
jcea at jcea.es - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/_/_/_/
. _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQCVAwUBS/++Lplgi5GaxT1NAQLJ1gQAl3FRx9tVQJeQLdn7g8uSFAdoOPBeqJ4Y
rzy+C3xNiy90T97uKDpTSqUFDVguRBjxVT1O0SbL/nW9vt3cwz5purNw7mgnh9Ux
htf3+f9ApwSAa7zVut/7VlJ6fvxu/6bs+KsQIQoAWY56e/P1BMC8cgI8E47Vprhk
85gE/bJjKPA=
=5Til
-----END PGP SIGNATURE-----