[Catalog-sig] The "Softpedia" spam
mal at egenix.com
Thu May 6 17:53:36 CEST 2010
Tarek Ziadé wrote:
> On Thu, May 6, 2010 at 5:18 PM, M.-A. Lemburg <mal at egenix.com> wrote:
>> Sorry, perhaps I wasn't clear: when uploading things to PyPI
>> you accept the PyPI terms. These terms currently allow anyone
>> to take the data from PyPI and publically redistribute it
>> without any restrictions.
>> I think it's better to only allow the PSF to redistribute data
>> that it got from the PyPI package authors.
> I am not sure what it means that the PSF redistributes data. Is this
> http://www.python.org/about/legal or another text ?
That text needs some care as well, yes. I was referring to this text
By registering to upload content to PyPI, I agree and affirmatively acknowledge the following:
1. Content is restricted to Python packages and related information only.
2. Any content uploaded to PyPI is provided on a non-confidential basis.
3. The PSF is free to use or disseminate any content that I upload on an unrestricted basis for
any purpose. In particular, the PSF and all other users of the web site are granted an irrevocable,
worldwide, royalty-free, nonexclusive license to reproduce, distribute, transmit, display, perform,
and publish the content, including in digital form.
4. I represent and warrant that I have complied with all government regulations concerning the
transfer or export of any content I upload to PyPI. In particular, if I am subject to United States
law, I represent and warrant that I have obtained the proper governmental authorization for the
export of the content I upload. I further affirm that any content I provide is not intended for use
by a government end-user as defined in part 772 of the United States Export Administration Regulations.
> A list of prohibited usage (combined with authentication) should be
> enough to prevent the problem
> as far as I understand.
> For instance, here's SourceForge's one
> ...using any information obtained from SourceForge.net in order to
> contact, advertise to, solicit, or sell to any
> user without such user's prior explicit consent (including
> non-commercial contacts like chain letters);
Right, we'd need something along those lines.
>>> What I propose is:
>>> - set up authentication for the XML-RPC APIs, in order to control
>>> this. If a user starts to use
>>> XML-RPC calls in his bots, it's easy to shut it down.
>>> - set up a restricted list of subscribers for the PubSubHubbub
>>> protocol (I am not sure if this protocol
>>> supports authentication, but I guess we can set something up)
>>> - avoid displaying any email or derived emails on anonymous page
>> I'm not sure how that would work. Package manager tools would
>> then all have to use this authentication mechanism.
> Yes but they would need to use an account therefore have an identity
> when they run their scripts.
Hmm, wouldn't that require all pip users to have PyPI account ?
> For instance, PyPI can have API calls quota per user, and a white list
> of users that are allowed to have
> an unlimited number of API calls. (managed manually)
> IOW, allow stuff like cheesecake ratings or whatever, to subscribe,
> and be able to block Softpedia.
> It's a limited protection but should be enough: I don't think the
> Softpedia staff will work on
> defeating this by registering hundreds of zombies at PyPI.
> But I understand that it also needs the legal part,
I'll work on the legal stuff and leave the technical side
to you :-)
Professional Python Services directly from the Source (#1, May 06 2010)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
More information about the Catalog-SIG