[Catalog-sig] The "Softpedia" spam

M.-A. Lemburg mal at egenix.com
Fri May 7 10:17:00 CEST 2010

Noah Kantrowitz wrote:
> On May 7, 2010, at 12:57 AM, M.-A. Lemburg wrote:
>> Noah Kantrowitz wrote:
>>> On May 7, 2010, at 12:47 AM, M.-A. Lemburg wrote:
>>>> Noah Kantrowitz wrote:
>>>>> I think most FOSS authors are aware that putting their email in a package is effectively putting it in the clear on the internet. I think we have come beyond the days of "noah (at) coderanger [dot] net" and all those silly tricks that were popular not too long ago. If an author is excessively concerned about spam, they shouldn't put their email in author_email. Is that field mandatory now or something? Softpedia is a little annoying with the emails, but I've found them useful personally (along with versiontracker) when looking for OS X software before. Freshmeat is a similar index of FOSS projects, and I've definitely used that before. Is there some reason we are objecting to including PyPI data in other software catalogs? If it makes it a tiny bit easier to find Python software, I'm all for it.
>>>> No, but the PSF should be asked for permission before using the data
>>>> on some other site.
>>> Permission is probably not a good thing to inject, too much risk of being picky on who can use the data. If it is available to anyone, it should be available to all. I would agree that as a professional courtesy it would be nice if people would let us know if they are mining PyPI, but you are dipping into dangerous territory if you put a gate in front of it.
>> Why do you think so ?
>> The PSF would most certainly apply the same openness it is applying
>> for its own trademarks.
>> I believe that package authors uploading things to PyPI should be able
>> to trust that the PSF (being behind PyPI) uses this data with the
>> appropriate care.
>> The same is true if you upload data to Freshmeat, Sourceforge and
>> other such sites. Why should PyPI be different ?
> I just don't think the PSF or this SIG should be in the business of saying who can access PyPI (which is what this boils down to at a philosophical level). That said, I also have a lot of faith in the judgement of the PSF and if they felt they could take on this (large) responsibility I wouldn't fight it that hard. I would fight harder to say that this shouldn't be the job of the SIG though.

This would be the PSF's task, since the relationship is between the
package author and the PSF, not this SIG, although the PSF could
approach the SIG for help, e.g. in order to define where to draw
the line.

Please also note that the PSF would not be in the business of
saying who can access PyPI, only in the business of saying who is
allowed to publicly redistribute that data and under which conditions.

Marc-Andre Lemburg

Professional Python Services directly from the Source  (#1, May 07 2010)
>>> Python/Zope Consulting and Support ...        http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
2010-04-23: Released mxODBC.Zope.DA 2.0.1        http://zope.egenix.com/

::: Try our new mxODBC.Connect Python Database Interface for free ! ::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the Catalog-SIG mailing list