[Catalog-sig] Flag to tell pip to only install uploaded files

Donald Stufft donald.stufft at gmail.com
Fri Jul 6 22:36:58 CEST 2012 

On Thursday, July 5, 2012 at 10:49 PM, Terry Reedy wrote:
> On 7/5/2012 6:48 PM, Donald Stufft wrote:
> > On Thursday, July 5, 2012 at 6:38 PM, Terry Reedy wrote:
> > > Last I knew, uploading a file required licensing it to the PSF. On the
> > > other hand, I can find no mention of that on
> > > http://pypi.python.org/pypi?%3Aaction=submit_form
> > > http://wiki.python.org/moin/CheeseShopTutorial
> > > nor a link to the license anywhere. So I don't know what the current
> > > situation is.
> > > 
> > 
> > http://www.python.org/about/legal/
> > 
> > IANAL but I think it pretty much it just says the things you upload to
> > the site, the site is allowed to let others download it and you don't
> > get to charge the PSF for it.
> > 
> 
> 
> That is pretty much what the first version says. The current version is 
> much more expansive and seems to deny any license restrictions.
> 
> "The Python Software Foundation ... has no obligation of any kind with 
> respect to such third party content."
> 
> not even to respect its license?
> 
> ... "The PSF is free to use or disseminate such content on an 
> unrestricted basis for any purpose,"
> 
> The purpose of any license to to restrict use or dissemination.
> 
> "and third party content providers grant the PSF and all other users of 
> the web site an irrevocable, worldwide, royalty-free, nonexclusive 
> license to reproduce, distribute, transmit, display, perform, and 
> publish such content, including in digital form."
> 
> That says to me that the PSF *and* its users are pretty much free of any 
> license restrictions on uploaded software, which negates the point of 
> having a license. For instance, without a declaration otherwise from the 
> FSF, I would not think it legal to upload a derivative of a GPL-licenced 
> work
> 
> ---
> Terry Jan Reedy
> 
> 

Because IANAL, and I'm going to guess most folks here are not either, I pinged VanL 
and forwarded him the conversationto ask him what the /about/terms/ means in terms
of software being uploaded to PyPI.

His response:

===============================================================
 
The issue is that we have several different use cases here - and one important one is
making mirrors of all the content in the repository for various uses. To keep everything
on the up-and-up, we make sure that we allow other people the right to redistribute the
content of PyPI in whatever way they see fit.

Terry brings up the issue of the GPL. That is a common question, but one that
misapprehends the nature of the rights granted under the GPL as well as to the PSF
for PyPI.

The GPL (in a nutshell) requires that you do two things:
1) Distribute the source along with the binary image.
2) License any derivative works under the GPL.

Note that the GPL explicitly says that there are no restrictions on use of the software.

We assume (without checking) that anyone uploading a GPL-licensed package will comply,
i.e., they will upload the source and the binaries together.

The PSF license allows anyone to use and redistribute what is uploaded. Therefore, if
someone mirrors PyPI, they will automatically be in compliance with obligation #1 of the
GPL as described above.

The issue is that people assume that the PSF or a third party can change the package
and only distribute the binaries. This is incorrect! The PSF license does not grant anybody
the right to create derivative works of the software - i.e., it doesn't grant people the right to
change what was uploaded and re-upload - unless they do so according to the terms of the
only license that grants them rights to create such a derivative work (i.e., the GPL). Therefore,
the only way to legally change what the original author provided is to comply with obligation
#2 of the GPL above.

Finally, I note that PyPI supports hosting python modules in many different locations. If
someone is unhappy with the above, they can host many other places and still have their
modules indexed on PyPI. Pip/easy_install will find the location of the binaries just fine.


===============================================================

So it sounds to me like that only license that the PSF /about/terms/ would clash with is one
that limits the right to distribute without modification the files uploaded to PyPI.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20120706/3f842a36/attachment.html>

More information about the Catalog-SIG mailing list