[Catalog-sig] Use user-specific site-packages by default?

[Terry Reedy]

On 2/5/2013 5:59 PM, holger krekel wrote:
> On Tue, Feb 05, 2013 at 15:54 -0500, Terry Reedy wrote:
>> On 2/5/2013 11:35 AM, Lennart Regebro wrote:
>>> On Tue, Feb 5, 2013 at 5:03 PM, Donald Stufft <donald.stufft at gmail.com> wrote:
>>>> Besides the issues with validating that the package We are mirroring
>>>> is the authentic one there's also a legal issue. We don't know for sure
>>>> that we have the legal rights to redistribute those files. When you upload
>>>> a file to PyPI you grant the PSF a license to do that, no upload from the
>>>> author = no license. IANAL but i think i'm correct on that.
>>>
>>> Absolutely, but if the package is marked with a license that allows
>>> redistribution in the metadata, then we can.
>>
>> The last I read (and I cannot find the seemingly hidden page) the
>> author (or rights-holder) of code must grant PSF something more than
>> just redistribution rights before uploading it. The same must also
>> certify some mumbo-jumbo about compliance with national laws and
>> cryptography. No 3rd party can do that.
>
> Not sure i understand.  Are you referring to a procedure that is in place
> already or that should be in place?

PSF requirements in place. PSF requires an explicit Contributor 
Agreement, with a choice of two licenses, before accepting code into the 
CPython codebase -- even if the current public license would appear to 
allow up to just stick it in.

Currently, it similarly (last I knew) requires a explicit license before 
accepting and distributing code (as opposed to index info) on PyPI. That 
appears to be a conservative, better safe than sorry, policy recommended 
by the PSF lawyer.

-- 
Terry Jan Reedy