[Distutils] cdecimal licensing/hosting (was: some questions about PEP470)

M.-A. Lemburg mal at egenix.com
Tue Oct 14 21:44:58 CEST 2014 

Gentlemen,

could you please stop this and show some more respect in these
discussions ?

Thanks,
-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source
>>> Python/Zope Consulting and Support ...        http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________

::: Try our new mxODBC.Connect Python Database Interface for free ! ::::


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

On 12.10.2014 21:26, Ian Cordasco wrote:
> On Sun, Oct 12, 2014 at 1:44 PM, Alex Gaynor <alex.gaynor at gmail.com> wrote:
>> Stefan Krah <stefankrah <at> freenet.de> writes:
>>
>>>
>>>
>>>> (for example right now bytereef.org is down, so
>>>> we’d not discover any files there).
>>>
>>> Indeed.  It was up reliably since 2005, down for maintenance on
>>> September 23rd (before ShellShock ...).  Then I discovered that
>>> someone had put up m3-cdecimal on PyPI (presumably abusing PyPI
>>> as their private repo --- there are several m3-* packages now).
>>>
>>> This triggered some reflection on whether I would make a significant
>>> effort in the future to keep things running smoothly for an open source
>>> community where authors are largely viewed as expendable.
>>
>> I don't know what it means for "authors to be largely viewed as expendable",
>> but half the point of hosting things on PyPI is that you *don't* need to do any
>> work at all as an author for reliable delivery of your package.
>>
>>>
>>> Subsequently the downtime (again, the first one since 2005) was picked
>>> up for propagandistic purposes on Twitter and Reddit.
>>
>> Ok, but you seem to be doing the other side's propaganda. Every single person
>> I've spoken to agrees that this just underscores the need to encourage packages
>> to be on PyPI.
>>
>>>
>>> Last year I would have felt an obligation to minimize the downtime
>>> to an hour at most.  I no longer feel any such obligations and I'll
>>> do it when I have time.
>>>
>>
>> Ok. The PyPI administrators still feel an obligation to their users, so I'll
>> prefer packages under their care.
>>
>>> Stefan Krah
>>>
>>
>> Cheers,
>> Alex
> 
> Perhaps Stefan's referring to my tweets about the inability to reach
> bytereef but those weren't propaganda tweets. Those were tweets born
> out of utter frustration. Further, I'm rather shocked that you've
> decided to allow the site to remain unreachable because someone did
> what your license allowed them to do (redistribute the software while
> retaining the required information: copyright, license, etc). If you
> think that makes you expendable, you're half right. Users can
> redistribute your software, that's the nature of the license you chose
> to use. You're wrong because you, the author, are still very valuable
> to those very users who may encounter a bug in the future. I don't see
> how intentionally keeping your site unreachable does anything but hurt
> your users (unless of course you want them to redistribute it
> themselves or switch to Python 3.4).
> 
> Does this mean that companies using devpi to keep an internal index
> that also have copies of cdecimal are somehow violating your rights?
> They're doing exactly what your license allows them to do. Or is it
> just that some group has decided to redistribute it directly through
> PyPI? I'm thoroughly confused here.
> _______________________________________________
> Distutils-SIG maillist  -  Distutils-SIG at python.org
> https://mail.python.org/mailman/listinfo/distutils-sig
>

More information about the Distutils-SIG mailing list