[Distutils] cdecimal licensing/hosting (was: some questions about PEP470)
mal at egenix.com
Tue Oct 14 21:44:58 CEST 2014
could you please stop this and show some more respect in these
Professional Python Services directly from the Source
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
On 12.10.2014 21:26, Ian Cordasco wrote:
> On Sun, Oct 12, 2014 at 1:44 PM, Alex Gaynor <alex.gaynor at gmail.com> wrote:
>> Stefan Krah <stefankrah <at> freenet.de> writes:
>>>> (for example right now bytereef.org is down, so
>>>> we’d not discover any files there).
>>> Indeed. It was up reliably since 2005, down for maintenance on
>>> September 23rd (before ShellShock ...). Then I discovered that
>>> someone had put up m3-cdecimal on PyPI (presumably abusing PyPI
>>> as their private repo --- there are several m3-* packages now).
>>> This triggered some reflection on whether I would make a significant
>>> effort in the future to keep things running smoothly for an open source
>>> community where authors are largely viewed as expendable.
>> I don't know what it means for "authors to be largely viewed as expendable",
>> but half the point of hosting things on PyPI is that you *don't* need to do any
>> work at all as an author for reliable delivery of your package.
>>> Subsequently the downtime (again, the first one since 2005) was picked
>>> up for propagandistic purposes on Twitter and Reddit.
>> Ok, but you seem to be doing the other side's propaganda. Every single person
>> I've spoken to agrees that this just underscores the need to encourage packages
>> to be on PyPI.
>>> Last year I would have felt an obligation to minimize the downtime
>>> to an hour at most. I no longer feel any such obligations and I'll
>>> do it when I have time.
>> Ok. The PyPI administrators still feel an obligation to their users, so I'll
>> prefer packages under their care.
>>> Stefan Krah
> Perhaps Stefan's referring to my tweets about the inability to reach
> bytereef but those weren't propaganda tweets. Those were tweets born
> out of utter frustration. Further, I'm rather shocked that you've
> decided to allow the site to remain unreachable because someone did
> what your license allowed them to do (redistribute the software while
> retaining the required information: copyright, license, etc). If you
> think that makes you expendable, you're half right. Users can
> redistribute your software, that's the nature of the license you chose
> to use. You're wrong because you, the author, are still very valuable
> to those very users who may encounter a bug in the future. I don't see
> how intentionally keeping your site unreachable does anything but hurt
> your users (unless of course you want them to redistribute it
> themselves or switch to Python 3.4).
> Does this mean that companies using devpi to keep an internal index
> that also have copies of cdecimal are somehow violating your rights?
> They're doing exactly what your license allows them to do. Or is it
> just that some group has decided to redistribute it directly through
> PyPI? I'm thoroughly confused here.
> Distutils-SIG maillist - Distutils-SIG at python.org
More information about the Distutils-SIG