[Distutils] Contributing money to package authors/maintainers via PyPI
Glyph Lefkowitz
glyph at twistedmatrix.com
Sat Jul 23 15:22:54 EDT 2016
> On Jul 23, 2016, at 12:11 PM, Donald Stufft <donald at stufft.io> wrote:
>
>
>> On Jul 23, 2016, at 2:40 PM, Nicholas Chammas <nicholas.chammas at gmail.com <mailto:nicholas.chammas at gmail.com>> wrote:
>>
>> I know a more concrete proposal would have to address a lot of details (e.g. like how to split contributions across multiple maintainers), and perhaps there is no way to find the resources to build or maintain such a thing in the first place. But just for now I’d like to separate essence of idea from the practical concerns of implementing it.
>
>
> I’m mulling over the idea in my head, but one other thing we’d need to figure out is the *legality* of doing this and if it’s something the PSF is willing to do at all.
This was my initial reaction as well.
It would be awesome if it worked! It would potentially go a long way to addressing the now much-discussed problem of funding open source infrastructure <https://medium.com/@nayafia/how-i-stumbled-upon-the-internet-s-biggest-blind-spot-b9aa23618c58#.tvr6exin9 <https://medium.com/@nayafia/how-i-stumbled-upon-the-internet-s-biggest-blind-spot-b9aa23618c58#.tvr6exin9>>. But it is also a legal and financial mine-field. Even if a lawyer says it's OK and it's possible to comply with the law, you still generate a lot of work for an accountant to actually do the complying.
https://gratipay.com <https://gratipay.com/> is a good, recent example of an apparently simple idea like this running into severe legal consequences and nearly imploding as a result. Another potential problem that may not be initially obvious; due to the somewhat ambiguous nature of the funding structure, they also became a popular payment processor for nazis and white supremacists, since it's hard to get paid for producing nazi propaganda on other platforms. Of course, PyPI might always be used as an update platform for malware or a C&C control point too, so it's not like there are no risks in operating it as it currently stands, but money always has the potential to make things worse.
I don't want to be doom-and-gloom here, in fact I would _very_ much like to see this project happen. I just think that in order to do it in a way which doesn't backfire horribly, it has to be responsibly staffed at the outset so that problems like these, that we know about, can be addressed up front, and the inevitable ones that don't seem obvious at the moment have a clearly responsible person to go fix them as they arise, in a timely way.
-glyph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20160723/37208e07/attachment.html>
More information about the Distutils-SIG
mailing list