[Distutils] RFC: PEP 541 - Package Index Name Retention

Nick Timkovich prometheus235 at gmail.com
Fri Jan 13 15:34:48 EST 2017

This is a great PEP, glad to see an official policy being worked on!

The "reachability" criteria I think should define how promptly the
responses are expected and to what email(s) they will be sent (if there are
multiple maintainers, owners, authors, etc.). For example, "the first
contact will be sent to the email on record for all owners, maintainers,
and the most-recent release author, in order to notify the user(s) that
another party has requested classification of a PyPI project owned or
maintained by the user as abandoned, and that if no response is received by
(date of email + 6 weeks), it will be deemed abandoned. Reminder emails
will be sent 2 and 4 weeks later."

Maybe outside the scope of the PEP, but where will the tracker for these
things reside? How would I, for example, start the process of flagging a
project as abandoned?

On Fri, Jan 13, 2017 at 1:13 PM, M.-A. Lemburg <mal at egenix.com> wrote:

> On 13.01.2017 19:08, Lukasz Langa wrote:
> > Invalid projects
> > ----------------
> >
> > A project published on the Package Index meeting ANY of the following
> > is considered invalid and will be removed from the Index:
> >
> > * project does not conform to Terms of Use;
> > * project is malware (designed to exploit or harm systems or users);
> > * project contains illegal content;
> > * project violates copyright or licenses;
> This probably also needs to list "trademarks" and "patents",
> as we've already had some cases where packages were violating
> trademarks/patents and had to be removed (not only regarding the
> name of the package but also regarding contents of the package or
> functionality). This is already mentioned in the current terms,
> but better make it more explicit here as well.
> Likewise, a trademark owner should be able to reserve project
> names with the trademark to avoid any such issues to begin with,
> e.g. https://pypi.python.org/pypi/Python is such a project :-)
> > * project is name squatting (package has no functionality or is
> >   empty);
> > * project name, description, or content violates the Code of Conduct;
> >   or
> > * project is abusing the Package Index for purposes it was not
> >   intended.
> >
> > If you find a project that might be considered invalid, create
> > a support request [7]_.
> It would also be good to add some wording which makes it clear
> that the PSF Board has the final say in any disputes and can
> have a project removed/reassigned after careful consideration
> even when not meeting all the requirements listed in the PEP.
> As an example, the last two bullets you mention above will
> often be subject to additional judgement. The board would then have
> to decide these on a case-by-case basis.
> --
> Marc-Andre Lemburg
> eGenix.com
> Professional Python Services directly from the Experts (#1, Jan 13 2017)
> >>> Python Projects, Coaching and Consulting ...  http://www.egenix.com/
> >>> Python Database Interfaces ...           http://products.egenix.com/
> >>> Plone/Zope Database Interfaces ...           http://zope.egenix.com/
> ________________________________________________________________________
> ::: We implement business ideas - efficiently in both time and costs :::
>    eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
>     D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
>            Registered at Amtsgericht Duesseldorf: HRB 46611
>                http://www.egenix.com/company/contact/
>                       http://www.malemburg.com/
> _______________________________________________
> Distutils-SIG maillist  -  Distutils-SIG at python.org
> https://mail.python.org/mailman/listinfo/distutils-sig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20170113/8b7b2497/attachment.html>

More information about the Distutils-SIG mailing list