[Distutils] RFC: PEP 541 - Package Index Name Retention

Nick Timkovich prometheus235 at gmail.com
Fri Jan 13 15:43:01 EST 2017 

Regarding name-squatting (I also see htc, ios, apple, android, angular,
debian and more registered on PyPI), would a better solution be a way to
"salt" names on PyPI making them unable to be registered unless someone
files an issue to claim such hot-button trademarks?

On Fri, Jan 13, 2017 at 2:34 PM, Nick Timkovich <prometheus235 at gmail.com>
wrote:

> This is a great PEP, glad to see an official policy being worked on!
>
> The "reachability" criteria I think should define how promptly the
> responses are expected and to what email(s) they will be sent (if there are
> multiple maintainers, owners, authors, etc.). For example, "the first
> contact will be sent to the email on record for all owners, maintainers,
> and the most-recent release author, in order to notify the user(s) that
> another party has requested classification of a PyPI project owned or
> maintained by the user as abandoned, and that if no response is received by
> (date of email + 6 weeks), it will be deemed abandoned. Reminder emails
> will be sent 2 and 4 weeks later."
>
> Maybe outside the scope of the PEP, but where will the tracker for these
> things reside? How would I, for example, start the process of flagging a
> project as abandoned?
>
> On Fri, Jan 13, 2017 at 1:13 PM, M.-A. Lemburg <mal at egenix.com> wrote:
>
>> On 13.01.2017 19:08, Lukasz Langa wrote:
>> > Invalid projects
>> > ----------------
>> >
>> > A project published on the Package Index meeting ANY of the following
>> > is considered invalid and will be removed from the Index:
>> >
>> > * project does not conform to Terms of Use;
>> > * project is malware (designed to exploit or harm systems or users);
>> > * project contains illegal content;
>> > * project violates copyright or licenses;
>>
>> This probably also needs to list "trademarks" and "patents",
>> as we've already had some cases where packages were violating
>> trademarks/patents and had to be removed (not only regarding the
>> name of the package but also regarding contents of the package or
>> functionality). This is already mentioned in the current terms,
>> but better make it more explicit here as well.
>>
>> Likewise, a trademark owner should be able to reserve project
>> names with the trademark to avoid any such issues to begin with,
>> e.g. https://pypi.python.org/pypi/Python is such a project :-)
>>
>> > * project is name squatting (package has no functionality or is
>> >   empty);
>> > * project name, description, or content violates the Code of Conduct;
>> >   or
>> > * project is abusing the Package Index for purposes it was not
>> >   intended.
>> >
>> > If you find a project that might be considered invalid, create
>> > a support request [7]_.
>>
>> It would also be good to add some wording which makes it clear
>> that the PSF Board has the final say in any disputes and can
>> have a project removed/reassigned after careful consideration
>> even when not meeting all the requirements listed in the PEP.
>>
>> As an example, the last two bullets you mention above will
>> often be subject to additional judgement. The board would then have
>> to decide these on a case-by-case basis.
>>
>> --
>> Marc-Andre Lemburg
>> eGenix.com
>>
>> Professional Python Services directly from the Experts (#1, Jan 13 2017)
>> >>> Python Projects, Coaching and Consulting ...  http://www.egenix.com/
>> >>> Python Database Interfaces ...           http://products.egenix.com/
>> >>> Plone/Zope Database Interfaces ...           http://zope.egenix.com/
>> ________________________________________________________________________
>>
>> ::: We implement business ideas - efficiently in both time and costs :::
>>
>>    eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
>>     D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
>>            Registered at Amtsgericht Duesseldorf: HRB 46611
>>                http://www.egenix.com/company/contact/
>>                       http://www.malemburg.com/
>>
>> _______________________________________________
>> Distutils-SIG maillist  -  Distutils-SIG at python.org
>> https://mail.python.org/mailman/listinfo/distutils-sig
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20170113/4c29a662/attachment-0001.html>

More information about the Distutils-SIG mailing list