[docs] [issue9119] Python download page needs to mention crypto code in Windows installer

Marc-Andre Lemburg report at bugs.python.org
Mon Aug 30 10:30:33 CEST 2010 

Marc-Andre Lemburg <mal at egenix.com> added the comment:

Terry J. Reedy wrote:
> 
> Terry J. Reedy <tjreedy at udel.edu> added the comment:
> 
> This is really two issues: docs and windows builds. As for docs:
> 
> Many of the module doc pages mention original authors and give urls for further info. The ssl page already says " This module uses the OpenSSL library." Rather than fuss over whether the doc constitutes 'advertising material' (and a lawyer certain could claim it does), we can easily expand the above to
> 
> "This module includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) and cryptographic software written by Eric Young (eay at cryptsoft.com)."
> 
> or whatever would be correct. This wording better meets the attribution requirement *and* is more informative to users.

+1

> The download page currently does not contain the word 'license', which I think is an omission that should be filled. I think it should include something like the following reasonably near the top:
> 
> "The History and License for each version is included with its document set. In layperson's terms, the license more or less says that you can use Python as you wish as long as you 1) do not claim ownership of the name or code, and 2) assume full legal and moral responsibility for the downloading and use of the code, including the cryptographic modules." 

Fine with me. The text should also link to actual current license text:

http://docs.python.org/license.html

BTW: I have a little trouble actually finding the license text on
the python.org web-site. It is not mentioned on the download page,
there's not mention of it in the downloads nav bar, nor in the documentation
section of the site.

Only the "about" section includes a mention of the
license and the "foundation" section even mentions it in the nav bar
(but that's not where people would look to find it). What's worse:
all links point to:

http://www.python.org/psf/license/

and that page refers to the Python 2.6.2 license...

I'll report this to the webmasters.

> Builds: have there been multiple overt requests for no-crypto builds? Do any of the other build providers make such? I think this falls under "These re-packagings often include more libraries or are specialized for a particular application:" -- like being so unfortunate as to live in certain countries.

Many other providers of software builds that include crypto software
either make it obvious that the builds include crypto software in their
licenses (by copying the OpenSSL license into the document) or
on the download page (ticking a checkbox, in case there's an export
issue). Some also put the crypto code into a separate download
(e.g. Java and many Linux distros).

The idea with having a separate download without the crypto code
was just to hint the user at a possible issue without scaring
them away. If we can do the same without requiring a separate
installer that would be even better.

----------

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9119>
_______________________________________

More information about the docs mailing list