[Python-legal-sig] [Catalog-sig] PyPI terms

Fri Mar 1 15:37:49 CET 2013

Please forward to catalog-sig if this gets bounced. I'm not on that list.

I drafted these terms of service. I know they are broad. They were made exactly as broad as was needed.

This was not the case that we took the cheap-and-easy route of a maximal rights grant. (And besides, it would have been equally cheap for the PSF either way). What it was is that we investigated and found out all the different ways that people were using PyPI. Of particular importance were these:

- Automated access from scripts (We can't pass through any license terms - no click through or agreement to use
- Automated mirroring - and re-mirroring of mirrors - without any agreement, both to public and private repositories (We need the right to distribute and to allow others to distribute. We needed to protect our downstream and make sure that their common use cases aren't infringing)

These terms were chosen so that our community would have the rights to do these very common things and not be infringing. The only way we could do this was by asking for a broader grant at the time of distribution.

Also, what no one gets is that *the license does not allow modification!* So you can distribute far and wide for any purpose - but you can only distribute what the original author uploaded without being liable for infringement.

People have also said that this overrules the licenses on their packages. That is not so! The licenses in this case run in parallel, and distribution needs to satisfy both licenses or it cannot be done at all.

This was the subject of a lot of thought and a lot of work that a lot of people have not even considered, and it was chosen very deliberately to protect our overall community. Because the protection of the community is a broad purpose, it needed some broad provisions - but it is as tightly crafted as I could get while still not making our known downstream uses infringing.

If it gets changed, it will be over my strenuous objections. 

Van

____________________________
Van Lindberg
van.lindberg at gmail.com

On Friday, March 1, 2013 at 7:56 AM, M.-A. Lemburg wrote:

> On 01.03.2013 12:47, M.-A. Lemburg wrote:
> > On 01.03.2013 12:30, Jesse Noller wrote:
> > > Marc Andre: I'm cc'ing Van: can you explain why the pypi terms are a bummer so we can see if there is actually an issue to be resolved or a matter of taste?
> > > 
> > > We need to protect the foundation while preserving author rights - but I don't want one user / subset dictating how we evolve the technology.
> > 
> > I think we should move this discussion to the python-legal-sig list:
> > 
> > http://mail.python.org/mailman/listinfo/python-legal-sig
> > 
> > Let me know when you've subscribed and then we can hash things
> > out on that list. The catalog sig is not really the suitable
> > place for these discussions.
> > 
> 
> 
> I've kicked off the discussion on the other list. See you there.
> 
> -- 
> Marc-Andre Lemburg
> eGenix.com (http://eGenix.com)
> 
> Professional Python Services directly from the Source (#1, Mar 01 2013)
> > > > Python Projects, Consulting and Support ... http://www.egenix.com/
> > > > mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/
> > > > mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
> > > > 
> > > 
> > 
> 
> ________________________________________________________________________
> 
> ::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::
> 
> eGenix.com (http://eGenix.com) Software, Skills and Services GmbH Pastor-Loeh-Str.48
> D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
> Registered at Amtsgericht Duesseldorf: HRB 46611
> http://www.egenix.com/company/contact/
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-legal-sig/attachments/20130301/389bd7a7/attachment.html>