Newbie question on code vetting

Robert Kern robert.kern at gmail.com
Thu May 4 07:03:05 CEST 2006


william.boquist at gte.net wrote:
> Hi.
> 
> I have visited the Python web site and read some information on who the
> commiters are and how to go about submitting code to them, but I have not
> been able to locate any information regarding the process for vetting the
> code to identify any possible IP infringement before it is committed. How do
> the committers ascertain the originality of the code before it becomes part
> of the base?

They tell themselves very sternly not to commit code that isn't appropriately
licensed.

> Is there any use of tools like BlackDuck ProtexIP or the
> competing Palamida product to scan for matches to code that is already
> licensed elsewhere?

No.

> Also, is the same or a different standard of IP assurance practiced for the
> Cheese Shop?

There is no vetting for the Cheese Shop. Anyone can post packages there. If some
illegal-to-redistribute code is discovered, it will probably be removed by the
administrators. This hasn't come up, yet, I don't think.

If you want the code to be vetted, you have to do it yourself. Besides, if you
don't trust the commiters and the package authors not to infringe on other
peoples' IP, why do you trust them to report infringement?

-- 
Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
 that is made terrible by our own mad attempt to interpret it as though it had
 an underlying truth."
  -- Umberto Eco




More information about the Python-list mailing list