Terry Reedy wrote: > M.-A. Lemburg wrote: >> Steve Holden, Chairman, PSF wrote: >>> Adding a Google-like clause might make us seem less Draconian. >> >> Here's a proposal for a less controversial text based on the Google >> terms: > > I like the third part better.
Thanks. >> """ >> PyPI is a service provided by the PSF. In order to be able to >> distribute the content you upload to >> PyPI to web site users, the PSF asks you to agree to and affirmatively >> acknowledge the following: >> >> 1. Content is restricted to Python packages and related information only. >> >> 2. Any content uploaded to PyPI is provided on a non-confidential basis. >> >> 3. The PSF is granted an irrevocable, worldwide, royalty-free, >> nonexclusive license to reproduce, >> distribute, transmit, display, perform, and publish the content, >> including in digital form. This >> licence is for the sole purpose of enabling the PSF to display, >> distribute and promote the content >> on PyPI. >> >> 4. I represent and warrant that I have complied with all government >> regulations concerning the >> transfer or export of any content I upload to the PyPI servers in The >> Netherlands. In particular, if >> I am subject to United States law, I represent and warrant that I have >> obtained the proper >> governmental authorization for the export of the content I upload. I >> further affirm that any content >> I provide is not intended for use by a government end-user as defined >> in part 772 of the United >> States Export Administration Regulations. >> """ > > The fourth section might scare people off without further explanation > somewhere, as it could be taken to imply that people have to get a US > gov permit to upload, which almost no one has done. If this is only > about crypto software, it should say so. I do not understand the last > sentence at all as open-source licenses do not usually exclude specific > users. I cannot affirm something that is complete gobble talk to me. The clause has three parts: a) "I represent and warrant that I have complied with all government regulations concerning the transfer or export of any content I upload to the PyPI servers in The Netherlands." This part is written in a general way and is needed to cover export regulations which may be imposed by the country of the uploader when uploading (exporting) applications to a server in the The Netherlands. For many countries these export regulations are variants of the things laid out in the Wassenaar Arrangement which covers crypto code, but also other software technologies that may be considered dual-use: http://www.wassenaar.org/ in particular: http://www.wassenaar.org/controllists/2009/WA-LIST%20%2809%29%201/WA-LIST%20%2809%29%201.pdf Most software will fall under the "GENERAL SOFTWARE NOTE" (with some special rules for crypto software), but countries may still implement additional rules such as the ones currently imposed by the US (you have to send them an email with the link to the download location - see http://www.bis.doc.gov/encryption/pubavailencsourcecodenofify.html). Since the exact regulations depend on the country from where the code is uploaded, the clause can't be more specific. I added the location of the servers to the original clause to make the export nature of the upload more specific. b) "In particular, if I am subject to United States law, I represent and warrant that I have obtained the proper governmental authorization for the export of the content I upload." This part only applies to US uploaders. Note that the US regulations have a subtle detail: they apply to all US-origin content. E.g. if you export some dual-use system software written in the US from Germany to Cuba, the US can put you on their embargo list. c) "I further affirm that any content I provide is not intended for use by a government end-user as defined in part 772 of the United States Export Administration Regulations." This part applies to all uploaders. The restriction appears to be a super-set of the embargo restrictions for various individuals - most of those are government end-users. I find that clause too board as well, since it prevents government users in general to use PyPI packages. Furthermore, the embargo lists also includes companies and, of course, whole countries, which this clause does not cover. See e.g. EU: http://ec.europa.eu/external_relations/cfsp/sanctions/docs/measures_en.pdf US: http://www.bis.doc.gov/news/2009/2009-fpr.pdf (note how e.g. Cuba is on the US list, but not on the EU list) I'm not sure why the clause is needed. Perhaps Van could clarify this. IMHO, part a) already covers everything that is needed w/r to export restrictions. All this with the usual IANAL disclaimer. I've read a lot on these things when we started shipping a pyOpenSSL distribution. Some of the things I found are listed above. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Dec 11 2009) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig