Tarek Ziadé wrote: > On Thu, May 6, 2010 at 5:18 PM, M.-A. Lemburg <m...@egenix.com> wrote: > [..] >> Sorry, perhaps I wasn't clear: when uploading things to PyPI >> you accept the PyPI terms. These terms currently allow anyone >> to take the data from PyPI and publically redistribute it >> without any restrictions. >> >> I think it's better to only allow the PSF to redistribute data >> that it got from the PyPI package authors. > > I am not sure what it means that the PSF redistributes data. Is this > http://www.python.org/about/legal or another text ?
That text needs some care as well, yes. I was referring to this text on PyPI: http://pypi.python.org/pypi?%3Aaction=register_form """ By registering to upload content to PyPI, I agree and affirmatively acknowledge the following: 1. Content is restricted to Python packages and related information only. 2. Any content uploaded to PyPI is provided on a non-confidential basis. 3. The PSF is free to use or disseminate any content that I upload on an unrestricted basis for any purpose. In particular, the PSF and all other users of the web site are granted an irrevocable, worldwide, royalty-free, nonexclusive license to reproduce, distribute, transmit, display, perform, and publish the content, including in digital form. 4. I represent and warrant that I have complied with all government regulations concerning the transfer or export of any content I upload to PyPI. In particular, if I am subject to United States law, I represent and warrant that I have obtained the proper governmental authorization for the export of the content I upload. I further affirm that any content I provide is not intended for use by a government end-user as defined in part 772 of the United States Export Administration Regulations. """ > A list of prohibited usage (combined with authentication) should be > enough to prevent the problem > as far as I understand. > > For instance, here's SourceForge's one > > http://sourceforge.net/apps/trac/sitelegal/wiki/Terms_of_Use#a2.YOURUSEOFSOURCEFORGE.NET > > Extract: > > ...using any information obtained from SourceForge.net in order to > contact, advertise to, solicit, or sell to any > user without such user's prior explicit consent (including > non-commercial contacts like chain letters); Right, we'd need something along those lines. > [..] >>> What I propose is: >>> >>> - set up authentication for the XML-RPC APIs, in order to control >>> this. If a user starts to use >>> XML-RPC calls in his bots, it's easy to shut it down. >>> >>> - set up a restricted list of subscribers for the PubSubHubbub >>> protocol (I am not sure if this protocol >>> supports authentication, but I guess we can set something up) >>> >>> - avoid displaying any email or derived emails on anonymous page >> >> I'm not sure how that would work. Package manager tools would >> then all have to use this authentication mechanism. > > Yes but they would need to use an account therefore have an identity > when they run their scripts. Hmm, wouldn't that require all pip users to have PyPI account ? > For instance, PyPI can have API calls quota per user, and a white list > of users that are allowed to have > an unlimited number of API calls. (managed manually) > > IOW, allow stuff like cheesecake ratings or whatever, to subscribe, > and be able to block Softpedia. > > It's a limited protection but should be enough: I don't think the > Softpedia staff will work on > defeating this by registering hundreds of zombies at PyPI. > > But I understand that it also needs the legal part, I'll work on the legal stuff and leave the technical side to you :-) -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, May 06 2010) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig