On Thu, May 6, 2010 at 5:18 PM, M.-A. Lemburg <[email protected]> wrote: [..] > Sorry, perhaps I wasn't clear: when uploading things to PyPI > you accept the PyPI terms. These terms currently allow anyone > to take the data from PyPI and publically redistribute it > without any restrictions. > > I think it's better to only allow the PSF to redistribute data > that it got from the PyPI package authors.
I am not sure what it means that the PSF redistributes data. Is this http://www.python.org/about/legal or another text ? A list of prohibited usage (combined with authentication) should be enough to prevent the problem as far as I understand. For instance, here's SourceForge's one http://sourceforge.net/apps/trac/sitelegal/wiki/Terms_of_Use#a2.YOURUSEOFSOURCEFORGE.NET Extract: ...using any information obtained from SourceForge.net in order to contact, advertise to, solicit, or sell to any user without such user's prior explicit consent (including non-commercial contacts like chain letters); [..] >> What I propose is: >> >> - set up authentication for the XML-RPC APIs, in order to control >> this. If a user starts to use >> XML-RPC calls in his bots, it's easy to shut it down. >> >> - set up a restricted list of subscribers for the PubSubHubbub >> protocol (I am not sure if this protocol >> supports authentication, but I guess we can set something up) >> >> - avoid displaying any email or derived emails on anonymous page > > I'm not sure how that would work. Package manager tools would > then all have to use this authentication mechanism. Yes but they would need to use an account therefore have an identity when they run their scripts. For instance, PyPI can have API calls quota per user, and a white list of users that are allowed to have an unlimited number of API calls. (managed manually) IOW, allow stuff like cheesecake ratings or whatever, to subscribe, and be able to block Softpedia. It's a limited protection but should be enough: I don't think the Softpedia staff will work on defeating this by registering hundreds of zombies at PyPI. But I understand that it also needs the legal part, Regards, Tarek -- Tarek Ziadé | http://ziade.org _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
