On 2/5/2013 11:35 AM, Lennart Regebro wrote:
On Tue, Feb 5, 2013 at 5:03 PM, Donald Stufft <[email protected]> wrote:
Besides the issues with validating that the package We are mirroring
is the authentic one there's also a legal issue. We don't know for sure
that we have the legal rights to redistribute those files. When you upload
a file to PyPI you grant the PSF a license to do that, no upload from the
author = no license. IANAL but i think i'm correct on that.
Absolutely, but if the package is marked with a license that allows
redistribution in the metadata, then we can.
The last I read (and I cannot find the seemingly hidden page) the author
(or rights-holder) of code must grant PSF something more than just
redistribution rights before uploading it. The same must also certify
some mumbo-jumbo about compliance with national laws and cryptography.
No 3rd party can do that.
--
Terry Jan Reedy
_______________________________________________
Catalog-SIG mailing list
[email protected]
http://mail.python.org/mailman/listinfo/catalog-sig
