None that I am aware of, but Martin is the one who's been making changes most recently. I don't think there's been any input from Van on this yet, but I've been busy and may have forgotten or missed something.
regards Steve M.-A. Lemburg wrote: > Hi Steve, > > has there been any progress on this ? > > M.-A. Lemburg wrote: >> Steve Holden, Chairman, PSF wrote: >>> Adding a Google-like clause might make us seem less Draconian. >> Here's a proposal for a less controversial text based on the Google >> terms: >> >> """ >> PyPI is a service provided by the PSF. In order to be able to distribute the >> content you upload to >> PyPI to web site users, the PSF asks you to agree to and affirmatively >> acknowledge the following: >> >> 1. Content is restricted to Python packages and related information only. >> >> 2. Any content uploaded to PyPI is provided on a non-confidential basis. >> >> 3. The PSF is granted an irrevocable, worldwide, royalty-free, nonexclusive >> license to reproduce, >> distribute, transmit, display, perform, and publish the content, including >> in digital form. This >> licence is for the sole purpose of enabling the PSF to display, distribute >> and promote the content >> on PyPI. >> >> 4. I represent and warrant that I have complied with all government >> regulations concerning the >> transfer or export of any content I upload to the PyPI servers in The >> Netherlands. In particular, if >> I am subject to United States law, I represent and warrant that I have >> obtained the proper >> governmental authorization for the export of the content I upload. I further >> affirm that any content >> I provide is not intended for use by a government end-user as defined in >> part 772 of the United >> States Export Administration Regulations. >> """ >> >> The general terms on the python.org legal page would have to be >> changed in the same way. > > I've attached a message explaining some of the reasons for part 4. > > Thanks, > > > ------------------------------------------------------------------------ > > Subject: > Re: [Catalog-sig] [PSF-Board] Troubled by changes to PyPI usage agreement > From: > "M.-A. Lemburg" <[email protected]> > Date: > Fri, 11 Dec 2009 01:45:10 +0100 > To: > Terry Reedy <[email protected]> > > To: > Terry Reedy <[email protected]> > CC: > [email protected], VanL <[email protected]> > > > Terry Reedy wrote: >> M.-A. Lemburg wrote: >>> Steve Holden, Chairman, PSF wrote: >>>> Adding a Google-like clause might make us seem less Draconian. >>> Here's a proposal for a less controversial text based on the Google >>> terms: >> I like the third part better. > > Thanks. > >>> """ >>> PyPI is a service provided by the PSF. In order to be able to >>> distribute the content you upload to >>> PyPI to web site users, the PSF asks you to agree to and affirmatively >>> acknowledge the following: >>> >>> 1. Content is restricted to Python packages and related information only. >>> >>> 2. Any content uploaded to PyPI is provided on a non-confidential basis. >>> >>> 3. The PSF is granted an irrevocable, worldwide, royalty-free, >>> nonexclusive license to reproduce, >>> distribute, transmit, display, perform, and publish the content, >>> including in digital form. This >>> licence is for the sole purpose of enabling the PSF to display, >>> distribute and promote the content >>> on PyPI. >>> >>> 4. I represent and warrant that I have complied with all government >>> regulations concerning the >>> transfer or export of any content I upload to the PyPI servers in The >>> Netherlands. In particular, if >>> I am subject to United States law, I represent and warrant that I have >>> obtained the proper >>> governmental authorization for the export of the content I upload. I >>> further affirm that any content >>> I provide is not intended for use by a government end-user as defined >>> in part 772 of the United >>> States Export Administration Regulations. >>> """ >> The fourth section might scare people off without further explanation >> somewhere, as it could be taken to imply that people have to get a US >> gov permit to upload, which almost no one has done. If this is only >> about crypto software, it should say so. I do not understand the last >> sentence at all as open-source licenses do not usually exclude specific >> users. I cannot affirm something that is complete gobble talk to me. > > The clause has three parts: > > a) "I represent and warrant that I have complied with all government > regulations concerning the > transfer or export of any content I upload to the PyPI servers in The > Netherlands." > > This part is written in a general way and is needed to > cover export regulations which may be imposed by the country > of the uploader when uploading (exporting) applications to > a server in the The Netherlands. > > For many countries these export regulations are variants > of the things laid out in the Wassenaar Arrangement which > covers crypto code, but also other software technologies > that may be considered dual-use: > > http://www.wassenaar.org/ > in particular: > http://www.wassenaar.org/controllists/2009/WA-LIST%20%2809%29%201/WA-LIST%20%2809%29%201.pdf > > Most software will fall under the "GENERAL SOFTWARE NOTE" > (with some special rules for crypto software), but countries > may still implement additional rules such as the ones currently > imposed by the US (you have to send them an email with the link > to the download location - see > http://www.bis.doc.gov/encryption/pubavailencsourcecodenofify.html). > > Since the exact regulations depend on the country from where > the code is uploaded, the clause can't be more specific. > > I added the location of the servers to the original clause to > make the export nature of the upload more specific. > > b) "In particular, if I am subject to United States law, I represent and > warrant that I have > obtained the proper governmental authorization for the export of the content > I upload." > > This part only applies to US uploaders. > > Note that the US regulations have a subtle detail: they apply to > all US-origin content. E.g. if you export some dual-use system software > written in the US from Germany to Cuba, the US can put you on their > embargo list. > > c) "I further affirm that any content I provide is not intended for use by > a government end-user > as defined in part 772 of the United States Export Administration > Regulations." > > This part applies to all uploaders. The restriction appears to be > a super-set of the embargo restrictions for various individuals - > most of those are government end-users. > > I find that clause too board as well, since it prevents government > users in general to use PyPI packages. > > Furthermore, the embargo lists also includes companies and, of course, > whole countries, which this clause does not cover. See e.g. > EU: http://ec.europa.eu/external_relations/cfsp/sanctions/docs/measures_en.pdf > US: http://www.bis.doc.gov/news/2009/2009-fpr.pdf > (note how e.g. Cuba is on the US list, but not on the EU list) > > I'm not sure why the clause is needed. Perhaps Van could clarify > this. > > IMHO, part a) already covers everything that is needed w/r to > export restrictions. > > All this with the usual IANAL disclaimer. I've read a lot on these > things when we started shipping a pyOpenSSL distribution. Some of the > things I found are listed above. > -- Steve Holden +1 571 484 6266 +1 800 494 3119 PyCon is coming! Atlanta, Feb 2010 http://us.pycon.org/ Holden Web LLC http://www.holdenweb.com/ UPCOMING EVENTS: http://holdenweb.eventbrite.com/ _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
