VanL wrote: > On 1/23/2010 7:46 AM, M.-A. Lemburg wrote: >> >> That's a tricky one: That extra sentence "I further affirm..." >> introduces a restriction that goes beyond what US developers >> normally have to follow. And the way it is written, it also >> applies to developers not affected by US law. >> >> However, that restriction basically says that PyPI package >> may never be intended for use by government end-users, which >> IMHO goes way too far - we have quite a few government users... >> >> I'd just drop that extra limitation, since the first sentence >> already covers all restrictions that a government may have >> imposed on such uploads. >> > There are specific restrictions that mandate the additional language > about foreign government end-users. Sorry :)
Here's the complete definition of "government end-user" as defined in part 772 of the United States Export Administration Regulations (taken from http://www.access.gpo.gov/bis/ear/txt/772.txt): """ "Government end-user" (as applied to encryption items). A government end-user is any foreign central, regional or local government department, agency, or other entity performing governmental functions; including governmental research institutions, governmental corporations or their separate business units (as defined in part 772 of the EAR) which are engaged in the manufacture or distribution of items or services controlled on the Wassenaar Munitions List, and international governmental organizations. This term does not include: utilities (including telecommunications companies and Internet service providers); banks and financial institutions; transportation; broadcast or entertainment; educational organizations; civil health and medical organizations; retail or wholesale firms; and manufacturing or industrial entities not engaged in the manufacture or distribution of items or services controlled on the Wassenaar Munitions List. """ AFAICT, the above term is only used for crypto items, not any code in general. However, the current form of the PyPI terms clause 4 applies to any code that could be used by e.g. parts of the military of some foreign country (with foreign meaning non-US, I suppose). PyPI packages will usually not have any extra use restrictions for the above "government end-users", so requesting from a package author to "affirm that any content I provide is not intended for use by a government end-user" basically requires that: a) the author adds a special restriction to the content (even if the code doesn't contain any crypto items), or b) doesn't upload the content. OTOH, by removing that extra sentence, only the first sentence of clause 4 applies, which does allow such uploads for non-crypto code and only mandates the restrictions related to foreign government end-users as defined by the US EAR (with all its complex rules). If we then add new PyPI user terms which disallow use of PyPI in ways that are prohibited by the US EAR and whatever is mandated by The Netherlands, we'd create a much cleaner situation for everyone. > Also see MvL for the thought that went into the current wording. As I > have stated before, the wording doesn't grant the PSF the authority to > relicense or make derivative works of the content. Rather, it allows the > PSF (and mirrors, and people who use PyPI) to reproduce exactly the > content that was uploaded to PyPI. Giving the PSF those redistribution right is not the problem. It's giving all web site users those same redistribution rights that's causing trouble. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Jan 25 2010) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
