The following URL contains copyrighted verbatim text from bytereef.org:

  https://pypi.python.org/pypi/m3-cdecimal


I'm not surprised, since the ongoing Walmartization of Open Source
has little regard for authors.

This bug tracker isn't really the right place to track this -- that said I don't know where is, so I've added Donald Stufft to the nosy list, hopefully he can help direct this appropriately.

What license is the bytereef text available under? The cdecimal source is BSD licensed, so it's perfectly legal to re-upload the package itself.

There's a support link on the left hand side of the PyPI page, that'll take you to the support forum where you can issue a support request and it'll get dealt with. Alternatively you can email distutils-sig@python.org, or Richard and Myself (first names @python.org).

I don't understand the issue.

I see two projects:
https://pypi.python.org/pypi/cdecimal
https://pypi.python.org/pypi/m3-cdecimal

The two projects have the same metadata except owner: cdecimal is owned by skrah, m3-cdecimal is owned by prefer.

The license and author (Stefan Krah) are not changed in m3-cdecimal. Where is the "copyright infringement"? Is it the description of the package? The description contains a few lines of text (Overview, Testing, Short benchmarks, Documentation and Linux Notes sections).

I'm unable to reach http://www.bytereef.org/. It looks like the domain is owned by Stefan Krah.

Is it illegal to clone a project on PyPI if the author and license is not changed?

Oh, the issue was closed while I was writing my message.

I agree with Alex and Donald, it's not the right place to report such issue.

I don't see a license on PKG-INFO itself.  Furthermore, even if
it is legal, it (again) shows an utter disregard for authors and
their stated preferences.

I'm not surprised though, given that even existing names are
reassigned in an autocratic fashion.

Stefan, this is not the right forum for this issue, please do not reopen it.

Sorry, Donald, the actions on PyPI deserve wider exposure.

This will be my last post on this issue.

I've given you the mechanisms for reporting problems with PyPI. PyPI is not run by python-dev nor is the python-dev bug tracker a mouth piece for your frustration with some part of the ecosystem around Python.

If you actually care about fixing the issue report it through one of the venues that I've mentioned and Richard or myself (most likely Richard, I rarely deal with the actual administration of things and typically involve mostly with the technology side of things).

I'm going to close this, please leave it closed as it has nothing do with CPython. If you want to speak out against something get a blog but a bugtracker is not that.

Sorry, Richard or myself (...) will take a look and fix it.

Since I've been asked, just to clarify, my last post was a continuation of a sentence I mistakenly forgot to write out the whole thing.

It should read:

"If you actually care about fixing the issue report it through one of the venues that I've mentioned and Richard or myself (most likely Richard, I rarely deal with the actual administration of things and typically involve mostly with the technology side of things) will take a look and fix it."

And now I really am done :)

Yeah right, obviously I don't *really* care about the issue (ethics
in open source software, in case you did not understand).

So, I think I need to explain the situation. 

At first, changes in package was made by me, but package was intended for use in internal pypi (in scope of company). I don't know how it appeared here.

Why did I do that? Original package was not installable via pip at all.

What was changed? MANIFEST.in (just one line) and nothing more.

Andrew, given that you did not upload the package, I don't see
how you have anything to do with this.

Creating an internal or a *clearly distinguished* external
package is fine; taking up a misleading second spot on PyPI,
plagiarizing the package description *without even mentioning
that this is not the original package* is not.


The next version of cdecimal will be non-redistributable.