pip installer
- Login o registrati per inviare commenti
Hello,
I've made a python program that checks if a package in Python Package Index (pypi) is free. This script detects if a program is free if a package is OSI Approved.
I want help to integrate this functionality in pip, the python package installer, so that isn't possible to install nonfree software from pip.
Also, in order for the script to work a made a modification in locators.py from distlib
Allegato | Dimensione |
---|---|
checkpackage.tar | 1.25 MB |
You should talk to pip's developers about implementing this as a warning (not as a refusal to download packages). You might also want to check for different classes of licenses.
But there are some parts of your script that don't make sense:
1. "version = info.keys()[0]": What "info.keys()[0]" points to is undefined. "info" is a dictionary, and dictionaries are unordered. If you're trying to find the most recent version, you need to convert the keys to a list and sort it appropriately. As it is, you're just grabbing an arbitrary version.
2. You're only looking at the "License" field, which I don't tend to use because the license I'm using is a trove classifier.
3. Your script completely ignores the license field, because it always overwrites it with "gpl version 3". So it's always going to detect any package as free.
4. Your list of "free licenses" includes things that are not licenses at all, like "general public", and licenses which may or may not be libre, like "artistic". Since any arbitrary text can be typed in the license field, you ought to be very strict with what strings you accept. The warning can then display this license so that the user can personally check it.
By the way, while you should use trove classifiers, I would highly recommend against just assuming that any package with the "OSI Approved" or "DFSG Approved" classifier is libre, partly because the OSI has approved some proprietary licenses and partly because this isn't a declaration of a license, just a statement of fact which may or may not be true.
>You should talk to pip's developers about implementing this as a warning (not as a refusal to download packages).
In trisquel there is an issue for that https://trisquel.info/en/issues/3741. Since trisquel has only free software it shouldn't be possible to install from pip nonfree.
> You might also want to check for different classes of licenses.
Do you mean other that OSI Approved?
Sorry this attachment has the wrong file.
1. info has one value, the latest version.
Allegato | Dimensione |
---|---|
checkpackage.tar | 1.25 MB |
Hi, everyone
We also had a discussion in the Spanish forum about that issue (https://trisquel.info/en/forum/propuesta-acerca-de-pypi). There is already program that checks PyPI license information (among statistics and other cool stuff) in Python called pypi-cli. You can install it with pip.
sudo pip3 install pypi-cli
Apart from what mentioned onpon4, we should also take into account that a free package may have non-free dependencies. Also, please use Python 3 for new projects.
> You should talk to pip's developers about implementing this as a warning
I agree, that would be a great improvement.
If that's not possible we could make a simple fork of pip that checks the license before installing any program to only let install free programs.
pypi info youtube-dl
LICENSE: Unknown
Same for mps-youtube
It seems it is not great for the purpose :)
It works fine with most licenses. Reported the bug: https://github.com/sloria/pypi-cli/issues/14
In case you're wondering, youtube-dl is in the public domain and mps-youtube is licensed under the GNU GPL, version 3.
You can always fork the repo at https://github.com/pypa/pip and then once you make your updates, do a merge request. Were you thinking of adding a -free command line option to pip to force free packages only?
I made a project in gitlab (https://devel.trisquel.info/mixalis/checkpackage). Help is needed.
Only help I can get you is translations.
This isn't a bad idea, but the process isn't transparent. Also, that don't solve the main problem.
The better idea is create a separate repository with only free software with free dependencies. This will help to spread the message than non-free software is injust and unethical, and with this persuade PyPI mantainers to only include free software in their repos.
It exists. It is called "Trisquel's repository". It has many Python packages.
Please accept my merge request, it contains many improvements and it
also checks if a license is GPL-compatible.
If anyone wants to try it he has to fetch the source code of pip (python-pip-1.5.4) and replace req.py and _vendor/distlib/locators.py with the ones from gitlab. Sorry for the inconvenience but I couldn't push all the files to gitlab.
- Login o registrati per inviare commenti