I see people have some questions for us and we hope this will help.
Re: this text in the new PyPI ToS, “PSF has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately. PSF reserves the right to refuse service to anyone for any reason at any time.”
Q: Is this an expansion of the PSF’s existing powers as PyPi’s administrative and fiscal steward?
A: It is an explicit statement of our existing authority, as we understand it and as it has been applied in practice. We already work to reduce spam, malware, confusion, fraud and other unwanted behavior on the site but there are always new ways to try to attack or otherwise disrupt a public site. The reason for the change is to make sure we can respond to security issues and unforeseen ways of abusing/misusing PyPI in a timely fashion. This language gives us the flexibility to respond swiftly, and it is also in line with the terms offered by other services that can be compared to PyPI. It does not change our non-profit mission, which is to provide CPython and the packages on PyPI to everyone forever, at no cost. We accept packages from everyone as long as it doesn’t clash with our mission and the Terms of Service.
More specifically the thought process behind this particular language went like this:
-
We based our terms off of GitHub’s Creative Commons licensed Terms, and focused mainly on where we know that our needs and our communities’ needs differ.
-
The clause in GitHubs Terms around user suspension is “boiler plate” and wasn’t considered beyond “looks pretty normal to me for a ToS”, so we incorporated it in our Terms without changing it
-
We are probably correct to keep it as it reserves that right for circumstances we can’t foresee that may require such suspension, without needing to update our ToS just to perform that action.
Q: What’s the deal with PyPI Orgs?
A: These have been a long requested feature. Projects with lots of coders want to more easily do the administration to manage editing permissions inside a defined work group. Companies that fall into this category can opt in to pay for this feature. Community projects and nonprofit projects can opt in to access this feature for free. The subscription fees paid by companies to use the Orgs feature will help us support PyPI, which is a massive and constantly growing service, always requiring more bandwidth and staff attention.
Q: Who was involved in these decisions?
A: Generating revenue through PyPI features for companies has been discussed at the PSF Board level since at least 2020. The plan took a while to refine but was eventually solidified and communicated to the community in April of 2023 here (the link was also shared on this forum.) Then an update about why it was taking longer than expected was provided to the community in September of 2023, here. We were able to hire a PyPI Support person to address the backlog in July, 2024 and were just recently able to make the Orgs functionality available due to dedicated PSF staff work on our PyPI support backlog.
The recent updates to the Terms of Service were carried out by PSF staff in conjunction with our lawyer for these topics (legal issues associated with running a massive open source code-hosting site) to finalize the work around the PyPI orgs.