The API to access the data is not the problem. The problem is that PyPI does not currently record the information: there is no per distribution artifact metadata collected. In the case of licensing information, making sense of metadata prior to version 2.4 is a lost cause, unless you want to try to interpret free text licensing information is a gazillion of different formats with fall back to ambiguously defined classifiers. Metadat 2.4 makes it much easier but still not trivial: the License-Expression
metadata field is not mandatory. Licensing information can be expressed linking to license text via License-File
fields, or not present at all.
Except the one reply from Hynek, which hasnât reacted to your suggesting that his suffering should be endured for the collective good, the only replies are mine and yours, so I donât know on what you are basing your conclusion.
I was not the one to link time spent to suffering. I donât consider the time I spend working on open source projects as suffering. I was indeed very surprised when Hynek jumped from time spent to suffering and that motivated my next message on the topic where I lightly suggested that if time spent working on FOSS contributions is perceived as suffering, maybe it is time to revisit something.
I think that the accepted view that maintainers of open source projects have any responsibility toward the users of their code, to the extent that maintaining the project is more important than their well being is something that need to change. Comments like yours, even if intended only as jokes, only reinforce this view.
This is well off-topic now, though. Please direct message me if you want to continue.
You are accusing me of mean or inconsiderate behavior on a public forum. I prefer to defend my behavior on the same forum.
The API to access the data is not the problem. The problem is that PyPI does not currently record the information: there is no per distribution artifact metadata collected. In the case of licensing information, making sense of metadata prior to version 2.4 is a lost cause, unless you want to try to interpret free text licensing information is a gazillion of different formats with fall back to ambiguously defined classifiers. Metadat 2.4 makes it much easier but still not trivial: the
License-Expression
metadata field is not mandatory. Licensing information can be expressed linking to license text viaLicense-File
fields, or not present at all.
As has been pointed out repeatedly in prior discussions, license information reported for packages on PyPI is at best a strong hint as to the copyright license(s) covering downloads for that project. Anyone concerned about the actual licenses for all of the files contained within the downloads in each projectâs release need to consult files shipped in those projects, or their upstream developersâ documentation. Recent metadata changes improve this, but do not address all possible complexities of applying copyright licenses in projects.
You are accusing me of mean or inconsiderate behavior on a public forum. I prefer to defend my behavior on the same forum.
I intended no such accusation, and I apologise that it was perceived that way. For anyone else reading this, Iâll clearly state that I donât believe Daniele was being mean or inconsiderate.
I was not the one to link time spent to suffering. I donât consider the time I spend working on open source projects as suffering. I was indeed very surprised when Hynek jumped from time spent to suffering
Thatâs fair. They arenât directly the same thing, though I do understand how they logically link together (primarily because the time spent in this case is time that didnât need to be spent except that we forced it to be, and that is what maintainers often refer to as âsufferingâ).
I think that the accepted view that maintainers of open source projects have any responsibility toward the users of their code, to the extent that maintaining the project is more important than their well being is something that need to change. Comments like yours, even if intended only as jokes, only reinforce this view.
Again, I apologise that my comments were seen that way. I certainly donât endorse suffering in any real sense. Though itâs important to understand that the term is commonly used in OSS maintainer circles to refer broadly to unnecessary demands being placed upon maintainers, and in that sense most maintainers do feel a responsibility to âsufferâ for their projects and their users. We hope the other parts of the experience are rewarding enough to make up for it, and they often are, but we also help by not minimizing the additional work we cause when our own contributions donât go smoothly.[1]
And for complete clarity, this is not directed at Daniele specifically, but all of us on this forum. âŠď¸
@daniele @steve.dower youâre derailing the discussion here. This is not a topic I can sensibly split, because there is no category that would fit your back and forth here. So letâs leave it at that, otherwise Iâll have to hide the off-topic messages that users keep flagging.
If you ask me, it was irresponsible for the Hatchling maintainers to start unconditionally emitting metadata version 2.4 while packaging tools are still catching up.
Nope, I was quite responsible in fact and waited to release the new version of Hatchling until others confirmed that they would not be broken: Hatchling v1.27.0 changelog dead link + no tag ¡ Issue #1842 ¡ pypa/hatch ¡ GitHub
There is an open PR to add support for metadata version 2.4 to twine. From the looks of it, it should be merged soon. Switch to packaging for parsing metadata and support metadata 2.4 by dnicolodi ¡ Pull Request #1180 ¡ pypa/twine ¡ GitHub
FTR, I was just checking the state of it and realized that itâs been merged 3 weeks ago: Switch to packaging for parsing metadata and support metadata 2.4 by dnicolodi ¡ Pull Request #1180 ¡ pypa/twine ¡ GitHub. So it seems like the last bit everybodyâs waiting for is a new Twine release, unless Iâm missing something.