[question/clarification] obfuscation policy

[nschloe]

Two days ago (June 17, 2024), PyPi has implemented a policy against "obfuscation techniques to hide or mask functionality."

I maintain some proprietary packages on PyPi that employ obfuscation to protect our intellectual property (e.g., betterbib). Our obfuscation is not intended to hide functionality though—in fact, I make an effort to document my packages thoroughly.
I assume this policy targets malicious practices, which do not apply to my packages. Therefore, I believe our practices comply with the new policy. I would appreciate confirmation of this and perhaps clarification within the policy.

This might also affect other proprietary packages like gurobipy, which "obfuscate" their source code by providing shared (compiled) libraries only, or by relaying their functionality to API calls.

[saksham-sak]

Explicit Documentation and Transparency
Detailed Documentation: Clearly document the purpose, functionality, and intended use of your proprietary package. This demonstrates good intent and provides transparency about your package's behavior.
Compliance Statement: Include a specific statement in your package's README or documentation, explaining the use of obfuscation. For instance:
"This package employs obfuscation techniques solely to protect proprietary algorithms and intellectual property. All functionality is well-documented and transparent to end-users, ensuring compliance with PyPi policies."
Proactively reach out to PyPi administrators to confirm that your obfuscation practices align with the policy. Highlight your package's transparency and intent in your communication.

[hugovk]

@saksham-sak Please don't post AI-generated instructions, it's neither accurate nor helpful.