Possible legal issues with the logo

[KOLANICH]

I once wanted to use a logo in colors of python in order to highlight that my project is intended to be used with python (it is essentially python bindings to some third-party code), but feeled like they can be trademarked.

I have contacted the email and asked for clarifiaction and permission. I was told that currently they don't intend to trademark python colors and that if I start using my logo, I'd "be" a my trademark (damn this legal shit, I wish there would be no trademark laws at all!). But the colors are already a de-facto trademark.

I asked if they can either give me a digitally signed text that the use of the colors in my logo is not considered trademark violation, or change their trademark policy to clarify which uses of colors are explicitly allowed. I was answered that this is the decision which is up to the board, and the board won't do that for me unless maybe for a lot of money.

IMHO this FUD situation is a bit annoying.

https://pyright.blogspot.com/2011/02/svg-xml-and-python-logo.html
Nuitka/Nuitka-website#19
PyAV-Org/PyAV#728
derb12/mcetl#13
https://github.com/ReagentX/Logria-py/issues/147
python-trio/trio#1828
amcc1996/symbeam#7
JuliaPy/PythonCall.jl#3
#222
aiortc/aiortc#442
MatthijsKamstra/haxepython#3

[welcome]

👋 Thanks for opening your first issue here! Please make sure you filled out the template with as much detail as possible.

You might also want to take a look at our Contributing Guide and Code of Conduct.

[leouieda]

Thanks for opening this issue but that's likely not a problem for us. While they don't explicitly trademark the colors, there is this part of the policy:

Use of derived logos for freely distributed 3rd-party modules or tools -- Allowed if for the Python programming language. Use of derived logos for commercial modules and tools requires permission from the PSF.

[KOLANICH]

I feel like adding an address for donations will make the usage commercial... And today you don't plan to do it, but many years after when you may want to add a donate link and when everyone is familiar with the logo it won't even cause a moment of doubt...

Thank you for your vision. It is clearly valid.

[leouieda]

Ah, fair point. I'll keep this open then so we can keep it in mind.

[KOLANICH]

I have managed to get some kind of a cryptographic proof. The email conversation between me and PSF employee is signed by SMTP servers using DKIM. If we assumme that the servers are trusted, and sign only the emails that they have actually send, and if noone can forge a signature, we get a proof.

This was used to authenticate the leaked emails dumped to WikiLeaks, and there are some python libs for that.

So the solution is to publish the email conversation to the PSF employee (for my case I asked if he gives the consent to publish them, and he has given), and then anyone in the Net can check the signatures.

We also rely on a yet another trusted third party for backups and timestamping (instead we can rely on blockchain, but it is too costly).

1. We archive the public keys that GMail has used to sign the messages with a kind of proof that they belonged to GMail. DNS over HTTPS servers allow us to get the result of DNS lookup as a text over HTTP. And Web Archive archives the pages served over HTTP. So we just construct a lookup URI and feed it into Web Archive, and then we have a link to DNS resolution at some point in time.

2. If Google published their private DKIM keys to make the signatures repudiable (so anyone in the Net can forge them), there is a countermeasure. We hash the archive of the emails, and then feed the link to the hash into Web Archive. Then we have a proof that the archive has existed before the release of the keys.

And some more layers:

1. To protect email addresses from spam bots we "encrypt" the archives. We publish the passwords near the archives, but apply some transformation to it before encrypting and instruct a user to do the transformations.
2. We provide a short and easy to understand script verifying the signatures.