Difficult balance and alternatives

One of the issue with rules is that the more precise they are, the more they increase false positive (people that found ways to respect the rule by the letter while managing to do things that the rules were meant to forbid) and negative (people doing things that are meant to be OK but forbidden by the rules), and the more lax they are, the more they are subject to interpretations by the people who are charged to enforce the rules, and so their application can depend on the people doing the enforcement at a given time.

Here it seems to be lax enough to allow to take a lot of context into account, and there are examples as well, which helps a lot to clarify things. So we seem to have some good balance here.

Note that I didn't register yet to pypi so I'm not sure exactly what service it provide, but I read the new terms of services to understand if it was worth applying on behalf of a project I ended up co-maintaining.

In (from https://policies.python.org/pypi.org/Acceptable-Use-Policy/) we have:

> Posting text, imagery, or audio content glorifying or containing a graphic depiction of violence toward oneself, another individual, group, or animal

Does that means that many free software games are out of the scope of pypi? Are games that have the issue mentioned above typically referenced somewhere else, or not care about pypi?

In my case the package I co-maintain is not a game, so it doesn't fall into that (it's an application that interacts with an online service). I also don't know if this part is a good or bad thing, so I've no objections to it.

Another question is if it is possible to avoid pypi completely and/or how hard it is to setup another compatible repository. The use case would be to have only 100% free packages hosted/referenced.

pip install can at least refer to specific URL like with 'pip install git+https://some-forge/project-group/project', and PEP 508 allows some URLs, but I guess that at some point in the dependency chain, it will depend on packages that take their dependencies from pypi. And making sure to always have the latest revision of a dependency probably increase the amount of work.

So are there people that managed to self-host compatible repositories and somehow modify or configure pip to point to them? Or are there ways to somehow filter packages/dependencies on the license?