incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shane Curcuru <...@shanecurcuru.org>
Subject Re: ASF hosted binaries collecting user data without an explicit opt-in
Date Tue, 06 Jun 2017 12:34:21 GMT
While there may be technical issues out there, the policy issues can
have time for a thorough discussion before we make policy updates.

Alex Harui wrote on 6/5/17 11:25 PM:
> Is the use of Google Analytics also prohibited by #4?

That sounds like a different issue, unless a project is shipping docs
inside a release with GA code *in* the html docs that are then run when
a user installs the docs locally.  That would not be a good idea, BTW.

As Bertrand notes elsethread, GA on *.apache.org websites is fine as
long as the PMC is sure to comply with the ASF privacy policy:

  https://www.apache.org/foundation/policies/privacy.html

Separately, we have one example of auto-update checking which is OK:

  https://wiki.openoffice.org/wiki/Update_Service

> 
> -Alex
> 
> On 6/5/17, 8:16 PM, "shaposhnik@gmail.com on behalf of Roman Shaposhnik"
> <shaposhnik@gmail.com on behalf of roman@shaposhnik.org> wrote:
> 
>> On Mon, Jun 5, 2017 at 8:02 PM, Julian Hyde <jhyde@apache.org> wrote:
>>> Thanks for the explanation, Roman. I had no idea that policies for
>>> hosted binaries
>>> were stricter than for source code (other than the obvious effect on
>>> licensing when you bundle in dependencies).
>>
>> Btw, this one is serious enough that I'd like us to update our release
>> policy based on the
>> learnings here.
>>
>> So far it seems that there's an agreement on that having this type of
>> capability...
>>   1 ... in the source code disabled by default -- totally OK
>>   2 ... in the source code enabled by default -- questionable, but OK
>>   3 ... in the binary hosted by ASF disabled by default -- OK
>>   4 ... in the binary hosted by ASF enabled by default -- NOT OK
>>
>> #4 can get nuanced if we want to invest in ASF managed infrastructure
>> that is
>> responsible for update tracking and user data collection. With my ASF hat
>> on,
>> I'd say that INFRA should probably stay away from user data
>> collection/retention.
>>
>> That still leaves a possibility of a a ping/pong API that only
>> consumes a name of ASF
>> project and its version and returns a JSON object of some kind as per
>> PMC choice.
>>
>>
>> Thanks,
>> Roman.
>>

-- 

- Shane
  https://www.apache.org/foundation/marks/resources

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message