incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julian Hyde <jh...@apache.org>
Subject Re: ASF hosted binaries collecting user data without an explicit opt-in
Date Tue, 06 Jun 2017 03:02:49 GMT
Thanks for the explanation, Roman. I had no idea that policies for hosted binaries were stricter
than for source code (other than the obvious effect on licensing when you bundle in dependencies).

Julian

> On Jun 5, 2017, at 7:47 PM, Roman Shaposhnik <roman@shaposhnik.org> wrote:
> 
> On Mon, Jun 5, 2017 at 7:34 PM, Julian Hyde <jhyde@apache.org> wrote:
>> If the binaries are built from the released source code I don’t think we should
restrict what the binaries do.
> 
> Well, but that's not how we treat licensing for example. For example
> -- there's plenty of ASF project that
> allow GPL licensed extension to be pulled into the build. That
> mechanics is part of the source code. However,
> as per our policy, we will not allow this kind of a convenience binary
> (containing GPL bits) to be hosted by
> ASF infrastructure.
> 
> Now, there's nothing wrong with those kinds of binaries -- and 3d
> parties host them all the time -- its just that
> WE at ASF decided that it wouldn't be aligned with what we do.
> 
> What I'm concerned about is that a combination of binaries hosted by
> ASF and a lack of opt-in AND an unsecure
> nature of the communication AND unclear data handling policies can
> potential make ASF liable if this kind of
> data ends up containing sensitive information and gets exploited.
> 
> IANAL, but I could see EU being especially strict here.
> 
>> The question is whether the community is aware of what the code is doing, and considers
it to be in the best interests of the project.
>> 
>> The answer seems to be yes, and yes. I saw that the issue was discussed on dev@ignite[1],
and had a corresponding JIRA case[2],
> 
> As for the discussion on JIRA, I expected the podling to listen to the
> advice given by one of the mentors:
>   https://issues.apache.org/jira/browse/IGNITE-775?focusedCommentId=14512075&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14512075
> but apparently that never happened.
> 
> Thanks,
> Roman.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message