incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bertrand Delacretaz <bdelacre...@codeconsult.ch>
Subject Re: ASF hosted binaries collecting user data without an explicit opt-in
Date Thu, 08 Jun 2017 07:43:21 GMT
On Wed, Jun 7, 2017 at 5:32 PM, Sean Busbey <busbey@apache.org> wrote:
> ...Who owns release policy? I presume it's VP Legal, which would suggest legal-discuss...

I don't think our release policy is relevant here.

The issue is a project releasing software that a) collects user data
without an explicit opt-in, and b) apparently does that in an insecure
way.

a) is a privacy violation - we have
https://www.apache.org/foundation/policies/privacy.html for that, I
suggest that we simply expand it with a "collecting user data"
section. As Shane mentions
https://wiki.openoffice.org/wiki/Update_Service is related.

b) is a general security problem,
http://www.apache.org/security/committers.html applies to that as
usual.

Am I missing something?

-Bertrand

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message