Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 43CF6200C8E for ; Thu, 8 Jun 2017 10:01:33 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 4256F160BD5; Thu, 8 Jun 2017 08:01:33 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 8644E160BCA for ; Thu, 8 Jun 2017 10:01:32 +0200 (CEST) Received: (qmail 50220 invoked by uid 500); 8 Jun 2017 08:01:26 -0000 Mailing-List: contact general-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: general@incubator.apache.org Delivered-To: mailing list general@incubator.apache.org Received: (qmail 50207 invoked by uid 99); 8 Jun 2017 08:01:26 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Jun 2017 08:01:26 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 07E621814DF for ; Thu, 8 Jun 2017 08:01:26 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.12 X-Spam-Level: X-Spam-Status: No, score=-0.12 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id f0tXtxiFyEhj for ; Thu, 8 Jun 2017 08:01:23 +0000 (UTC) Received: from mail-wm0-f42.google.com (mail-wm0-f42.google.com [74.125.82.42]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 7C0C25F649 for ; Thu, 8 Jun 2017 08:01:22 +0000 (UTC) Received: by mail-wm0-f42.google.com with SMTP id n195so25450542wmg.1 for ; Thu, 08 Jun 2017 01:01:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:subject:references:date:mime-version:content-transfer-encoding :from:organization:message-id:in-reply-to:user-agent; bh=9iDkNsnT2EavLVaj0qSJMCfKTKh+yBVF7ZXUDEWqtm8=; b=fEhmFW2d1MsUwVXMxxpmQlCL/KJ8Mcm8zhyitauKtBWUdZo4DDpYqNYnHNht85dxej qGn4D1HkuR/4lBN8uki5gdt6bVsZjcHB0wBiOX4G0ECFiMah/Y5i28WeNLGSzridRclS P9h1WjrN1EcVIojkNniVqpm95b1f2JGCYj5usVLEt/A6CRBI66A0uuvIK58NGyhjewgh JPQUewLQgMOmR8VbdQ4mfa82VVj/e4nzVp1VCUPekOdUy2oaT4rfB/I4zSlR/VWyzGSr tCKe0JjUMPEwuKk8U/3meQMtOjqZmknc+VGrFiVllTMS9CZXEoRKBHjx32BIfn1Qt88R ndCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:subject:references:date:mime-version :content-transfer-encoding:from:organization:message-id:in-reply-to :user-agent; bh=9iDkNsnT2EavLVaj0qSJMCfKTKh+yBVF7ZXUDEWqtm8=; b=lIxWsAGfj5SmkxjGJigJ3LKD4I3yqvdmiZVUAFLKmAdG49Hh4URiEqu4gz99PJCPwc KjyjMzuq/48kRtxRfVra8ahFOdqXo0E0rKJ76lMeubcCMBPY5U/AB+Yex+zOUPGRanqa RcCsIsxgJxWc58MBViityUMmGn7MboCfadCFxKJZ/9nzkGLAs4zkNsAptlJN+13AZm5w PI2+luSq1ucuoNnLRVqqxBKeFSC6x+D561iCBW1mBuIwfQGnb9jTAnNTpXsZRUxu4PqM QyTv1EjVsfzGkoHAy7zxaf0/wn1icWrzBelJBzkTisPVx+cOTcvJjutZV6Ub9AE7/VMI Qu9w== X-Gm-Message-State: AODbwcDQcwYkBjo+EGswWF2N5QkJiJ1fTF5RHT5t48rhe+hkUx6pRByR wa7D7J75mgFybQ7ipnE= X-Received: by 10.80.145.118 with SMTP id f51mr16398348eda.170.1496908876303; Thu, 08 Jun 2017 01:01:16 -0700 (PDT) Received: from desktop-v42f38k (143.225.197.178.dynamic.wless.zhbmb00p-cgnat.res.cust.swisscom.ch. [178.197.225.143]) by smtp.gmail.com with ESMTPSA id b27sm2026699ede.62.2017.06.08.01.01.15 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 08 Jun 2017 01:01:15 -0700 (PDT) Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes To: general@incubator.apache.org Subject: Re: ASF hosted binaries collecting user data without an explicit opt-in References: <22BA3553-6291-4EAD-848A-0112584C4B1D@apache.org> <6F37300C-F11E-4D74-A9A7-636E0F3D664C@apache.org> Date: Thu, 08 Jun 2017 10:01:12 +0200 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Raphael Bircher" Organization: Apache Software Foundation Message-ID: In-Reply-To: User-Agent: Opera Mail/1.0 (Win32) archived-at: Thu, 08 Jun 2017 08:01:33 -0000 Hi all, Am .06.2017, 09:43 Uhr, schrieb Bertrand Delacretaz : > On Wed, Jun 7, 2017 at 5:32 PM, Sean Busbey wrote: >> ...Who owns release policy? I presume it's VP Legal, which would >> suggest legal-discuss... > > I don't think our release policy is relevant here. > > The issue is a project releasing software that a) collects user data > without an explicit opt-in, and b) apparently does that in an insecure > way. > > a) is a privacy violation - we have > https://www.apache.org/foundation/policies/privacy.html for that, I > suggest that we simply expand it with a "collecting user data" > section. As Shane mentions > https://wiki.openoffice.org/wiki/Update_Service is related. > > b) is a general security problem, > http://www.apache.org/security/committers.html applies to that as > usual. > > Am I missing something? Yea, as far as I know it is in a old version who is in the archive, right. I think this makes some difference. Regards Raphael -- My introduction https://youtu.be/Ln4vly5sxYU --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org For additional commands, e-mail: general-help@incubator.apache.org