www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Boudnik <...@apache.org>
Subject Re: Apache Ignite is collecting usage statics (?)
Date Tue, 06 Jun 2017 01:50:52 GMT
Makoto, I have created IGNITE-5413 to track this issue. Thanks for reporting!
--
  Take care,
Konstantin (Cos) Boudnik
2CAC 8312 4870 D885 8616  6115 220F 6980 1F27 E622

Disclaimer: Opinions expressed in this email are those of the author,
and do not necessarily represent the views of any company the author
might be affiliated with at the moment of writing.


On Mon, Jun 5, 2017 at 5:22 PM, Konstantin Boudnik <cos@apache.org> wrote:
> IANAL, but as far I as I could tell ASF doesn't dictate what and how a
> project should implement the handling of the security data. That's
> largely up to the PMC and the community to deal with the issues like
> this. Hence, I urge you to open a JIRA ticket against Apache Ignite
> and move the discussion there.
>
> Cos
> --
>   Take care,
> Konstantin (Cos) Boudnik
> 2CAC 8312 4870 D885 8616  6115 220F 6980 1F27 E622
>
> Disclaimer: Opinions expressed in this email are those of the author,
> and do not necessarily represent the views of any company the author
> might be affiliated with at the moment of writing.
>
>
> On Mon, Jun 5, 2017 at 2:44 AM, Makoto Yui <myui@apache.org> wrote:
>> Hi,
>>
>> My colleague found that Apache Ignite is periodically accessing to [1].
>> [1] https://ignite.run/update_status_ignite-plain-text.php
>>
>> It is enabled by default setting. We evaluated
>> org.apache.ignite:ignite-core:1.9.0.
>>
>> Corresponding code is [2]
>> [2] https://github.com/apache/ignite/blob/1d0b0765134a81e6626a9ef1c70939085f954847/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/ClusterProcessor.java#L81-L82
>>
>> It does check whether Ignite is latest version or not, maybe with
>> usage tracking (?).
>> Posting JVM env variable [3] should not be sent because it may include
>> sensitive information such as password.
>> [3] https://github.com/apache/ignite/blob/1d0b0765134a81e6626a9ef1c70939085f954847/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridUpdateNotifier.java#L313
>>
>> Is this allowed in the ASF's policy?
>> I guess old codes before contributing to ASF is still remaining though.
>>
>> Thanks,
>> Makoto
>>
>> --
>> Makoto YUI <myui AT apache.org>
>> Research Engineer, Treasure Data, Inc.
>> http://myui.github.io/
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message