incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gour Saha <gs...@hortonworks.com>
Subject [CANCEL] [VOTE] Release Apache Slider 0.70.0-incubating
Date Fri, 13 Mar 2015 02:17:30 GMT
Marvin,
That totally makes sense.

I am going to cancel this release and prepare a new RC with the fixes. I
will call it 0.70.1-incubating and start the vote all over again.

Thank you.

-Gour

On 3/12/15, 7:02 PM, "Marvin Humphrey" <marvin@rectangular.com> wrote:

>On Thu, Mar 12, 2015 at 6:36 PM, Gour Saha <gsaha@hortonworks.com> wrote:
>
>> Is it okay if we move them to a more appropriate location like
>> src/test/resources directory? Or should we just delete them?
>
>Here's the rationale, redux:
>
>The Apache Software Foundation releases open source software.  Binary
>files
>cannot be audited by a PMC.  Even if they are derived from open source,
>they
>are not open source themselves.  They are a potential security hole -- an
>attacker who gains control of the machine on which those binaries are
>introduced may be able to insert a trojan which then goes along for the
>ride
>with the distribution.  Security-conscious consumers who compile from
>source
>distributions rather than use convenience binaries will find it tricky and
>laborious to detect and replace embedded mystery binaries.
>
>Does that make sense?  Based on that rationale, I hope that you can find a
>workaround which allows the official source release to be entirely free of
>binaries.
>
>Marvin Humphrey
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>For additional commands, e-mail: general-help@incubator.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message