incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julian Hyde <>
Subject Re: ASF hosted binaries collecting user data without an explicit opt-in
Date Tue, 06 Jun 2017 03:02:49 GMT
Thanks for the explanation, Roman. I had no idea that policies for hosted binaries were stricter
than for source code (other than the obvious effect on licensing when you bundle in dependencies).


> On Jun 5, 2017, at 7:47 PM, Roman Shaposhnik <> wrote:
> On Mon, Jun 5, 2017 at 7:34 PM, Julian Hyde <> wrote:
>> If the binaries are built from the released source code I don’t think we should
restrict what the binaries do.
> Well, but that's not how we treat licensing for example. For example
> -- there's plenty of ASF project that
> allow GPL licensed extension to be pulled into the build. That
> mechanics is part of the source code. However,
> as per our policy, we will not allow this kind of a convenience binary
> (containing GPL bits) to be hosted by
> ASF infrastructure.
> Now, there's nothing wrong with those kinds of binaries -- and 3d
> parties host them all the time -- its just that
> WE at ASF decided that it wouldn't be aligned with what we do.
> What I'm concerned about is that a combination of binaries hosted by
> ASF and a lack of opt-in AND an unsecure
> nature of the communication AND unclear data handling policies can
> potential make ASF liable if this kind of
> data ends up containing sensitive information and gets exploited.
> IANAL, but I could see EU being especially strict here.
>> The question is whether the community is aware of what the code is doing, and considers
it to be in the best interests of the project.
>> The answer seems to be yes, and yes. I saw that the issue was discussed on dev@ignite[1],
and had a corresponding JIRA case[2],
> As for the discussion on JIRA, I expected the podling to listen to the
> advice given by one of the mentors:
> but apparently that never happened.
> Thanks,
> Roman.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message