incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roman Shaposhnik <ro...@shaposhnik.org>
Subject ASF hosted binaries collecting user data without an explicit opt-in
Date Tue, 06 Jun 2017 01:48:44 GMT
Hi!

after seeing this thread on legal-discuss:
    https://mail-archives.apache.org/mod_mbox/www-legal-discuss/201706.mbox/%3CCAGJoAUn-hiE89mWObh1Lb2S_vgqQJ%3DDC%3D1P_V1REQ9hUERCFog%40mail.gmail.com%3E

I'd like to ask a policy related question.

What we currently have is a whole bunch of binaries hosted
by ASF: https://ignite.apache.org/download.cgi#binaries that
collect user data and ship it away to a host currently not
associated with ASF (nor does it seem to be associated with
Ignite's PMC). The host name is ignite.run (and, as a side note,
as it turns out the connection to that host in Ignite releases prior
to 1.9 is unsecure:
   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6805
)

Is this something ASF should be concerned with from a standpoint
of the policy that we have for binary convenience artifacts that are
hosted on our end?

Would it make it different if ignite.run and the data collected
by it was managed by an Ignite PMC as opposed to an unidentified
3d party?

Thanks,
Roman.

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message