incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roman Shaposhnik <>
Subject Re: ASF hosted binaries collecting user data without an explicit opt-in
Date Tue, 13 Jun 2017 06:00:46 GMT
On Thu, Jun 8, 2017 at 11:51 PM, Bertrand Delacretaz
<> wrote:
> On Fri, Jun 9, 2017 at 7:15 AM, Greg Stein <> wrote:
>>... Do no evil...
> Of course. As long as everybody agrees on the definition of "evil" ;-)
> Hence my proposal to briefly document best practices about how to
> collect user data in a non-evil way.
> Maybe adding a few notes to
> about what infra has
> been doing to fix the current issue is sufficient, so that we can
> point to that later if similar cases arise.

There's also this:

which I find very intriguing.

But I've got to say -- we need INFRA (Greg?) to tell us what they are
and what they are NOT
willing to do to enable something like that.

If the default is not much -- I think we have no choice but to say
that since ASF can't
provide the infrastructure to reliable and securely collect user data
project that publish
convenience binaries off of Apache Infra shouldn't do that.

Which basically gets me to the list I was proposing we clean up and
add to the policy:

So far it seems that there's an agreement on that having this type of
   1 ... in the source code disabled by default -- totally OK
   2 ... in the source code enabled by default -- questionable, but OK
   3 ... in the binary hosted by ASF disabled by default -- OK
   4 ... in the binary hosted by ASF enabled by default -- NOT OK


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message