incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roman Shaposhnik <>
Subject Re: ASF hosted binaries collecting user data without an explicit opt-in
Date Tue, 06 Jun 2017 03:16:05 GMT
On Mon, Jun 5, 2017 at 8:02 PM, Julian Hyde <> wrote:
> Thanks for the explanation, Roman. I had no idea that policies for hosted binaries
> were stricter than for source code (other than the obvious effect on licensing when you
bundle in dependencies).

Btw, this one is serious enough that I'd like us to update our release
policy based on the
learnings here.

So far it seems that there's an agreement on that having this type of
   1 ... in the source code disabled by default -- totally OK
   2 ... in the source code enabled by default -- questionable, but OK
   3 ... in the binary hosted by ASF disabled by default -- OK
   4 ... in the binary hosted by ASF enabled by default -- NOT OK

#4 can get nuanced if we want to invest in ASF managed infrastructure that is
responsible for update tracking and user data collection. With my ASF hat on,
I'd say that INFRA should probably stay away from user data

That still leaves a possibility of a a ping/pong API that only
consumes a name of ASF
project and its version and returns a JSON object of some kind as per
PMC choice.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message