incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@gmail.com>
Subject Re: ASF hosted binaries collecting user data without an explicit opt-in
Date Fri, 09 Jun 2017 05:15:38 GMT
I recall a company that started to list out each of things NOT to do. Item
after item after item, to develop a policy. After a few dozen such, one guy
piped up, "this is ridiculous" ... It just isn't tractable. So he suggested
a simple replacement:

Do no evil.


On Jun 8, 2017 21:13, "Roman Shaposhnik" <roman@shaposhnik.org> wrote:

> On Thu, Jun 8, 2017 at 12:43 AM, Bertrand Delacretaz
> <bdelacretaz@codeconsult.ch> wrote:
> > On Wed, Jun 7, 2017 at 5:32 PM, Sean Busbey <busbey@apache.org> wrote:
> >> ...Who owns release policy? I presume it's VP Legal, which would
> suggest legal-discuss...
> >
> > I don't think our release policy is relevant here.
>
> Actually, that's what I'm trying to figure out. My initial thought around
> why
> release policy was relevant here was that THE ONLY reason we reacted
> the way we did is because there was a piece of software associated with
> ASF in two ways:
>    1. branding
>    2. distribution off of ASF infrastructure
>
> It sounds like you're saying that #1 is actually more important that #2. I
> may
> buy that, but let me ask you a hypothetical first. Suppose releases of
> Ingite
> were only done as source tarballs. Suppose also that the company called
> GridGain built it and made the binary available off of their website with
> the binary (and associated branding) saying Apache Ignite.
>
> Would we still have a problem if that binary did what Ignite's binary did?
>
> > The issue is a project releasing software that a) collects user data
> > without an explicit opt-in, and b) apparently does that in an insecure
> > way.
>
> I'm not concerned about b -- so lets cut it out of the discussion.
>
> > a) is a privacy violation - we have
> > https://www.apache.org/foundation/policies/privacy.html for that, I
> > suggest that we simply expand it with a "collecting user data"
> > section. As Shane mentions
> > https://wiki.openoffice.org/wiki/Update_Service is related.
>
> Well, but what does that policy apply to? A source release? A binary
> release? A binary release off of ASF infrastructure?
>
> Please be specific.
>
> Thanks,
> Roman.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message