incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Boudnik <...@apache.org>
Subject Re: ASF hosted binaries collecting user data without an explicit opt-in
Date Tue, 06 Jun 2017 02:50:10 GMT
Thanks Greg. I have already started the conversation on private@ignite
and opened IGNITE-5413
--
  Take care,
Konstantin (Cos) Boudnik
2CAC 8312 4870 D885 8616  6115 220F 6980 1F27 E622

Disclaimer: Opinions expressed in this email are those of the author,
and do not necessarily represent the views of any company the author
might be affiliated with at the moment of writing.


On Mon, Jun 5, 2017 at 7:36 PM, Greg Stein <gstein@gmail.com> wrote:
> The Infrastructure team is taking this to the Apache Ignite PMC. This is
> completely improper.
>
> On Mon, Jun 5, 2017 at 9:34 PM, Julian Hyde <jhyde@apache.org> wrote:
>
>> If the binaries are built from the released source code I don’t think we
>> should restrict what the binaries do. The question is whether the community
>> is aware of what the code is doing, and considers it to be in the best
>> interests of the project.
>>
>> The answer seems to be yes, and yes. I saw that the issue was discussed on
>> dev@ignite[1], and had a corresponding JIRA case[2], and no objections
>> were raised. If anyone has problems with that behavior (including security
>> bugs) they should raise it with Ignite's PMC.
>>
>> Julian
>>
>> [1] https://mail-archives.apache.org/mod_mbox/ignite-dev/201504.mbox/%
>> 3CCALV17Qod61yu63__Cs9ekGu+KVxHPpKXmpAGNdoNRz1t8_T9SA@mail.gmail.com%3E <
>> https://mail-archives.apache.org/mod_mbox/ignite-dev/201504.mbox/%
>> 3CCALV17Qod61yu63__Cs9ekGu+KVxHPpKXmpAGNdoNRz1t8_T9SA@mail.gmail.com%3E>
>>
>> [2] https://issues.apache.org/jira/browse/IGNITE-775 <
>> https://issues.apache.org/jira/browse/IGNITE-775>
>>
>>
>>
>> > On Jun 5, 2017, at 6:48 PM, Roman Shaposhnik <roman@shaposhnik.org>
>> wrote:
>> >
>> > Hi!
>> >
>> > after seeing this thread on legal-discuss:
>> >    https://mail-archives.apache.org/mod_mbox/www-legal-
>> discuss/201706.mbox/%3CCAGJoAUn-hiE89mWObh1Lb2S_vgqQJ%3DDC%3D1P_
>> V1REQ9hUERCFog%40mail.gmail.com%3E
>> >
>> > I'd like to ask a policy related question.
>> >
>> > What we currently have is a whole bunch of binaries hosted
>> > by ASF: https://ignite.apache.org/download.cgi#binaries that
>> > collect user data and ship it away to a host currently not
>> > associated with ASF (nor does it seem to be associated with
>> > Ignite's PMC). The host name is ignite.run (and, as a side note,
>> > as it turns out the connection to that host in Ignite releases prior
>> > to 1.9 is unsecure:
>> >   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6805
>> > )
>> >
>> > Is this something ASF should be concerned with from a standpoint
>> > of the policy that we have for binary convenience artifacts that are
>> > hosted on our end?
>> >
>> > Would it make it different if ignite.run and the data collected
>> > by it was managed by an Ignite PMC as opposed to an unidentified
>> > 3d party?
>> >
>> > Thanks,
>> > Roman.
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> > For additional commands, e-mail: general-help@incubator.apache.org
>> >
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message