incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Raphael Bircher" <>
Subject Re: ASF hosted binaries collecting user data without an explicit opt-in
Date Tue, 06 Jun 2017 02:54:47 GMT
Hi all,

Am .06.2017, 04:47 Uhr, schrieb Roman Shaposhnik <>:

> On Mon, Jun 5, 2017 at 7:34 PM, Julian Hyde <> wrote:
>> If the binaries are built from the released source code I don’t think  
>> we should restrict what the binaries do.
> Well, but that's not how we treat licensing for example. For example
> -- there's plenty of ASF project that
> allow GPL licensed extension to be pulled into the build. That
> mechanics is part of the source code. However,
> as per our policy, we will not allow this kind of a convenience binary
> (containing GPL bits) to be hosted by
> ASF infrastructure.
> Now, there's nothing wrong with those kinds of binaries -- and 3d
> parties host them all the time -- its just that
> WE at ASF decided that it wouldn't be aligned with what we do.
> What I'm concerned about is that a combination of binaries hosted by
> ASF and a lack of opt-in AND an unsecure
> nature of the communication AND unclear data handling policies can
> potential make ASF liable if this kind of
> data ends up containing sensitive information and gets exploited.
> IANAL, but I could see EU being especially strict here.
Absolutely, for me the described behavior is a no go. The binaries should  
not be distributed over ASF Mirrors.

Regards, Raphael

My introduction

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message