On Thu, Mar 12, 2015 at 6:36 PM, Gour Saha <gs...@hortonworks.com> wrote:
> Is it okay if we move them to a more appropriate location like > src/test/resources directory? Or should we just delete them? Here's the rationale, redux: The Apache Software Foundation releases open source software. Binary files cannot be audited by a PMC. Even if they are derived from open source, they are not open source themselves. They are a potential security hole -- an attacker who gains control of the machine on which those binaries are introduced may be able to insert a trojan which then goes along for the ride with the distribution. Security-conscious consumers who compile from source distributions rather than use convenience binaries will find it tricky and laborious to detect and replace embedded mystery binaries. Does that make sense? Based on that rationale, I hope that you can find a workaround which allows the official source release to be entirely free of binaries. Marvin Humphrey --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
