On Sat, Jan 21, 2017 at 6:41 AM, John D. Ament <john.d.am...@gmail.com> wrote: > However, regarding the > binaries. In a recent discussion (on legal-discuss) it was decided that > this was OK. Ideally the NOTICE would include the information on the > binary's source of origin (assuming that the source was eligible to be > licensed this way). In this case, the .tar.gz is actually the > distribution of Apache Spark R that looks like its required to build Toree.
I must have missed this on legal-discuss, and it's counter to my understanding. Can you please provide a link? Here is something I wrote to legal-discuss recently, which talks about some of the security reasons why bundling a binary dependency is problematic: https://s.apache.org/OuNX Marvin Humphrey --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org