The Infrastructure team is taking this to the Apache Ignite PMC. This is completely improper.
On Mon, Jun 5, 2017 at 9:34 PM, Julian Hyde <jh...@apache.org> wrote: > If the binaries are built from the released source code I don’t think we > should restrict what the binaries do. The question is whether the community > is aware of what the code is doing, and considers it to be in the best > interests of the project. > > The answer seems to be yes, and yes. I saw that the issue was discussed on > dev@ignite[1], and had a corresponding JIRA case[2], and no objections > were raised. If anyone has problems with that behavior (including security > bugs) they should raise it with Ignite's PMC. > > Julian > > [1] https://mail-archives.apache.org/mod_mbox/ignite-dev/201504.mbox/% > 3ccalv17qod61yu63__cs9ekgu+kvxhppkxmpagndonrz1t8_t...@mail.gmail.com%3E < > https://mail-archives.apache.org/mod_mbox/ignite-dev/201504.mbox/% > 3ccalv17qod61yu63__cs9ekgu+kvxhppkxmpagndonrz1t8_t...@mail.gmail.com%3E> > > [2] https://issues.apache.org/jira/browse/IGNITE-775 < > https://issues.apache.org/jira/browse/IGNITE-775> > > > > > On Jun 5, 2017, at 6:48 PM, Roman Shaposhnik <ro...@shaposhnik.org> > wrote: > > > > Hi! > > > > after seeing this thread on legal-discuss: > > https://mail-archives.apache.org/mod_mbox/www-legal- > discuss/201706.mbox/%3CCAGJoAUn-hiE89mWObh1Lb2S_vgqQJ%3DDC%3D1P_ > V1REQ9hUERCFog%40mail.gmail.com%3E > > > > I'd like to ask a policy related question. > > > > What we currently have is a whole bunch of binaries hosted > > by ASF: https://ignite.apache.org/download.cgi#binaries that > > collect user data and ship it away to a host currently not > > associated with ASF (nor does it seem to be associated with > > Ignite's PMC). The host name is ignite.run (and, as a side note, > > as it turns out the connection to that host in Ignite releases prior > > to 1.9 is unsecure: > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6805 > > ) > > > > Is this something ASF should be concerned with from a standpoint > > of the policy that we have for binary convenience artifacts that are > > hosted on our end? > > > > Would it make it different if ignite.run and the data collected > > by it was managed by an Ignite PMC as opposed to an unidentified > > 3d party? > > > > Thanks, > > Roman. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > For additional commands, e-mail: general-h...@incubator.apache.org > > > >