On Mon, Jun 5, 2017 at 7:34 PM, Julian Hyde <jh...@apache.org> wrote: > If the binaries are built from the released source code I don’t think we > should restrict what the binaries do.
Well, but that's not how we treat licensing for example. For example -- there's plenty of ASF project that allow GPL licensed extension to be pulled into the build. That mechanics is part of the source code. However, as per our policy, we will not allow this kind of a convenience binary (containing GPL bits) to be hosted by ASF infrastructure. Now, there's nothing wrong with those kinds of binaries -- and 3d parties host them all the time -- its just that WE at ASF decided that it wouldn't be aligned with what we do. What I'm concerned about is that a combination of binaries hosted by ASF and a lack of opt-in AND an unsecure nature of the communication AND unclear data handling policies can potential make ASF liable if this kind of data ends up containing sensitive information and gets exploited. IANAL, but I could see EU being especially strict here. > The question is whether the community is aware of what the code is doing, and > considers it to be in the best interests of the project. > > The answer seems to be yes, and yes. I saw that the issue was discussed on > dev@ignite[1], and had a corresponding JIRA case[2], As for the discussion on JIRA, I expected the podling to listen to the advice given by one of the mentors: https://issues.apache.org/jira/browse/IGNITE-775?focusedCommentId=14512075&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14512075 but apparently that never happened. Thanks, Roman. --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org