On Mon, Jun 5, 2017 at 8:02 PM, Julian Hyde <jh...@apache.org> wrote: > Thanks for the explanation, Roman. I had no idea that policies for hosted > binaries > were stricter than for source code (other than the obvious effect on > licensing when you bundle in dependencies).
Btw, this one is serious enough that I'd like us to update our release policy based on the learnings here. So far it seems that there's an agreement on that having this type of capability... 1 ... in the source code disabled by default -- totally OK 2 ... in the source code enabled by default -- questionable, but OK 3 ... in the binary hosted by ASF disabled by default -- OK 4 ... in the binary hosted by ASF enabled by default -- NOT OK #4 can get nuanced if we want to invest in ASF managed infrastructure that is responsible for update tracking and user data collection. With my ASF hat on, I'd say that INFRA should probably stay away from user data collection/retention. That still leaves a possibility of a a ping/pong API that only consumes a name of ASF project and its version and returns a JSON object of some kind as per PMC choice. Thanks, Roman. --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org