On Wed, Jun 7, 2017 at 5:32 PM, Sean Busbey <bus...@apache.org> wrote: > ...Who owns release policy? I presume it's VP Legal, which would suggest > legal-discuss...
I don't think our release policy is relevant here. The issue is a project releasing software that a) collects user data without an explicit opt-in, and b) apparently does that in an insecure way. a) is a privacy violation - we have https://www.apache.org/foundation/policies/privacy.html for that, I suggest that we simply expand it with a "collecting user data" section. As Shane mentions https://wiki.openoffice.org/wiki/Update_Service is related. b) is a general security problem, http://www.apache.org/security/committers.html applies to that as usual. Am I missing something? -Bertrand --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org