I recall a company that started to list out each of things NOT to do. Item after item after item, to develop a policy. After a few dozen such, one guy piped up, "this is ridiculous" ... It just isn't tractable. So he suggested a simple replacement:
Do no evil. On Jun 8, 2017 21:13, "Roman Shaposhnik" <ro...@shaposhnik.org> wrote: > On Thu, Jun 8, 2017 at 12:43 AM, Bertrand Delacretaz > <bdelacre...@codeconsult.ch> wrote: > > On Wed, Jun 7, 2017 at 5:32 PM, Sean Busbey <bus...@apache.org> wrote: > >> ...Who owns release policy? I presume it's VP Legal, which would > suggest legal-discuss... > > > > I don't think our release policy is relevant here. > > Actually, that's what I'm trying to figure out. My initial thought around > why > release policy was relevant here was that THE ONLY reason we reacted > the way we did is because there was a piece of software associated with > ASF in two ways: > 1. branding > 2. distribution off of ASF infrastructure > > It sounds like you're saying that #1 is actually more important that #2. I > may > buy that, but let me ask you a hypothetical first. Suppose releases of > Ingite > were only done as source tarballs. Suppose also that the company called > GridGain built it and made the binary available off of their website with > the binary (and associated branding) saying Apache Ignite. > > Would we still have a problem if that binary did what Ignite's binary did? > > > The issue is a project releasing software that a) collects user data > > without an explicit opt-in, and b) apparently does that in an insecure > > way. > > I'm not concerned about b -- so lets cut it out of the discussion. > > > a) is a privacy violation - we have > > https://www.apache.org/foundation/policies/privacy.html for that, I > > suggest that we simply expand it with a "collecting user data" > > section. As Shane mentions > > https://wiki.openoffice.org/wiki/Update_Service is related. > > Well, but what does that policy apply to? A source release? A binary > release? A binary release off of ASF infrastructure? > > Please be specific. > > Thanks, > Roman. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
