Marvin, That totally makes sense. I am going to cancel this release and prepare a new RC with the fixes. I will call it 0.70.1-incubating and start the vote all over again.
Thank you. -Gour On 3/12/15, 7:02 PM, "Marvin Humphrey" <mar...@rectangular.com> wrote: >On Thu, Mar 12, 2015 at 6:36 PM, Gour Saha <gs...@hortonworks.com> wrote: > >> Is it okay if we move them to a more appropriate location like >> src/test/resources directory? Or should we just delete them? > >Here's the rationale, redux: > >The Apache Software Foundation releases open source software. Binary >files >cannot be audited by a PMC. Even if they are derived from open source, >they >are not open source themselves. They are a potential security hole -- an >attacker who gains control of the machine on which those binaries are >introduced may be able to insert a trojan which then goes along for the >ride >with the distribution. Security-conscious consumers who compile from >source >distributions rather than use convenience binaries will find it tricky and >laborious to detect and replace embedded mystery binaries. > >Does that make sense? Based on that rationale, I hope that you can find a >workaround which allows the official source release to be entirely free of >binaries. > >Marvin Humphrey > >--------------------------------------------------------------------- >To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
