On Thu, Jun 8, 2017 at 12:43 AM, Bertrand Delacretaz <bdelacre...@codeconsult.ch> wrote: > On Wed, Jun 7, 2017 at 5:32 PM, Sean Busbey <bus...@apache.org> wrote: >> ...Who owns release policy? I presume it's VP Legal, which would suggest >> legal-discuss... > > I don't think our release policy is relevant here.
Actually, that's what I'm trying to figure out. My initial thought around why release policy was relevant here was that THE ONLY reason we reacted the way we did is because there was a piece of software associated with ASF in two ways: 1. branding 2. distribution off of ASF infrastructure It sounds like you're saying that #1 is actually more important that #2. I may buy that, but let me ask you a hypothetical first. Suppose releases of Ingite were only done as source tarballs. Suppose also that the company called GridGain built it and made the binary available off of their website with the binary (and associated branding) saying Apache Ignite. Would we still have a problem if that binary did what Ignite's binary did? > The issue is a project releasing software that a) collects user data > without an explicit opt-in, and b) apparently does that in an insecure > way. I'm not concerned about b -- so lets cut it out of the discussion. > a) is a privacy violation - we have > https://www.apache.org/foundation/policies/privacy.html for that, I > suggest that we simply expand it with a "collecting user data" > section. As Shane mentions > https://wiki.openoffice.org/wiki/Update_Service is related. Well, but what does that policy apply to? A source release? A binary release? A binary release off of ASF infrastructure? Please be specific. Thanks, Roman. --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
