On Sat, Jan 21, 2017 at 12:19 PM Marvin Humphrey <mar...@rectangular.com> wrote:
> On Sat, Jan 21, 2017 at 6:41 AM, John D. Ament <john.d.am...@gmail.com> > wrote: > > However, regarding the > > binaries. In a recent discussion (on legal-discuss) it was decided that > > this was OK. Ideally the NOTICE would include the information on the > > binary's source of origin (assuming that the source was eligible to be > > licensed this way). In this case, the .tar.gz is actually the > > distribution of Apache Spark R that looks like its required to build > Toree. > > I must have missed this on legal-discuss, and it's counter to my > understanding. Can you please provide a link? > > Here is something I wrote to legal-discuss recently, which talks about > some of the security reasons why bundling a binary dependency is > problematic: https://s.apache.org/OuNX > > Same thread. Specifically Mark T's response [1] and Craig's affirmation [2] [1]: https://lists.apache.org/thread.html/995d9ddda07363faff5306154ff3a3aa100a07aad191785d866ae097@%3Clegal-discuss.apache.org%3E [2]: https://lists.apache.org/thread.html/5f10a28e5f7bf117599d35e14a00290453c1741d614605950ca897c1@%3Clegal-discuss.apache.org%3E John > Marvin Humphrey > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
