Thanks Greg. I have already started the conversation on private@ignite and opened IGNITE-5413 -- Take care, Konstantin (Cos) Boudnik 2CAC 8312 4870 D885 8616 6115 220F 6980 1F27 E622
Disclaimer: Opinions expressed in this email are those of the author, and do not necessarily represent the views of any company the author might be affiliated with at the moment of writing. On Mon, Jun 5, 2017 at 7:36 PM, Greg Stein <gst...@gmail.com> wrote: > The Infrastructure team is taking this to the Apache Ignite PMC. This is > completely improper. > > On Mon, Jun 5, 2017 at 9:34 PM, Julian Hyde <jh...@apache.org> wrote: > >> If the binaries are built from the released source code I don’t think we >> should restrict what the binaries do. The question is whether the community >> is aware of what the code is doing, and considers it to be in the best >> interests of the project. >> >> The answer seems to be yes, and yes. I saw that the issue was discussed on >> dev@ignite[1], and had a corresponding JIRA case[2], and no objections >> were raised. If anyone has problems with that behavior (including security >> bugs) they should raise it with Ignite's PMC. >> >> Julian >> >> [1] https://mail-archives.apache.org/mod_mbox/ignite-dev/201504.mbox/% >> 3ccalv17qod61yu63__cs9ekgu+kvxhppkxmpagndonrz1t8_t...@mail.gmail.com%3E < >> https://mail-archives.apache.org/mod_mbox/ignite-dev/201504.mbox/% >> 3ccalv17qod61yu63__cs9ekgu+kvxhppkxmpagndonrz1t8_t...@mail.gmail.com%3E> >> >> [2] https://issues.apache.org/jira/browse/IGNITE-775 < >> https://issues.apache.org/jira/browse/IGNITE-775> >> >> >> >> > On Jun 5, 2017, at 6:48 PM, Roman Shaposhnik <ro...@shaposhnik.org> >> wrote: >> > >> > Hi! >> > >> > after seeing this thread on legal-discuss: >> > https://mail-archives.apache.org/mod_mbox/www-legal- >> discuss/201706.mbox/%3CCAGJoAUn-hiE89mWObh1Lb2S_vgqQJ%3DDC%3D1P_ >> V1REQ9hUERCFog%40mail.gmail.com%3E >> > >> > I'd like to ask a policy related question. >> > >> > What we currently have is a whole bunch of binaries hosted >> > by ASF: https://ignite.apache.org/download.cgi#binaries that >> > collect user data and ship it away to a host currently not >> > associated with ASF (nor does it seem to be associated with >> > Ignite's PMC). The host name is ignite.run (and, as a side note, >> > as it turns out the connection to that host in Ignite releases prior >> > to 1.9 is unsecure: >> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6805 >> > ) >> > >> > Is this something ASF should be concerned with from a standpoint >> > of the policy that we have for binary convenience artifacts that are >> > hosted on our end? >> > >> > Would it make it different if ignite.run and the data collected >> > by it was managed by an Ignite PMC as opposed to an unidentified >> > 3d party? >> > >> > Thanks, >> > Roman. >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> > For additional commands, e-mail: general-h...@incubator.apache.org >> > >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
