marcoabreu commented on issue #15489: Dynamic Library Loading Support URL: https://github.com/apache/incubator-mxnet/pull/15489#issuecomment-519075352 While that eliviates the problem from a ci perspective (if the bucket would be owned by the CI owners), it's still a red flag for our users. I'm afraid that companies prefer to stay away from the execution of an arbitrary native library that is downloaded from the internet - no matter whether it is backed by a hash or not. It's inevitable in some cases, but we want to reduce the possiblity of compliance scanners flagging us and thus making the usage of the MXNet more complicated than it has to be. I think the only acceptable way is if the library is getting produced as part of the build process that is entirely retrieved from source. These are also the tenants Apache employs - Apache project just not make any binary releases in any form. Thus let's best stick to that as well :)
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
