lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 May 2019 13:00:17 -0700 From: Joe Perches <joe@...ches.com> To: Konstantin Ryabitsev <konstantin@...uxfoundation.org> Cc: linux-kernel@...r.kernel.org Subject: Re: PSA: Do not use "Reported-By" without reporter's approval On Wed, 2019-05-22 at 15:58 -0400, Konstantin Ryabitsev wrote: > On Wed, May 22, 2019 at 12:45:06PM -0700, Joe Perches wrote: > > > It is common courtesy to include this tagline when submitting > > > patches: > > > > > > Reported-By: J. Doe <jdoe@...mple.com> > > > > > > Please ask the reporter's permission before doing so (even if they'd > > > submitted a public bugzilla report or sent a report to the mailing > > > list). > > > > I disagree with this. > > > > If the report is public, and lists like vger are public, > > then using a Reported-by: and/or a Link: are simply useful > > history and tracking information. > > I'm perfectly fine with Link:, however Reported-By: usually has the > person's name and email address (i.e. PII data per GDPR definition). So? Like I wrote, if that report came from a public list, that report _also_ contained the person's name and email address.
Powered by blists - more mailing lists