[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190524125402.GA616@chatter.i7.local>
Date: Fri, 24 May 2019 08:54:02 -0400
From: Konstantin Ryabitsev <konstantin@...uxfoundation.org>
To: Theodore Ts'o <tytso@....edu>, Joe Perches <joe@...ches.com>,
linux-kernel@...r.kernel.org
Subject: Re: PSA: Do not use "Reported-By" without reporter's approval
On Fri, May 24, 2019 at 12:57:08AM -0400, Theodore Ts'o wrote:
>> I'm perfectly fine with Link:, however Reported-By: usually has the
>> person's
>> name and email address (i.e. PII data per GDPR definition). If that pehrson
>> submitted the bug report via bugzilla.kernel.org or a similar resource,
>> their expectation is that they can delete their account should they choose
>> to to do so. However, if the patch containing Reported-By is committed to
>> git, their PII becomes permanently and immutably recorded for any reasonable
>> meaning of the word "forever."
>
>Many (most?) bugzilla.kernel.org components result in e-mail getting
>sent to vger.kernel.org mailing lists. So even if they delete the
>bugzilla account, there e-mail will be immortalized in lore.kernel.org
>and their associated git repositories.
I wouldn't say that most -- to my knowledge, it's only about 5-6
components of the 50+. It's hard to tell how much that is by volume,
though, because certainly not all components see much activity.
We *can* excise things on lore.kernel.org. It's a massive pain, since
message archive is a git repository itself, so will need to be rebased,
reindexed and remirrored -- but it *is* possible. On the other hand,
once a commit makes it into the kernel's git tree, it becomes impossible
to edit it without affecting the PGP integrity of all git tags following
it. Since PGP signatures can be considered a core aspect of the git tree
integrity, we can then argue that editing commit history of linux.git is
unreasonable per GDPR's own guidelines. We can't make the same claim
about lists on lore.kernel.org.
>So perhaps a better approach is to put a warning alerting bug
>reporters that submitting a bug means their e-mail will end up get
>broadcasting in public mailing list archives and public git
>repositories?
That's probably something we should do. I'll investigate it.
-K
Powered by blists - more mailing lists