lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190524125402.GA616@chatter.i7.local>
Date:   Fri, 24 May 2019 08:54:02 -0400
From:   Konstantin Ryabitsev <konstantin@...uxfoundation.org>
To:     Theodore Ts'o <tytso@....edu>, Joe Perches <joe@...ches.com>,
        linux-kernel@...r.kernel.org
Subject: Re: PSA: Do not use "Reported-By" without reporter's approval

On Fri, May 24, 2019 at 12:57:08AM -0400, Theodore Ts'o wrote:
>> I'm perfectly fine with Link:, however Reported-By: usually has the 
>> person's
>> name and email address (i.e. PII data per GDPR definition). If that pehrson
>> submitted the bug report via bugzilla.kernel.org or a similar resource,
>> their expectation is that they can delete their account should they choose
>> to to do so. However, if the patch containing Reported-By is committed to
>> git, their PII becomes permanently and immutably recorded for any reasonable
>> meaning of the word "forever."
>
>Many (most?) bugzilla.kernel.org components result in e-mail getting
>sent to vger.kernel.org mailing lists.  So even if they delete the
>bugzilla account, there e-mail will be immortalized in lore.kernel.org
>and their associated git repositories.

I wouldn't say that most -- to my knowledge, it's only about 5-6 
components of the 50+. It's hard to tell how much that is by volume, 
though, because certainly not all components see much activity.

We *can* excise things on lore.kernel.org. It's a massive pain, since 
message archive is a git repository itself, so will need to be rebased, 
reindexed and remirrored -- but it *is* possible. On the other hand, 
once a commit makes it into the kernel's git tree, it becomes impossible 
to edit it without affecting the PGP integrity of all git tags following 
it. Since PGP signatures can be considered a core aspect of the git tree 
integrity, we can then argue that editing commit history of linux.git is 
unreasonable per GDPR's own guidelines. We can't make the same claim 
about lists on lore.kernel.org.

>So perhaps a better approach is to put a warning alerting bug
>reporters that submitting a bug means their e-mail will end up get
>broadcasting in public mailing list archives and public git
>repositories?

That's probably something we should do. I'll investigate it.

-K

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ