LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
To: Theodore Ts'o <tytso@mit.edu>, Joe Perches <joe@perches.com>,
	linux-kernel@vger.kernel.org
Subject: Re: PSA: Do not use "Reported-By" without reporter's approval
Date: Fri, 24 May 2019 08:54:02 -0400	[thread overview]
Message-ID: <20190524125402.GA616@chatter.i7.local> (raw)
In-Reply-To: <20190524045708.GH2532@mit.edu>

On Fri, May 24, 2019 at 12:57:08AM -0400, Theodore Ts'o wrote:
>> I'm perfectly fine with Link:, however Reported-By: usually has the 
>> person's
>> name and email address (i.e. PII data per GDPR definition). If that pehrson
>> submitted the bug report via bugzilla.kernel.org or a similar resource,
>> their expectation is that they can delete their account should they choose
>> to to do so. However, if the patch containing Reported-By is committed to
>> git, their PII becomes permanently and immutably recorded for any reasonable
>> meaning of the word "forever."
>
>Many (most?) bugzilla.kernel.org components result in e-mail getting
>sent to vger.kernel.org mailing lists.  So even if they delete the
>bugzilla account, there e-mail will be immortalized in lore.kernel.org
>and their associated git repositories.

I wouldn't say that most -- to my knowledge, it's only about 5-6 
components of the 50+. It's hard to tell how much that is by volume, 
though, because certainly not all components see much activity.

We *can* excise things on lore.kernel.org. It's a massive pain, since 
message archive is a git repository itself, so will need to be rebased, 
reindexed and remirrored -- but it *is* possible. On the other hand, 
once a commit makes it into the kernel's git tree, it becomes impossible 
to edit it without affecting the PGP integrity of all git tags following 
it. Since PGP signatures can be considered a core aspect of the git tree 
integrity, we can then argue that editing commit history of linux.git is 
unreasonable per GDPR's own guidelines. We can't make the same claim 
about lists on lore.kernel.org.

>So perhaps a better approach is to put a warning alerting bug
>reporters that submitting a bug means their e-mail will end up get
>broadcasting in public mailing list archives and public git
>repositories?

That's probably something we should do. I'll investigate it.

-K

  reply	other threads:[~2019-05-24 12:54 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-22 19:30 Konstantin Ryabitsev
2019-05-22 19:45 ` Joe Perches
2019-05-22 19:58   ` Konstantin Ryabitsev
2019-05-22 20:00     ` Joe Perches
2019-05-24  4:57     ` Theodore Ts'o
2019-05-24 12:54       ` Konstantin Ryabitsev [this message]
2019-05-24 15:06         ` Joe Perches
2019-05-23  5:53 ` Bhaskar Chowdhury

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190524125402.GA616@chatter.i7.local \
    --to=konstantin@linuxfoundation.org \
    --cc=joe@perches.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tytso@mit.edu \
    --subject='Re: PSA: Do not use "Reported-By" without reporter'\''s approval' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).