Re: PSA: Do not use "Reported-By" without reporter's approval

From: Konstantin Ryabitsev
Date: Fri May 24 2019 - 08:57:07 EST


On Fri, May 24, 2019 at 12:57:08AM -0400, Theodore Ts'o wrote:
I'm perfectly fine with Link:, however Reported-By: usually has the person's
name and email address (i.e. PII data per GDPR definition). If that pehrson
submitted the bug report via bugzilla.kernel.org or a similar resource,
their expectation is that they can delete their account should they choose
to to do so. However, if the patch containing Reported-By is committed to
git, their PII becomes permanently and immutably recorded for any reasonable
meaning of the word "forever."

Many (most?) bugzilla.kernel.org components result in e-mail getting
sent to vger.kernel.org mailing lists. So even if they delete the
bugzilla account, there e-mail will be immortalized in lore.kernel.org
and their associated git repositories.

I wouldn't say that most -- to my knowledge, it's only about 5-6 components of the 50+. It's hard to tell how much that is by volume, though, because certainly not all components see much activity.

We *can* excise things on lore.kernel.org. It's a massive pain, since message archive is a git repository itself, so will need to be rebased, reindexed and remirrored -- but it *is* possible. On the other hand, once a commit makes it into the kernel's git tree, it becomes impossible to edit it without affecting the PGP integrity of all git tags following it. Since PGP signatures can be considered a core aspect of the git tree integrity, we can then argue that editing commit history of linux.git is unreasonable per GDPR's own guidelines. We can't make the same claim about lists on lore.kernel.org.

So perhaps a better approach is to put a warning alerting bug
reporters that submitting a bug means their e-mail will end up get
broadcasting in public mailing list archives and public git
repositories?

That's probably something we should do. I'll investigate it.

-K