Re: PSA: Do not use "Reported-By" without reporter's approval
From: Konstantin Ryabitsev
Date: Wed May 22 2019 - 16:00:56 EST
On Wed, May 22, 2019 at 12:45:06PM -0700, Joe Perches wrote:
It is common courtesy to include this tagline when submitting
patches:
Reported-By: J. Doe <jdoe@xxxxxxxxxxx>
Please ask the reporter's permission before doing so (even if they'd
submitted a public bugzilla report or sent a report to the mailing
list).
I disagree with this.
If the report is public, and lists like vger are public,
then using a Reported-by: and/or a Link: are simply useful
history and tracking information.
I'm perfectly fine with Link:, however Reported-By: usually has the
person's name and email address (i.e. PII data per GDPR definition). If
that person submitted the bug report via bugzilla.kernel.org or a
similar resource, their expectation is that they can delete their
account should they choose to to do so. However, if the patch containing
Reported-By is committed to git, their PII becomes permanently and
immutably recorded for any reasonable meaning of the word "forever."
Now, I'm pretty sure that a request to rebase git history to edit a
commit message would be considered "unreasonable" under GDPR provisions,
but a) it still eats up valuable time handling such requests and b) it's
a consequence reporters are not aware of when they submit bug reports.
So, my request to ask for permission before using "Reported-By" is not
coming from any legal position, but from the perspective of courtesy to
people submitting those reports.
-K