Re: PSA: Do not use "Reported-By" without reporter's approval

From: Konstantin Ryabitsev
Date: Wed May 22 2019 - 16:00:56 EST


On Wed, May 22, 2019 at 12:45:06PM -0700, Joe Perches wrote:
It is common courtesy to include this tagline when submitting patches:

Reported-By: J. Doe <jdoe@xxxxxxxxxxx>

Please ask the reporter's permission before doing so (even if they'd
submitted a public bugzilla report or sent a report to the mailing
list).

I disagree with this.

If the report is public, and lists like vger are public,
then using a Reported-by: and/or a Link: are simply useful
history and tracking information.

I'm perfectly fine with Link:, however Reported-By: usually has the person's name and email address (i.e. PII data per GDPR definition). If that person submitted the bug report via bugzilla.kernel.org or a similar resource, their expectation is that they can delete their account should they choose to to do so. However, if the patch containing Reported-By is committed to git, their PII becomes permanently and immutably recorded for any reasonable meaning of the word "forever."

Now, I'm pretty sure that a request to rebase git history to edit a commit message would be considered "unreasonable" under GDPR provisions, but a) it still eats up valuable time handling such requests and b) it's a consequence reporters are not aware of when they submit bug reports. So, my request to ask for permission before using "Reported-By" is not coming from any legal position, but from the perspective of courtesy to people submitting those reports.

-K