2019-05-22 19:31:36

by Konstantin Ryabitsev

[permalink] [raw]
Subject: PSA: Do not use "Reported-By" without reporter's approval

Hello, all:

It is common courtesy to include this tagline when submitting patches:

Reported-By: J. Doe <[email protected]>

Please ask the reporter's permission before doing so (even if they'd
submitted a public bugzilla report or sent a report to the mailing
list). They need to understand and agree that:

- their name and email address will become a permanent, non-excisable
part of the Linux Kernel git history
- their name and email address will be stored on multiple public
archival copies of the linux kernel mailing list, collected and
managed by different legal entities

With or without GDPR laws, this is something the reporter needs to be
aware of and they need to be okay with it, as a matter of courtesy.

-K


2019-05-22 19:46:32

by Joe Perches

[permalink] [raw]
Subject: Re: PSA: Do not use "Reported-By" without reporter's approval

On Wed, 2019-05-22 at 15:30 -0400, Konstantin Ryabitsev wrote:
> Hello, all:
>
> It is common courtesy to include this tagline when submitting patches:
>
> Reported-By: J. Doe <[email protected]>
>
> Please ask the reporter's permission before doing so (even if they'd
> submitted a public bugzilla report or sent a report to the mailing
> list).

I disagree with this.

If the report is public, and lists like vger are public,
then using a Reported-by: and/or a Link: are simply useful
history and tracking information.


2019-05-22 19:59:53

by Konstantin Ryabitsev

[permalink] [raw]
Subject: Re: PSA: Do not use "Reported-By" without reporter's approval

On Wed, May 22, 2019 at 12:45:06PM -0700, Joe Perches wrote:
>> It is common courtesy to include this tagline when submitting
>> patches:
>>
>> Reported-By: J. Doe <[email protected]>
>>
>> Please ask the reporter's permission before doing so (even if they'd
>> submitted a public bugzilla report or sent a report to the mailing
>> list).
>
>I disagree with this.
>
>If the report is public, and lists like vger are public,
>then using a Reported-by: and/or a Link: are simply useful
>history and tracking information.

I'm perfectly fine with Link:, however Reported-By: usually has the
person's name and email address (i.e. PII data per GDPR definition). If
that person submitted the bug report via bugzilla.kernel.org or a
similar resource, their expectation is that they can delete their
account should they choose to to do so. However, if the patch containing
Reported-By is committed to git, their PII becomes permanently and
immutably recorded for any reasonable meaning of the word "forever."

Now, I'm pretty sure that a request to rebase git history to edit a
commit message would be considered "unreasonable" under GDPR provisions,
but a) it still eats up valuable time handling such requests and b) it's
a consequence reporters are not aware of when they submit bug reports.
So, my request to ask for permission before using "Reported-By" is not
coming from any legal position, but from the perspective of courtesy to
people submitting those reports.

-K

2019-05-22 20:03:43

by Joe Perches

[permalink] [raw]
Subject: Re: PSA: Do not use "Reported-By" without reporter's approval

On Wed, 2019-05-22 at 15:58 -0400, Konstantin Ryabitsev wrote:
> On Wed, May 22, 2019 at 12:45:06PM -0700, Joe Perches wrote:
> > > It is common courtesy to include this tagline when submitting
> > > patches:
> > >
> > > Reported-By: J. Doe <[email protected]>
> > >
> > > Please ask the reporter's permission before doing so (even if they'd
> > > submitted a public bugzilla report or sent a report to the mailing
> > > list).
> >
> > I disagree with this.
> >
> > If the report is public, and lists like vger are public,
> > then using a Reported-by: and/or a Link: are simply useful
> > history and tracking information.
>
> I'm perfectly fine with Link:, however Reported-By: usually has the
> person's name and email address (i.e. PII data per GDPR definition).

So?

Like I wrote, if that report came from a public list, that
report _also_ contained the person's name and email address.


2019-05-23 05:56:49

by Bhaskar Chowdhury

[permalink] [raw]
Subject: Re: PSA: Do not use "Reported-By" without reporter's approval

Make sense Kai!

On 15:30 Wed 22 May , Konstantin Ryabitsev wrote:
>Hello, all:
>
>It is common courtesy to include this tagline when submitting patches:
>
>Reported-By: J. Doe <[email protected]>
>
>Please ask the reporter's permission before doing so (even if they'd
>submitted a public bugzilla report or sent a report to the mailing
>list). They need to understand and agree that:
>
>- their name and email address will become a permanent, non-excisable
> part of the Linux Kernel git history
>- their name and email address will be stored on multiple public
> archival copies of the linux kernel mailing list, collected and
> managed by different legal entities
>
>With or without GDPR laws, this is something the reporter needs to be
>aware of and they need to be okay with it, as a matter of courtesy.
>
>-K


Attachments:
(No filename) (840.00 B)
signature.asc (499.00 B)
Download all attachments

2019-05-24 04:59:19

by Theodore Ts'o

[permalink] [raw]
Subject: Re: PSA: Do not use "Reported-By" without reporter's approval

On Wed, May 22, 2019 at 03:58:04PM -0400, Konstantin Ryabitsev wrote:
> > If the report is public, and lists like vger are public,
> > then using a Reported-by: and/or a Link: are simply useful
> > history and tracking information.
>
> I'm perfectly fine with Link:, however Reported-By: usually has the person's
> name and email address (i.e. PII data per GDPR definition). If that pehrson
> submitted the bug report via bugzilla.kernel.org or a similar resource,
> their expectation is that they can delete their account should they choose
> to to do so. However, if the patch containing Reported-By is committed to
> git, their PII becomes permanently and immutably recorded for any reasonable
> meaning of the word "forever."

Many (most?) bugzilla.kernel.org components result in e-mail getting
sent to vger.kernel.org mailing lists. So even if they delete the
bugzilla account, there e-mail will be immortalized in lore.kernel.org
and their associated git repositories.

So perhaps a better approach is to put a warning alerting bug
reporters that submitting a bug means their e-mail will end up get
broadcasting in public mailing list archives and public git
repositories?

I assume distro engineers who are fixing bugs from their Distro
bugzillas which support non-public bugs already know that they
shouldn't be revealing their customers' identities. But
realistically, while I agree it would be nice to ask people if they
don't mind being immortalized in git repositories, we should probably
warn people that when they submit a bug, or for that matter, send
e-mail to a kernel mailing list, they're going to be immortalized in a
git repository *already*.

- Ted

2019-05-24 12:55:34

by Konstantin Ryabitsev

[permalink] [raw]
Subject: Re: PSA: Do not use "Reported-By" without reporter's approval

On Fri, May 24, 2019 at 12:57:08AM -0400, Theodore Ts'o wrote:
>> I'm perfectly fine with Link:, however Reported-By: usually has the
>> person's
>> name and email address (i.e. PII data per GDPR definition). If that pehrson
>> submitted the bug report via bugzilla.kernel.org or a similar resource,
>> their expectation is that they can delete their account should they choose
>> to to do so. However, if the patch containing Reported-By is committed to
>> git, their PII becomes permanently and immutably recorded for any reasonable
>> meaning of the word "forever."
>
>Many (most?) bugzilla.kernel.org components result in e-mail getting
>sent to vger.kernel.org mailing lists. So even if they delete the
>bugzilla account, there e-mail will be immortalized in lore.kernel.org
>and their associated git repositories.

I wouldn't say that most -- to my knowledge, it's only about 5-6
components of the 50+. It's hard to tell how much that is by volume,
though, because certainly not all components see much activity.

We *can* excise things on lore.kernel.org. It's a massive pain, since
message archive is a git repository itself, so will need to be rebased,
reindexed and remirrored -- but it *is* possible. On the other hand,
once a commit makes it into the kernel's git tree, it becomes impossible
to edit it without affecting the PGP integrity of all git tags following
it. Since PGP signatures can be considered a core aspect of the git tree
integrity, we can then argue that editing commit history of linux.git is
unreasonable per GDPR's own guidelines. We can't make the same claim
about lists on lore.kernel.org.

>So perhaps a better approach is to put a warning alerting bug
>reporters that submitting a bug means their e-mail will end up get
>broadcasting in public mailing list archives and public git
>repositories?

That's probably something we should do. I'll investigate it.

-K

2019-05-24 15:09:07

by Joe Perches

[permalink] [raw]
Subject: Re: PSA: Do not use "Reported-By" without reporter's approval

On Fri, 2019-05-24 at 08:54 -0400, Konstantin Ryabitsev wrote:
> On Fri, May 24, 2019 at 12:57:08AM -0400, Theodore Ts'o wrote:
> > > I'm perfectly fine with Link:, however Reported-By: usually has the
> > > person's
> > > name and email address (i.e. PII data per GDPR definition). If that pehrson
> > > submitted the bug report via bugzilla.kernel.org or a similar resource,
> > > their expectation is that they can delete their account should they choose
> > > to to do so. However, if the patch containing Reported-By is committed to
> > > git, their PII becomes permanently and immutably recorded for any reasonable
> > > meaning of the word "forever."
> >
> > Many (most?) bugzilla.kernel.org components result in e-mail getting
> > sent to vger.kernel.org mailing lists. So even if they delete the
> > bugzilla account, there e-mail will be immortalized in lore.kernel.org
> > and their associated git repositories.
>
> I wouldn't say that most -- to my knowledge, it's only about 5-6
> components of the 50+. It's hard to tell how much that is by volume,
> though, because certainly not all components see much activity.
>
> We *can* excise things on lore.kernel.org. It's a massive pain, since
> message archive is a git repository itself, so will need to be rebased,
> reindexed and remirrored -- but it *is* possible.

It's likely not a worthwhile pain to self-inflict because
lore.kernel.org is not the only public vger mailing list archive.

https://lkml.org/
https://www.spinics.net/lists/kernel/
http://lkml.iu.edu/hypermail/linux/kernel/
https://marc.info/?l=linux-kernel

etc...