From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
To: Thorsten Leemhuis <linux@leemhuis.info>
Cc: Jonathan Corbet <corbet@lwn.net>,
workflows@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v1] docs: reminder to not expose potentially private email addresses
Date: Wed, 13 Nov 2024 12:26:19 +0200 [thread overview]
Message-ID: <20241113102619.GC29944@pendragon.ideasonboard.com> (raw)
In-Reply-To: <f5bc0639a20d6fac68062466d5e3dd0519588d08.1731486825.git.linux@leemhuis.info>
Hi Thorsten,
On Wed, Nov 13, 2024 at 09:35:03AM +0100, Thorsten Leemhuis wrote:
> Remind developers to not expose private email addresses, as some people
> become upset if their addresses end up in the lore archives or the Linux
> git tree.
>
> While at it, explicitly mention the dangers of our bugzilla instance
> here, as it makes it easy to forget that email addresses visible there
> are only shown to logged-in users.
>
> These are not a theoretical issues, as one maintainer mentioned that
> his employer received a EU GDPR (general data protection regulation)
> complaint after exposuring a email address used in bugzilla through a
> tag in a patch description.
>
> Signed-off-by: Thorsten Leemhuis <linux@leemhuis.info>
> ---
> Note: this triggers a few checkpatch.pl complaints that are irrelevant
> when when ti comes to changes like this.
>
> v1:
> - initial version
> ---
> Documentation/process/5.Posting.rst | 17 +++++++++---
> Documentation/process/submitting-patches.rst | 27 +++++++++++++++++---
> 2 files changed, 36 insertions(+), 8 deletions(-)
>
> diff --git a/Documentation/process/5.Posting.rst b/Documentation/process/5.Posting.rst
> index b3eff03ea2491c..1f6942948db349 100644
> --- a/Documentation/process/5.Posting.rst
> +++ b/Documentation/process/5.Posting.rst
> @@ -264,10 +264,19 @@ The tags in common use are:
> - Cc: the named person received a copy of the patch and had the
> opportunity to comment on it.
>
> -Be careful in the addition of tags to your patches, as only Cc: is appropriate
> -for addition without the explicit permission of the person named; using
> -Reported-by: is fine most of the time as well, but ask for permission if
> -the bug was reported in private.
> +Note, remember to respect other people's privacy when adding these tags:
> +
> + - Only specify email addresses, if owners explicitly permitted their use or
> + are fine with exposing them to the public based on previous actions found in
> + the lore archives. In practice you therefore often will be unable to hastily
> + specify addresses for users of bug trackers, as those usually do expose the
> + email addresses at all or only to logged in users. The latter is the case
> + for bugzilla.kernel.org, whose privacy policy explicitly states that 'your
> + email address will never be displayed to logged out users'.
> +
> + - Only Cc: is appropriate for addition without the explicit permission of the
Isn't Cc: as problematic as any other tag, is it ends up in both the git
history and the lore archive ?
> + person named; using Reported-by: is fine most of the time as well given the
> + above constraints, but ask for permission for bugs reported in private.
>
>
> Sending the patch
> diff --git a/Documentation/process/submitting-patches.rst b/Documentation/process/submitting-patches.rst
> index 1518bd57adab50..3373ba3025d6d8 100644
> --- a/Documentation/process/submitting-patches.rst
> +++ b/Documentation/process/submitting-patches.rst
> @@ -484,7 +484,9 @@ provided such comments, you may optionally add a ``Cc:`` tag to the patch.
> This is the only tag which might be added without an explicit action by the
> person it names - but it should indicate that this person was copied on the
> patch. This tag documents that potentially interested parties
> -have been included in the discussion.
> +have been included in the discussion. Note, ensure owners of email addresses
> +are fine with exposing their addresses in tags like this; see 'Privacy aspects
> +when using tags...' below for details.
>
> Co-developed-by: states that the patch was co-created by multiple developers;
> it is used to give attribution to co-authors (in addition to the author
> @@ -530,9 +532,10 @@ hopefully inspires them to help us again in the future. The tag is intended for
> bugs; please do not use it to credit feature requests. The tag should be
> followed by a Closes: tag pointing to the report, unless the report is not
> available on the web. The Link: tag can be used instead of Closes: if the patch
> -fixes a part of the issue(s) being reported. Please note that if the bug was
> -reported in private, then ask for permission first before using the Reported-by
> -tag.
> +fixes a part of the issue(s) being reported. Note, ensure owners of email
> +addresses are fine with exposing their addresses in tags like this; see
> +'Privacy aspects when using tags...' below for details. And if the bug was
> +reported in private, ask for permission first before using the Reported-by-tag.
>
> A Tested-by: tag indicates that the patch has been successfully tested (in
> some environment) by the person named. This tag informs maintainers that
> @@ -600,6 +603,22 @@ process nor the requirement to Cc: stable@vger.kernel.org on all stable
> patch candidates. For more information, please read
> Documentation/process/stable-kernel-rules.rst.
>
> +Privacy aspects when using tags like Cc:, Reported-by:, Tested-by:, ...
> +-----------------------------------------------------------------------
> +
> +Only specify email addresses, if owners explicitly permitted their use or
> +are fine with exposing them to the public based on previous actions found in
> +the lore archives. In practice you therefore often will be unable to blindly
> +specify addresses for users of bug trackers, as those usually do expose the
> +email addresses at all or only to logged in users. The latter is the case
> +for bugzilla.kernel.org, whose privacy policy explicitly states that 'your
> +email address will never be displayed to logged out users'.
> +
> +Furthermore note that only Cc: is appropriate for addition without the
> +explicit permission of the person named; using Reported-by: is fine most of
> +the time as well given the above constraints, but ask for permission for bugs
> +reported in private.
> +
> .. _the_canonical_patch_format:
>
> The canonical patch format
>
> base-commit: 623e5747c680d3854b6b9882d9907096bc63580d
--
Regards,
Laurent Pinchart
next prev parent reply other threads:[~2024-11-13 10:26 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-13 8:35 [PATCH v1] docs: reminder to not expose potentially private email addresses Thorsten Leemhuis
2024-11-13 10:26 ` Laurent Pinchart [this message]
2024-11-13 10:55 ` Thorsten Leemhuis
2024-11-13 10:59 ` Simona Vetter
2024-11-13 11:36 ` Laurent Pinchart
2024-11-13 13:11 ` Mauro Carvalho Chehab
2024-11-13 13:59 ` Geert Uytterhoeven
2024-11-13 11:40 ` Mauro Carvalho Chehab
2024-11-13 13:43 ` Thorsten Leemhuis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241113102619.GC29944@pendragon.ideasonboard.com \
--to=laurent.pinchart@ideasonboard.com \
--cc=corbet@lwn.net \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@leemhuis.info \
--cc=workflows@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.