PSA: Do not use "Reported-By" without reporter's approval

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* PSA: Do not use "Reported-By" without reporter's approval
@ 2019-05-22 19:30 Konstantin Ryabitsev
  2019-05-22 19:45 ` Joe Perches
  2019-05-23  5:53 ` Bhaskar Chowdhury
  0 siblings, 2 replies; 8+ messages in thread
From: Konstantin Ryabitsev @ 2019-05-22 19:30 UTC (permalink / raw)
  To: linux-kernel

Hello, all:

It is common courtesy to include this tagline when submitting patches: 

Reported-By: J. Doe <jdoe@example.com>

Please ask the reporter's permission before doing so (even if they'd 
submitted a public bugzilla report or sent a report to the mailing 
list). They need to understand and agree that:

- their name and email address will become a permanent, non-excisable 
  part of the Linux Kernel git history
- their name and email address will be stored on multiple public 
  archival copies of the linux kernel mailing list, collected and 
  managed by different legal entities

With or without GDPR laws, this is something the reporter needs to be 
aware of and they need to be okay with it, as a matter of courtesy.

-K

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: PSA: Do not use "Reported-By" without reporter's approval
  2019-05-22 19:30 PSA: Do not use "Reported-By" without reporter's approval Konstantin Ryabitsev
@ 2019-05-22 19:45 ` Joe Perches
  2019-05-22 19:58   ` Konstantin Ryabitsev
  2019-05-23  5:53 ` Bhaskar Chowdhury
  1 sibling, 1 reply; 8+ messages in thread
From: Joe Perches @ 2019-05-22 19:45 UTC (permalink / raw)
  To: Konstantin Ryabitsev, linux-kernel

On Wed, 2019-05-22 at 15:30 -0400, Konstantin Ryabitsev wrote:
> Hello, all:
> 
> It is common courtesy to include this tagline when submitting patches: 
> 
> Reported-By: J. Doe <jdoe@example.com>
> 
> Please ask the reporter's permission before doing so (even if they'd 
> submitted a public bugzilla report or sent a report to the mailing 
> list).

I disagree with this.

If the report is public, and lists like vger are public,
then using a Reported-by: and/or a Link: are simply useful
history and tracking information.



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: PSA: Do not use "Reported-By" without reporter's approval
  2019-05-22 19:45 ` Joe Perches
@ 2019-05-22 19:58   ` Konstantin Ryabitsev
  2019-05-22 20:00     ` Joe Perches
  2019-05-24  4:57     ` Theodore Ts'o
  0 siblings, 2 replies; 8+ messages in thread
From: Konstantin Ryabitsev @ 2019-05-22 19:58 UTC (permalink / raw)
  To: Joe Perches; +Cc: linux-kernel

On Wed, May 22, 2019 at 12:45:06PM -0700, Joe Perches wrote:
>> It is common courtesy to include this tagline when submitting 
>> patches:
>>
>> Reported-By: J. Doe <jdoe@example.com>
>>
>> Please ask the reporter's permission before doing so (even if they'd
>> submitted a public bugzilla report or sent a report to the mailing
>> list).
>
>I disagree with this.
>
>If the report is public, and lists like vger are public,
>then using a Reported-by: and/or a Link: are simply useful
>history and tracking information.

I'm perfectly fine with Link:, however Reported-By: usually has the 
person's name and email address (i.e. PII data per GDPR definition). If 
that person submitted the bug report via bugzilla.kernel.org or a 
similar resource, their expectation is that they can delete their 
account should they choose to to do so. However, if the patch containing 
Reported-By is committed to git, their PII becomes permanently and 
immutably recorded for any reasonable meaning of the word "forever."

Now, I'm pretty sure that a request to rebase git history to edit a 
commit message would be considered "unreasonable" under GDPR provisions, 
but a) it still eats up valuable time handling such requests and b) it's 
a consequence reporters are not aware of when they submit bug reports.  
So, my request to ask for permission before using "Reported-By" is not 
coming from any legal position, but from the perspective of courtesy to 
people submitting those reports.

-K

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: PSA: Do not use "Reported-By" without reporter's approval
  2019-05-22 19:58   ` Konstantin Ryabitsev
@ 2019-05-22 20:00     ` Joe Perches
  2019-05-24  4:57     ` Theodore Ts'o
  1 sibling, 0 replies; 8+ messages in thread
From: Joe Perches @ 2019-05-22 20:00 UTC (permalink / raw)
  To: Konstantin Ryabitsev; +Cc: linux-kernel

On Wed, 2019-05-22 at 15:58 -0400, Konstantin Ryabitsev wrote:
> On Wed, May 22, 2019 at 12:45:06PM -0700, Joe Perches wrote:
> > > It is common courtesy to include this tagline when submitting 
> > > patches:
> > > 
> > > Reported-By: J. Doe <jdoe@example.com>
> > > 
> > > Please ask the reporter's permission before doing so (even if they'd
> > > submitted a public bugzilla report or sent a report to the mailing
> > > list).
> > 
> > I disagree with this.
> > 
> > If the report is public, and lists like vger are public,
> > then using a Reported-by: and/or a Link: are simply useful
> > history and tracking information.
> 
> I'm perfectly fine with Link:, however Reported-By: usually has the 
> person's name and email address (i.e. PII data per GDPR definition).

So?

Like I wrote, if that report came from a public list, that
report _also_ contained the person's name and email address.



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: PSA: Do not use "Reported-By" without reporter's approval
  2019-05-22 19:58   ` Konstantin Ryabitsev
  2019-05-22 20:00     ` Joe Perches
@ 2019-05-24  4:57     ` Theodore Ts'o
  2019-05-24 12:54       ` Konstantin Ryabitsev
  1 sibling, 1 reply; 8+ messages in thread
From: Theodore Ts'o @ 2019-05-24  4:57 UTC (permalink / raw)
  To: Konstantin Ryabitsev; +Cc: Joe Perches, linux-kernel

On Wed, May 22, 2019 at 03:58:04PM -0400, Konstantin Ryabitsev wrote:
> > If the report is public, and lists like vger are public,
> > then using a Reported-by: and/or a Link: are simply useful
> > history and tracking information.
> 
> I'm perfectly fine with Link:, however Reported-By: usually has the person's
> name and email address (i.e. PII data per GDPR definition). If that pehrson
> submitted the bug report via bugzilla.kernel.org or a similar resource,
> their expectation is that they can delete their account should they choose
> to to do so. However, if the patch containing Reported-By is committed to
> git, their PII becomes permanently and immutably recorded for any reasonable
> meaning of the word "forever."

Many (most?) bugzilla.kernel.org components result in e-mail getting
sent to vger.kernel.org mailing lists.  So even if they delete the
bugzilla account, there e-mail will be immortalized in lore.kernel.org
and their associated git repositories.

So perhaps a better approach is to put a warning alerting bug
reporters that submitting a bug means their e-mail will end up get
broadcasting in public mailing list archives and public git
repositories?

I assume distro engineers who are fixing bugs from their Distro
bugzillas which support non-public bugs already know that they
shouldn't be revealing their customers' identities.  But
realistically, while I agree it would be nice to ask people if they
don't mind being immortalized in git repositories, we should probably
warn people that when they submit a bug, or for that matter, send
e-mail to a kernel mailing list, they're going to be immortalized in a
git repository *already*.

						- Ted

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: PSA: Do not use "Reported-By" without reporter's approval
  2019-05-24  4:57     ` Theodore Ts'o
@ 2019-05-24 12:54       ` Konstantin Ryabitsev
  2019-05-24 15:06         ` Joe Perches
  0 siblings, 1 reply; 8+ messages in thread
From: Konstantin Ryabitsev @ 2019-05-24 12:54 UTC (permalink / raw)
  To: Theodore Ts'o, Joe Perches, linux-kernel

On Fri, May 24, 2019 at 12:57:08AM -0400, Theodore Ts'o wrote:
>> I'm perfectly fine with Link:, however Reported-By: usually has the 
>> person's
>> name and email address (i.e. PII data per GDPR definition). If that pehrson
>> submitted the bug report via bugzilla.kernel.org or a similar resource,
>> their expectation is that they can delete their account should they choose
>> to to do so. However, if the patch containing Reported-By is committed to
>> git, their PII becomes permanently and immutably recorded for any reasonable
>> meaning of the word "forever."
>
>Many (most?) bugzilla.kernel.org components result in e-mail getting
>sent to vger.kernel.org mailing lists.  So even if they delete the
>bugzilla account, there e-mail will be immortalized in lore.kernel.org
>and their associated git repositories.

I wouldn't say that most -- to my knowledge, it's only about 5-6 
components of the 50+. It's hard to tell how much that is by volume, 
though, because certainly not all components see much activity.

We *can* excise things on lore.kernel.org. It's a massive pain, since 
message archive is a git repository itself, so will need to be rebased, 
reindexed and remirrored -- but it *is* possible. On the other hand, 
once a commit makes it into the kernel's git tree, it becomes impossible 
to edit it without affecting the PGP integrity of all git tags following 
it. Since PGP signatures can be considered a core aspect of the git tree 
integrity, we can then argue that editing commit history of linux.git is 
unreasonable per GDPR's own guidelines. We can't make the same claim 
about lists on lore.kernel.org.

>So perhaps a better approach is to put a warning alerting bug
>reporters that submitting a bug means their e-mail will end up get
>broadcasting in public mailing list archives and public git
>repositories?

That's probably something we should do. I'll investigate it.

-K

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: PSA: Do not use "Reported-By" without reporter's approval
  2019-05-24 12:54       ` Konstantin Ryabitsev
@ 2019-05-24 15:06         ` Joe Perches
  0 siblings, 0 replies; 8+ messages in thread
From: Joe Perches @ 2019-05-24 15:06 UTC (permalink / raw)
  To: Konstantin Ryabitsev, Theodore Ts'o, linux-kernel

On Fri, 2019-05-24 at 08:54 -0400, Konstantin Ryabitsev wrote:
> On Fri, May 24, 2019 at 12:57:08AM -0400, Theodore Ts'o wrote:
> > > I'm perfectly fine with Link:, however Reported-By: usually has the 
> > > person's
> > > name and email address (i.e. PII data per GDPR definition). If that pehrson
> > > submitted the bug report via bugzilla.kernel.org or a similar resource,
> > > their expectation is that they can delete their account should they choose
> > > to to do so. However, if the patch containing Reported-By is committed to
> > > git, their PII becomes permanently and immutably recorded for any reasonable
> > > meaning of the word "forever."
> > 
> > Many (most?) bugzilla.kernel.org components result in e-mail getting
> > sent to vger.kernel.org mailing lists.  So even if they delete the
> > bugzilla account, there e-mail will be immortalized in lore.kernel.org
> > and their associated git repositories.
> 
> I wouldn't say that most -- to my knowledge, it's only about 5-6 
> components of the 50+. It's hard to tell how much that is by volume, 
> though, because certainly not all components see much activity.
> 
> We *can* excise things on lore.kernel.org. It's a massive pain, since 
> message archive is a git repository itself, so will need to be rebased, 
> reindexed and remirrored -- but it *is* possible.

It's likely not a worthwhile pain to self-inflict because
lore.kernel.org is not the only public vger mailing list archive.

https://lkml.org/
https://www.spinics.net/lists/kernel/
http://lkml.iu.edu/hypermail/linux/kernel/
https://marc.info/?l=linux-kernel

etc...



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: PSA: Do not use "Reported-By" without reporter's approval
  2019-05-22 19:30 PSA: Do not use "Reported-By" without reporter's approval Konstantin Ryabitsev
  2019-05-22 19:45 ` Joe Perches
@ 2019-05-23  5:53 ` Bhaskar Chowdhury
  1 sibling, 0 replies; 8+ messages in thread
From: Bhaskar Chowdhury @ 2019-05-23  5:53 UTC (permalink / raw)
  To: Konstantin Ryabitsev; +Cc: linux-kernel

[-- Attachment #1: Type: text/plain, Size: 817 bytes --]

Make sense Kai!

On 15:30 Wed 22 May , Konstantin Ryabitsev wrote:
>Hello, all:
>
>It is common courtesy to include this tagline when submitting patches:
>
>Reported-By: J. Doe <jdoe@example.com>
>
>Please ask the reporter's permission before doing so (even if they'd
>submitted a public bugzilla report or sent a report to the mailing
>list). They need to understand and agree that:
>
>- their name and email address will become a permanent, non-excisable
>  part of the Linux Kernel git history
>- their name and email address will be stored on multiple public
>  archival copies of the linux kernel mailing list, collected and
>  managed by different legal entities
>
>With or without GDPR laws, this is something the reporter needs to be
>aware of and they need to be okay with it, as a matter of courtesy.
>
>-K

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2019-05-24 15:06 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-05-22 19:30 PSA: Do not use "Reported-By" without reporter's approval Konstantin Ryabitsev
2019-05-22 19:45 ` Joe Perches
2019-05-22 19:58   ` Konstantin Ryabitsev
2019-05-22 20:00     ` Joe Perches
2019-05-24  4:57     ` Theodore Ts'o
2019-05-24 12:54       ` Konstantin Ryabitsev
2019-05-24 15:06         ` Joe Perches
2019-05-23  5:53 ` Bhaskar Chowdhury

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox