PSA: Do not use "Reported-By" without reporter's approval

PSA: Do not use "Reported-By" without reporter's approval

[Konstantin Ryabitsev]

Hello, all:

It is common courtesy to include this tagline when submitting patches: 

Reported-By: J. Doe <jdoe@example.com>

Please ask the reporter's permission before doing so (even if they'd 
submitted a public bugzilla report or sent a report to the mailing 
list). They need to understand and agree that:

- their name and email address will become a permanent, non-excisable 
  part of the Linux Kernel git history
- their name and email address will be stored on multiple public 
  archival copies of the linux kernel mailing list, collected and 
  managed by different legal entities

With or without GDPR laws, this is something the reporter needs to be 
aware of and they need to be okay with it, as a matter of courtesy.

-K

Re: PSA: Do not use "Reported-By" without reporter's approval

[Joe Perches]

On Wed, 2019-05-22 at 15:30 -0400, Konstantin Ryabitsev wrote:
> Hello, all:
> 
> It is common courtesy to include this tagline when submitting patches: 
> 
> Reported-By: J. Doe <jdoe@example.com>
> 
> Please ask the reporter's permission before doing so (even if they'd 
> submitted a public bugzilla report or sent a report to the mailing 
> list).

I disagree with this.

If the report is public, and lists like vger are public,
then using a Reported-by: and/or a Link: are simply useful
history and tracking information.

Re: PSA: Do not use "Reported-By" without reporter's approval

[Konstantin Ryabitsev]

On Wed, May 22, 2019 at 12:45:06PM -0700, Joe Perches wrote:
>> It is common courtesy to include this tagline when submitting 
>> patches:
>>
>> Reported-By: J. Doe <jdoe@example.com>
>>
>> Please ask the reporter's permission before doing so (even if they'd
>> submitted a public bugzilla report or sent a report to the mailing
>> list).
>
>I disagree with this.
>
>If the report is public, and lists like vger are public,
>then using a Reported-by: and/or a Link: are simply useful
>history and tracking information.

I'm perfectly fine with Link:, however Reported-By: usually has the 
person's name and email address (i.e. PII data per GDPR definition). If 
that person submitted the bug report via bugzilla.kernel.org or a 
similar resource, their expectation is that they can delete their 
account should they choose to to do so. However, if the patch containing 
Reported-By is committed to git, their PII becomes permanently and 
immutably recorded for any reasonable meaning of the word "forever."

Now, I'm pretty sure that a request to rebase git history to edit a 
commit message would be considered "unreasonable" under GDPR provisions, 
but a) it still eats up valuable time handling such requests and b) it's 
a consequence reporters are not aware of when they submit bug reports.  
So, my request to ask for permission before using "Reported-By" is not 
coming from any legal position, but from the perspective of courtesy to 
people submitting those reports.

-K

Re: PSA: Do not use "Reported-By" without reporter's approval

[Joe Perches]

On Wed, 2019-05-22 at 15:58 -0400, Konstantin Ryabitsev wrote:
> On Wed, May 22, 2019 at 12:45:06PM -0700, Joe Perches wrote:
> > > It is common courtesy to include this tagline when submitting 
> > > patches:
> > > 
> > > Reported-By: J. Doe <jdoe@example.com>
> > > 
> > > Please ask the reporter's permission before doing so (even if they'd
> > > submitted a public bugzilla report or sent a report to the mailing
> > > list).
> > 
> > I disagree with this.
> > 
> > If the report is public, and lists like vger are public,
> > then using a Reported-by: and/or a Link: are simply useful
> > history and tracking information.
> 
> I'm perfectly fine with Link:, however Reported-By: usually has the 
> person's name and email address (i.e. PII data per GDPR definition).

So?

Like I wrote, if that report came from a public list, that
report _also_ contained the person's name and email address.

Re: PSA: Do not use "Reported-By" without reporter's approval

[Bhaskar Chowdhury]

[-- Attachment #1: Type: text/plain, Size: 817 bytes --]

Make sense Kai!

On 15:30 Wed 22 May , Konstantin Ryabitsev wrote:
>Hello, all:
>
>It is common courtesy to include this tagline when submitting patches:
>
>Reported-By: J. Doe <jdoe@example.com>
>
>Please ask the reporter's permission before doing so (even if they'd
>submitted a public bugzilla report or sent a report to the mailing
>list). They need to understand and agree that:
>
>- their name and email address will become a permanent, non-excisable
>  part of the Linux Kernel git history
>- their name and email address will be stored on multiple public
>  archival copies of the linux kernel mailing list, collected and
>  managed by different legal entities
>
>With or without GDPR laws, this is something the reporter needs to be
>aware of and they need to be okay with it, as a matter of courtesy.
>
>-K

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: PSA: Do not use "Reported-By" without reporter's approval

[Theodore Ts'o]

On Wed, May 22, 2019 at 03:58:04PM -0400, Konstantin Ryabitsev wrote:
> > If the report is public, and lists like vger are public,
> > then using a Reported-by: and/or a Link: are simply useful
> > history and tracking information.
> 
> I'm perfectly fine with Link:, however Reported-By: usually has the person's
> name and email address (i.e. PII data per GDPR definition). If that pehrson
> submitted the bug report via bugzilla.kernel.org or a similar resource,
> their expectation is that they can delete their account should they choose
> to to do so. However, if the patch containing Reported-By is committed to
> git, their PII becomes permanently and immutably recorded for any reasonable
> meaning of the word "forever."

Many (most?) bugzilla.kernel.org components result in e-mail getting
sent to vger.kernel.org mailing lists.  So even if they delete the
bugzilla account, there e-mail will be immortalized in lore.kernel.org
and their associated git repositories.

So perhaps a better approach is to put a warning alerting bug
reporters that submitting a bug means their e-mail will end up get
broadcasting in public mailing list archives and public git
repositories?

I assume distro engineers who are fixing bugs from their Distro
bugzillas which support non-public bugs already know that they
shouldn't be revealing their customers' identities.  But
realistically, while I agree it would be nice to ask people if they
don't mind being immortalized in git repositories, we should probably
warn people that when they submit a bug, or for that matter, send
e-mail to a kernel mailing list, they're going to be immortalized in a
git repository *already*.

						- Ted

Re: PSA: Do not use "Reported-By" without reporter's approval

[Konstantin Ryabitsev]

On Fri, May 24, 2019 at 12:57:08AM -0400, Theodore Ts'o wrote:
>> I'm perfectly fine with Link:, however Reported-By: usually has the 
>> person's
>> name and email address (i.e. PII data per GDPR definition). If that pehrson
>> submitted the bug report via bugzilla.kernel.org or a similar resource,
>> their expectation is that they can delete their account should they choose
>> to to do so. However, if the patch containing Reported-By is committed to
>> git, their PII becomes permanently and immutably recorded for any reasonable
>> meaning of the word "forever."
>
>Many (most?) bugzilla.kernel.org components result in e-mail getting
>sent to vger.kernel.org mailing lists.  So even if they delete the
>bugzilla account, there e-mail will be immortalized in lore.kernel.org
>and their associated git repositories.

I wouldn't say that most -- to my knowledge, it's only about 5-6 
components of the 50+. It's hard to tell how much that is by volume, 
though, because certainly not all components see much activity.

We *can* excise things on lore.kernel.org. It's a massive pain, since 
message archive is a git repository itself, so will need to be rebased, 
reindexed and remirrored -- but it *is* possible. On the other hand, 
once a commit makes it into the kernel's git tree, it becomes impossible 
to edit it without affecting the PGP integrity of all git tags following 
it. Since PGP signatures can be considered a core aspect of the git tree 
integrity, we can then argue that editing commit history of linux.git is 
unreasonable per GDPR's own guidelines. We can't make the same claim 
about lists on lore.kernel.org.

>So perhaps a better approach is to put a warning alerting bug
>reporters that submitting a bug means their e-mail will end up get
>broadcasting in public mailing list archives and public git
>repositories?

That's probably something we should do. I'll investigate it.

-K

Re: PSA: Do not use "Reported-By" without reporter's approval

[Joe Perches]

On Fri, 2019-05-24 at 08:54 -0400, Konstantin Ryabitsev wrote:
> On Fri, May 24, 2019 at 12:57:08AM -0400, Theodore Ts'o wrote:
> > > I'm perfectly fine with Link:, however Reported-By: usually has the 
> > > person's
> > > name and email address (i.e. PII data per GDPR definition). If that pehrson
> > > submitted the bug report via bugzilla.kernel.org or a similar resource,
> > > their expectation is that they can delete their account should they choose
> > > to to do so. However, if the patch containing Reported-By is committed to
> > > git, their PII becomes permanently and immutably recorded for any reasonable
> > > meaning of the word "forever."
> > 
> > Many (most?) bugzilla.kernel.org components result in e-mail getting
> > sent to vger.kernel.org mailing lists.  So even if they delete the
> > bugzilla account, there e-mail will be immortalized in lore.kernel.org
> > and their associated git repositories.
> 
> I wouldn't say that most -- to my knowledge, it's only about 5-6 
> components of the 50+. It's hard to tell how much that is by volume, 
> though, because certainly not all components see much activity.
> 
> We *can* excise things on lore.kernel.org. It's a massive pain, since 
> message archive is a git repository itself, so will need to be rebased, 
> reindexed and remirrored -- but it *is* possible.

It's likely not a worthwhile pain to self-inflict because
lore.kernel.org is not the only public vger mailing list archive.

https://lkml.org/
https://www.spinics.net/lists/kernel/
http://lkml.iu.edu/hypermail/linux/kernel/
https://marc.info/?l=linux-kernel

etc...