From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
To: Thorsten Leemhuis <linux@leemhuis.info>
Cc: Jonathan Corbet <corbet@lwn.net>,
workflows@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v1] docs: reminder to not expose potentially private email addresses
Date: Wed, 13 Nov 2024 12:26:19 +0200 [thread overview]
Message-ID: <20241113102619.GC29944@pendragon.ideasonboard.com> (raw)
In-Reply-To: <f5bc0639a20d6fac68062466d5e3dd0519588d08.1731486825.git.linux@leemhuis.info>
Hi Thorsten,
On Wed, Nov 13, 2024 at 09:35:03AM +0100, Thorsten Leemhuis wrote:
> Remind developers to not expose private email addresses, as some people
> become upset if their addresses end up in the lore archives or the Linux
> git tree.
>
> While at it, explicitly mention the dangers of our bugzilla instance
> here, as it makes it easy to forget that email addresses visible there
> are only shown to logged-in users.
>
> These are not a theoretical issues, as one maintainer mentioned that
> his employer received a EU GDPR (general data protection regulation)
> complaint after exposuring a email address used in bugzilla through a
> tag in a patch description.
>
> Signed-off-by: Thorsten Leemhuis <linux@leemhuis.info>
> ---
> Note: this triggers a few checkpatch.pl complaints that are irrelevant
> when when ti comes to changes like this.
>
> v1:
> - initial version
> ---
> Documentation/process/5.Posting.rst | 17 +++++++++---
> Documentation/process/submitting-patches.rst | 27 +++++++++++++++++---
> 2 files changed, 36 insertions(+), 8 deletions(-)
>
> diff --git a/Documentation/process/5.Posting.rst b/Documentation/process/5.Posting.rst
> index b3eff03ea2491c..1f6942948db349 100644
> --- a/Documentation/process/5.Posting.rst
> +++ b/Documentation/process/5.Posting.rst
> @@ -264,10 +264,19 @@ The tags in common use are:
> - Cc: the named person received a copy of the patch and had the
> opportunity to comment on it.
>
> -Be careful in the addition of tags to your patches, as only Cc: is appropriate
> -for addition without the explicit permission of the person named; using
> -Reported-by: is fine most of the time as well, but ask for permission if
> -the bug was reported in private.
> +Note, remember to respect other people's privacy when adding these tags:
> +
> + - Only specify email addresses, if owners explicitly permitted their use or
> + are fine with exposing them to the public based on previous actions found in
> + the lore archives. In practice you therefore often will be unable to hastily
> + specify addresses for users of bug trackers, as those usually do expose the
> + email addresses at all or only to logged in users. The latter is the case
> + for bugzilla.kernel.org, whose privacy policy explicitly states that 'your
> + email address will never be displayed to logged out users'.
> +
> + - Only Cc: is appropriate for addition without the explicit permission of the
Isn't Cc: as problematic as any other tag, is it ends up in both the git
history and the lore archive ?
> + person named; using Reported-by: is fine most of the time as well given the
> + above constraints, but ask for permission for bugs reported in private.
>
>
> Sending the patch
> diff --git a/Documentation/process/submitting-patches.rst b/Documentation/process/submitting-patches.rst
> index 1518bd57adab50..3373ba3025d6d8 100644
> --- a/Documentation/process/submitting-patches.rst
> +++ b/Documentation/process/submitting-patches.rst
> @@ -484,7 +484,9 @@ provided such comments, you may optionally add a ``Cc:`` tag to the patch.
> This is the only tag which might be added without an explicit action by the
> person it names - but it should indicate that this person was copied on the
> patch. This tag documents that potentially interested parties
> -have been included in the discussion.
> +have been included in the discussion. Note, ensure owners of email addresses
> +are fine with exposing their addresses in tags like this; see 'Privacy aspects
> +when using tags...' below for details.
>
> Co-developed-by: states that the patch was co-created by multiple developers;
> it is used to give attribution to co-authors (in addition to the author
> @@ -530,9 +532,10 @@ hopefully inspires them to help us again in the future. The tag is intended for
> bugs; please do not use it to credit feature requests. The tag should be
> followed by a Closes: tag pointing to the report, unless the report is not
> available on the web. The Link: tag can be used instead of Closes: if the patch
> -fixes a part of the issue(s) being reported. Please note that if the bug was
> -reported in private, then ask for permission first before using the Reported-by
> -tag.
> +fixes a part of the issue(s) being reported. Note, ensure owners of email
> +addresses are fine with exposing their addresses in tags like this; see
> +'Privacy aspects when using tags...' below for details. And if the bug was
> +reported in private, ask for permission first before using the Reported-by-tag.
>
> A Tested-by: tag indicates that the patch has been successfully tested (in
> some environment) by the person named. This tag informs maintainers that
> @@ -600,6 +603,22 @@ process nor the requirement to Cc: stable@vger.kernel.org on all stable
> patch candidates. For more information, please read
> Documentation/process/stable-kernel-rules.rst.
>
> +Privacy aspects when using tags like Cc:, Reported-by:, Tested-by:, ...
> +-----------------------------------------------------------------------
> +
> +Only specify email addresses, if owners explicitly permitted their use or
> +are fine with exposing them to the public based on previous actions found in
> +the lore archives. In practice you therefore often will be unable to blindly
> +specify addresses for users of bug trackers, as those usually do expose the
> +email addresses at all or only to logged in users. The latter is the case
> +for bugzilla.kernel.org, whose privacy policy explicitly states that 'your
> +email address will never be displayed to logged out users'.
> +
> +Furthermore note that only Cc: is appropriate for addition without the
> +explicit permission of the person named; using Reported-by: is fine most of
> +the time as well given the above constraints, but ask for permission for bugs
> +reported in private.
> +
> .. _the_canonical_patch_format:
>
> The canonical patch format
>
> base-commit: 623e5747c680d3854b6b9882d9907096bc63580d
--
Regards,
Laurent Pinchart
next prev parent reply other threads:[~2024-11-13 10:26 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-13 8:35 Thorsten Leemhuis
2024-11-13 10:26 ` Laurent Pinchart [this message]
2024-11-13 10:55 ` Thorsten Leemhuis
2024-11-13 10:59 ` Simona Vetter
2024-11-13 11:36 ` Laurent Pinchart
2024-11-13 13:11 ` Mauro Carvalho Chehab
2024-11-13 13:59 ` Geert Uytterhoeven
2024-11-13 11:40 ` Mauro Carvalho Chehab
2024-11-13 13:43 ` Thorsten Leemhuis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241113102619.GC29944@pendragon.ideasonboard.com \
--to=laurent.pinchart@ideasonboard.com \
--cc=corbet@lwn.net \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@leemhuis.info \
--cc=workflows@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox