[gdpr-discuss] Git and the Right for Rectification
Ian Jackson
ijackson at chiark.greenend.org.uk
Fri May 25 11:03:15 BST 2018
Elias Aarnio writes ("Re: [gdpr-discuss] Git and the Right for Rectification"):
> Personal information like name and email address are needed for
> identifying the person who is contributing the IPR. This is a legitimate
> interest mentioned recital 47 of GDPR.
>
> From this point of view IMHO one could argue that as the information has
> been accurate at the time of the act of committing (and simultaneously
> accepting the conditions mentioned in the copyleft license used),
> keeping the information intact is also possible.
I would avoid the word IPR, but, I broadly agree with this analysis.
There are also code integrity (assurance and security) reasons for not
wanting to routinely rebase, and for wanting to permanently document
the identities of contributors.
The application of these kind of tests is a matter of judgement and
balance, and we don't know what a court would say. Until we know the
contrary I would rely on these justifications for git histories.
However, I do think we need to:
* Fix it so that you don't have to list all the old names in the
.mailmap file. GDPR (and European privacy law in general) is
context sensitive, so while it can be justifiable to retain the old
address in the history, it is not justifiable to make it so
prominent.
* Routinely accede to requests to pseudonymise contributions,
by adding to the mailmap something like
<hash of name and email> Past contributor #332
Ian.
More information about the gdpr-discuss
mailing list