[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A note from GitHub about your repository
- To: Kurt Seifried <kurt@seifried.org>
- Subject: Re: A note from GitHub about your repository
- From: Mark J Cox <mjc@redhat.com>
- Date: Thu, 11 Oct 2018 08:28:51 +0100
- Authentication-results: spf=fail (sender IP is 192.52.194.235) smtp.mailfrom=redhat.com; imc.mitre.org; dkim=none (message not signed) header.d=none;imc.mitre.org; dmarc=fail action=none header.from=redhat.com;
- Cc: Lisa Olson <elolson@microsoft.com>, CVE Editorial Board Discussion <cve-editorial-board-list@mitre.org>
- Delivery-date: Thu Oct 11 07:48:02 2018
- In-reply-to: <CABqVa3_BQDZPcVCbF0TYQ=QAma_nMtCjdDjK=WD-pu78mtz_0g@mail.gmail.com>
- References: <discussions/2f1b8ac0c56511e894cb05b41a397422/comments/5400971@github.com> <CABqVa3_n8gjtLYCQCnv=xw_bXGu842=8=oD+mWF+NFDN0J3g=A@mail.gmail.com> <CABqVa3-3Fiy+XJoTf+X14-Br6j0ebWAsqjpJqRQupe0MjwXObw@mail.gmail.com> <discussions/2f1b8ac0c56511e894cb05b41a397422/comments/5431634@github.com> <CABqVa3-YrMWNcYo2-MyRhh-US7KJDLode1C+1f-1US=OofWZ1A@mail.gmail.com> <MW2PR2101MB1051392FEC7B29269585E374B9E00@MW2PR2101MB1051.namprd21.prod.outlook.com> <CABqVa3_BQDZPcVCbF0TYQ=QAma_nMtCjdDjK=WD-pu78mtz_0g@mail.gmail.com>
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
The artifact in question is their agreement with the CVE terms of use: https://github.com/distributedweaknessfiling/DWF-Legal-Acceptance/blob/master/Terms-Of-Use/lpu%40protonmail.ch
My intepretation of their request differs to yours -- if they are invoking GDPR to have that entry removed then remove that entry[*], there doesn't seem to be any reason why their acceptance of terms email needs to be public as long as DWF have a copy. Them asking for removal of their personal data from the public doesn't mean they've revoked their acceptance of those terms or you should alter any CVE they've filed. This wouldn't in my mind trigger any of the clauses for why you'd be able to reject the "right to forget".
What happens if I withdraw my consent for cve-assign@distributedweaknessfiling.org?
Well, that wouldn't be defined as personal information under GDPR (and you're not an EU citizen).
This is a major problem that we need to actually solve in some way. Part of it will be finding providers that are "Safe".
Dealing with GDPR requests will be the same no matter where you store DWF. Some providers might just not have figured out their process for handling them yet.
Mark[* "remove" has some interesting side effects in Git, depending on if Github want you to rewrite history so it never happened (bleh!) or just commit a removal (so it's actually still in the history)]
- Follow-Ups:
- Re: A note from GitHub about your repository
- From: Kurt Seifried <kurt@seifried.org>
- Re: A note from GitHub about your repository
- References:
- Re: A note from GitHub about your repository
- From: Kurt Seifried <kurt@seifried.org>
- Re: A note from GitHub about your repository
- From: Kurt Seifried <kurt@seifried.org>
- Re: A note from GitHub about your repository
- From: Kurt Seifried <kurt@seifried.org>
- RE: A note from GitHub about your repository
- From: Lisa Olson <elolson@microsoft.com>
- Re: A note from GitHub about your repository
- From: Kurt Seifried <kurt@seifried.org>
- Re: A note from GitHub about your repository
- Prev by Date: Re: A note from GitHub about your repository
- Next by Date: Re: A note from GitHub about your repository
- Previous by thread: Re: A note from GitHub about your repository
- Next by thread: Re: A note from GitHub about your repository
- Index(es):
