FOSS accused of “abuse” by Telefonica because 1998 signed code with corp email
github.comLink is down, archive.org copy: https://web.archive.org/web/20230109174817/https://github.co...
Why did it get removed? This kind of thing needs to be left up as evidence of their incompetence and as a warning to others that would follow in their footsteps.
Sorry, I think this might tangentially be my fault. I know someone who works on the GitHub team and let them know about the situation via IM. A few minutes later both the account and the issue disappeared.
This is exactly the level of competence I'd expect from "Telefónica Cybersecurity & Cloud Tech". The following comment is a good rebuttal to these idiots: https://github.com/steve-m/speedport_neo_source/issues/1#iss...
Cesar Alierta wouldn't like your comment.
I don't think most big consultancies would like any of my comments!
The most stupid things are probably that:
- the employee might not even work there, so the email not being valid anymore, the security argument looks lame
- contributions were used to be done by email, so the email address will be public anyway
Streisand effect
This is flagging an email in an old version of OpenSSL.
The offending file is simply a DES speed benchmark submitted by this person: https://chromium.googlesource.com/chromium/deps/openssl/+/9c...
mr paco garcia about to get arrested
Can someone translate the title into English?
25 years ago someone put their corporate email address in some comments in the source code of this project. Now that company has outsourced their reputation to the lowest bidder, who is claiming that the address reveals secret or private information about the internal network of the corporation.
What does GDPR have to say here? Do maintainers have to rewrite git history if someone requests deleting their email from it?
This is a common scenario for trans people who want to keep their previous identities secret for safety reasons. Git does not handle committer name changes by design, but I certainly wish there was some way of handling this scenario somehow. It’s not clear to me how one would maintain project provenance while allowing this use case.
When I changed my name, I submitted a PR to change it in the CONTRIBUTORS file of a project I had fixed a bug for. The approver privately reached out to me and offered to coordinate a global history rewrite among the core devs on my behalf. I declined because I don’t have that sort of safety need, but I’m incredibly grateful that there are maintainers out there who would be willing to go out of their way for something like that to help a non-core dev out.
It's an interesting question. There are politically loaded repos and potentially someone may regret their contributions over a 20 year period. I don't see a valid exemption in the GDPR. The closest seem to be the personal activity exemption (subject could go after GitHub though) and public interest archiving, but I don't think the latter stands in the case of a public code repository.
But it's not the person. It's the corporation the person worked at the time. A company can't make a GDPR request on behalf of an ex-employee.
It looks to me like it's not even the corporation they worked for but an external corporation claiming to represent the corporation that the user worked for 25 years ago
Interpretation of some random person on the internet
I imagine this might fall under Art. 17 3. (Right to erasure), possibly (e) specifically.
> Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
> […]
> for the establishment, exercise or defence of legal claims.
> – https://gdpr-info.eu/art-17-gdpr/
Although I wonder how it works with Art. 16 (Right to rectification) which does not list such an exception.
I’m also not sure what constitutes a “personal activity” in Art. 2 2. (c) (Material scope), so it might just not apply depending on the project.
> This Regulation does not apply to the processing of personal data:
>[…]
> by a natural person in the course of a purely personal or household activity;
Also, what about “right to be forgotten”?