On Fri, Aug 19, 2022 at 1:08 PM Ben Cotton <bcot...@redhat.com> wrote:
> On Fri, Aug 19, 2022 at 2:46 AM Merlin Cooper > <mxanthropoc...@outlook.com> wrote: > > > > I like this policy, but it strikes me as odd that the packagers' email > > addresses are posted publicly on the Pagure tickets... Wouldn't that > > make it easier for spammers to get more email addresses? > > The script has a flag I can use in the future which (I believe) will > mask the addresses in the tickets. I didn't use it this time because > email addresses are already displayed all over the place. If a spammer > gets an email address from these tickets that they didn't have before, > then I'll be very surprised. > I really wish people would stop making the argument that just because other places/systems have terrible data hygiene, we can have terrible data hygiene too. Fedora should be trying to set the example of how to interact and behave, and the "follow the herd" mentality here is not acceptable in my opinion. Email address could be considered PII, and so there is a debate about when the GDPR-type regulations would apply to them (from what I read, it would apply for work email addresses giving full names or personal email addresses). While there is a legal basis for keeping the email address in the system and using it, I fail to see a legal basis that would allow publicly displaying an email address in this way. Many systems are also trying to reduce the exposure of personal email addresses, with major git hosting providers even creating anonymous commit emails that can be associated with user accounts on those systems and then used for your commits should you choose. So in short, I strongly argue for masking/removing the email address from all tickets like this, and the fact that they are displayed there was is so concerning to me that I opened a ticket about it last night: https://pagure.io/find-inactive-packagers/issue/619. -Ian > > That said, if there's a general consensus that addresses should be > masked in the ticket, then we can do that in the future. I considered > whether the tickets should default to private, but the downside is > that people wouldn't be able to log in and comment on the ticket via > the Pagure web interface, only by email. > > -- > Ben Cotton > He / Him / His > Fedora Program Manager > Red Hat > TZ=America/Indiana/Indianapolis > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
