savannah-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-users] Savannah mailing-lists and GDPR

From: Assaf Gordon
Subject: Re: [Savannah-users] Savannah mailing-lists and GDPR
Date: Sun, 22 Apr 2018 13:41:10 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 
Hello,

On 22/04/18 12:55 PM, Uwe Scholz wrote:

Am Sun, 22 Apr 2018 05:26:11 -0600 schrieb Assaf Gordon:

On 21/04/18 04:03 PM, Uwe Scholz wrote:

[...] I am wondering if
and what the admins at savannah.nongnu.org will do to be GDPR
compliant on that date.


I suspect that "nothing" is the answer, but I could be wrong.


Do they read here, too? Where can we reach them?


Yes (I'm one of them).
This is a good place for general questions.
More technical questions can go to address@hidden .


    rsync -avhP rsync://lists.gnu.org/mbox/gcmd-users .



I can also see all email-addresses in plain text of
every single email.[...] This leads me to the next question: Regarding the
GDPR, there should be the "Right to be forgotten".

That means, if a user requests his personal data to be removed from the
Savannah servers, (and this affects also his email address!), this
should be possible somehow.
I doubt this will happen on gnu mailing lists - almost every posted message has been saved and is publicly available with a stable URL 
for decades (and that is a point of pride).
At the bottom of the lists front page ( https://lists.gnu.org/ ) it says: "We have a strong policy of not editing the web archives." 


Remark: I think the ability to be forgotten should be implemented here,
otherwise Savannah might run in danger to become the aim of a greedy
lawyer.
Not sure I understand what you means, but remember that it is a public mailing list - an email sent to it is store not only on gnu's archive, but also sent to *every* other subscriber's email - and stored on their account/computer. They is no "forgetting" it. Many of these lists are also mirrored on other servers (e.g. gmane).
This is not the same situation as "google" or "facebook" where they keep/manage the data themselves and (ostensibly) have the only copy which can be deleted. 


As for the 'date of subscription' - I don't know if there's an easy
way to get that information.

If that information is not stored on the Savannah servers then it's
okay. The less is stored the better.
I'm not sure it's not stored, I just don't know how to retrieve it from the server. 



 Currently it should be a good idea to
let the users know that their mail addresses are public available in
the archives when they send a mail to a mailing-list.


These are *public mailing lists*.
If there are users who do not understand what that means - there is a bigger problem here... 


Lastly,
If you (or others) do want to pursue GDPR or any other internet regulations - please contact the FSF directly ( https://www.fsf.org/about/staff-and-board/ ).
Implementing such policies require access that savannah admins do not have (see https://savannah.gnu.org/maintenance/NotSavannahAdmins/ ). 

regards,
 - assaf
reply via email to
[Prev in Thread] Current Thread [Next in Thread]