Hello Konstantin, On Thu, Jun 15, 2023 at 10:47:46AM -0400, Konstantin Ryabitsev wrote: > Now, I want to be able to add other external public-inbox repositories to be > mirrored on lore.kernel.org, but with some clear indication that we're not the > origin of that data, we're merely mirroring it. Any GDPR removal requests need > to be sent to $ORIGIN and we'll just propagate any changes.
I think this is the part that won't work. In my understanding, if someone requests that their data is removed from *your* system, you won't be able to say "But the data is only a copy from that system over there, direct your request at them." Yes, if the source of the data removes the offending content, you can just sync and so remove the content in your copy, too. But if the operators of the source don't (because they don't cooperate, or because the relevant people who can remove the content are on vacation or because they are in a different jurisdiction or just because the plaintiff doesn't care about their data at the source), you would need to have a way to remove the content. Either by removing the content locally in your copy in a way that you don't get it back in the next sync, or by shutting down that complete particular archive. Without a visible pointer about the origin of the copy the situation is identical, so I don't see an advantage when implementing it, at least not for this purpose. But maybe I'm missing something or in your jurisdiction things are different than in (my inexpert understanding of) ours. (Note, I don't wanna say that if you get such a request to delete some content, we won't cooperate, but if I were in your position, I wouldn't want to rely on that kind of cooperation.) Best regards Uwe -- Pengutronix e.K. | Uwe Kleine-König | Industrial Linux Solutions | https://www.pengutronix.de/ |
signature.asc
Description: PGP signature
