Thank you for the quick response, Assaf. First, let me emphasize that I am not a lawyer and I am not sure if the Savannah organization falls under the GDPR regulations. But as the servers store also data of European citizens, I am relatively sure that this _is_ the case. Other thoughts are welcome. See below for my other comments.
Am Sun, 22 Apr 2018 05:26:11 -0600 schrieb Assaf Gordon: > Hello, > > On 21/04/18 04:03 PM, Uwe Scholz wrote: > > on May 25th the European General Data Protection Regulation will > > become active (see https://www.eugdpr.org/) and I am wondering if > > and what the admins at savannah.nongnu.org will do to be GDPR > > compliant on that date. > > I suspect that "nothing" is the answer, but I could be wrong. Do they read here, too? Where can we reach them? > > Coming back to Savannah: I am especially wondering for example: if > > a member of a mailing-list want's to know what of his data is > > stored on Savannahs servers, where will he get this information? (I > > am thinking of email address, Name, IP address, the date when the > > subscription was made, etc.). > > full archives of all gnu and nongnu mailing lists are available for > download as mbox files, containing full email headers )which include > IP, message ID, date/time, etc.). > > For example, to download the entire archive of [email protected], > run the following command: > > rsync -avhP rsync://lists.gnu.org/mbox/gcmd-users . > > Then you can simply "grep" for any information you want. Thank you for showing that rsync command above, this is very helpful. I tried it and can confirm that I could download the gcmd-users mailing-list completely. (Not?) Surprisingly, I can also see all email-addresses in plain text of every single email. (*) Different to that, on the archives web fronted they are anonymized. This leads me to the next question: Regarding the GDPR, there should be the "Right to be forgotten". That means, if a user requests his personal data to be removed from the Savannah servers, (and this affects also his email address!), this should be possible somehow. In the case of the email-address it might be enough to mask the one in question with asterisks in all mbox-archives on the Savannah servers. I think this would be a solution for that request and Savannah would be partly GDPR compliant. Remark: I think the ability to be forgotten should be implemented here, otherwise Savannah might run in danger to become the aim of a greedy lawyer. And I as the admin of a mailing list don't want to be the person in charge here. :-/ (*) The email address belongs to the personal data of a user and is in need of protection regarding GDPR rules. > As for the 'date of subscription' - I don't know if there's an easy > way to get that information. When users subscribed they receive a > confirmation email -if the kept it - they'll have the date. If that information is not stored on the Savannah servers then it's okay. The less is stored the better. > > For me as the admin of a mailinglist: How can I help the user to get > > this information? Am I allowed to do that? Or can I forward his > > request to the Savannah admins? > > Show them the above command. Got that. > If they aren't comfortable with 'rsync', they can use FTP: > ftp://lists.gnu.org/gcmd-users/ > > Please don't direct them to savannah admins, we don't have more > information than the above. Good. > > Another point: Are there any changes in the email subscription page > > planned? > > Not to my knowledge. > > > believe a more detailed disclaimer would be necessary. > > As a mailing-list administrator for your project, you can modify the > information shown on the page of the mailing lists for your project. > > When you login to the "administrative page" of your mailing list, > select "Edit the public HTML pages and text files" under "Other > administrator activities". > You'll be able to change some of the web page text, and some of the > email messages. Thank you, I didn't know that. Currently it should be a good idea to let the users know that their mail addresses are public available in the archives when they send a mail to a mailing-list. > regards, > - assaf Best wishes Uwe
