Popcon folk; this is a conversation I've been having with DSA about appropriate data minimisation in the context of the forthcoming GDPR. It sounds like there are various pieces of personal data hanging around on popcon.debian.org that should be cleaned up; can you perhaps comment on the points pabs raises below? In particular, can the old data go and how long does incoming data stick around for? On Wed, Apr 11, 2018 at 07:10:03AM +0800, Paul Wise wrote: > On Tue, 2018-04-10 at 17:46 +0100, Jonathan McDowell wrote: > > > Just to clarify this point; are the details with meta-data stored > > indefinitely/for some fixed period, or are they processed upon receipt > > and stored as the meta-data scrubbed variants? > > You would have to ask the popcon folks, but I found this: > > Seems like the incoming directory is stored without metadata, but with > the layer of OpenPGP encryption that recent popcon clients apply. That > includes the GPG version information that it usually adds. > > There are some files with mail headers from 2018-04-10. > > There are also files lying around with mail headers from 2013. > > Seems like there needs to be some cleanup of unused files. > > So I think the http submission method therefore doesn't store user info > at all and the mail method stores the usual mail headers briefly, > except for old unused files that need to be cleaned up. > > Please confirm with them though. > > > If the former, why? > > I'd guess that was just how it was done in the beginning, but you would > have to contact the popcon folks, but they might not know either. J. -- ... You'll never find it, in all that loose clothing.
Attachment:
signature.asc
Description: PGP signature