Is gerrit GDPR complient?

[thomasmu...@yahoo.com]

Hi, is gerrit GDPR complient?

I just filled https://bugs.chromium.org/p/gerrit/issues/detail?id=8874

But also does gerrit support a cookie notice too?

[Luca Milanesio]

On 1 May 2018, at 00:44, thomasmulhall410 via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

Hi, is gerrit GDPR complient?

I actually had the same question in my mind :-O

I just filled https://bugs.chromium.org/p/gerrit/issues/detail?id=8874

But also does gerrit support a cookie notice too?

Gerrit supports header customisation, so it is potentially possible to create the notice.

The more problematic one is allowing users to be removed or the details masked :-(

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[luca.mi...@gmail.com]

We could just have a GDPR plugin for:

- collecting explicit consensus

- removing all private details from the account if required

Removing the account itself can be dangerous and, as long as the details are gone and the account is set to disabled, we should be good from a GDPR perspective.

Luca

Sent from my iPhone

[thomasmu...@yahoo.com]

+1

On Tuesday, May 1, 2018 at 6:24:15 PM UTC+1, lucamilanesio wrote:

We could just have a GDPR plugin for:

- collecting explicit consensus

- removing all private details from the account if required

Removing the account itself can be dangerous and, as long as the details are gone and the account is set to disabled, we should be good from a GDPR perspective.

Luca

Sent from my iPhone

On 1 May 2018, at 17:10, Luca Milanesio <luca.mi...@gmail.com> wrote:

On 1 May 2018, at 00:44, thomasmulhall410 via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

Hi, is gerrit GDPR complient?

I actually had the same question in my mind :-O

I just filled https://bugs.chromium.org/p/gerrit/issues/detail?id=8874

But also does gerrit support a cookie notice too?

Gerrit supports header customisation, so it is potentially possible to create the notice.

The more problematic one is allowing users to be removed or the details masked :-(

--
--
To unsubscribe, email repo-disc...@googlegroups.com

[Matthias Sohn]

You can anonymise the account but how can you remove personal data

from Git repositories ? Email and user name are baked into commits.

They could only be anonymised by rewriting history. Or git needs to learn

storing this personal data encrypted so it can be anonymised without

rewriting history by deleting the encryption keys.

On Tue, May 1, 2018 at 7:24 PM, <luca.mi...@gmail.com> wrote:

We could just have a GDPR plugin for:

- collecting explicit consensus

- removing all private details from the account if required

Removing the account itself can be dangerous and, as long as the details are gone and the account is set to disabled, we should be good from a GDPR perspective.

Luca

Sent from my iPhone

On 1 May 2018, at 17:10, Luca Milanesio <luca.mi...@gmail.com> wrote:

On 1 May 2018, at 00:44, thomasmulhall410 via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

Hi, is gerrit GDPR complient?

I actually had the same question in my mind :-O

I just filled https://bugs.chromium.org/p/gerrit/issues/detail?id=8874

But also does gerrit support a cookie notice too?

Gerrit supports header customisation, so it is potentially possible to create the notice.

The more problematic one is allowing users to be removed or the details masked :-(

--
--
To unsubscribe, email repo-discuss+unsubscribe@googlegroups.com

More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
--
To unsubscribe, email repo-discuss+unsubscribe@googlegroups.com

More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.

[Luca Milanesio]

On 1 May 2018, at 20:45, Matthias Sohn <matthi...@gmail.com> wrote:

You can anonymise the account but how can you remove personal data

from Git repositories ? Email and user name are baked into commits.

I believe GitHub has the same problem, isn't it?

How did they solve it?

[Darragh Bailey]

On Tue, 1 May 2018, 21:24 Luca Milanesio, <luca.mi...@gmail.com> wrote:

On 1 May 2018, at 20:45, Matthias Sohn <matthi...@gmail.com> wrote:

You can anonymise the account but how can you remove personal data

from Git repositories ? Email and user name are baked into commits.

I believe GitHub has the same problem, isn't it?

How did they solve it?

I would suspect they don't have to, the fact that git is required to store this information in perpetuation, and as it's understood that SCM systems need to be able to identify the author of any code ever added should mean that the requirements for the 'right to be forgotten' component of GDPR don't apply there.

Being redacted from the list of user accounts if someone can query for users may come under it though. The ability to stop being emailed by the system seems to also be required.

Darragh Bailey
"Nothing is foolproof to a sufficiently talented fool" - unknown

[Matthias Sohn]

On Tue, May 1, 2018 at 10:23 PM, Luca Milanesio <luca.mi...@gmail.com> wrote:

On 1 May 2018, at 20:45, Matthias Sohn <matthi...@gmail.com> wrote:

You can anonymise the account but how can you remove personal data

from Git repositories ? Email and user name are baked into commits.

I believe GitHub has the same problem, isn't it?

How did they solve it?

it seems Github didn't publish this (yet)

https://github.community/t5/How-to-use-Git-and-GitHub/GDPR-and-GitHub/td-p/6098

also found this post discussing if and how git is gdpr compliant

https://law.stackexchange.com/questions/24623/gdpr-git-history

[Tech Advantage]

Basically all fields from the Contact Information and Identities tabs should be anonymized for an account to-be-removed-but-kept-for-interal-purpose.

username and Full Name are obvious.

The email addresses, even corporates one, are part of personal information per GDPR point-of-view as they uniquely identify someone.

For the explicit consensus, maybe the CLA could do the trick, provided it can be extended to ask again the consent every 2 years max. (otherwise account should be anonymized).

Also, maybe the [accountDeactivation] job could be marked GDPR-compliant by anonymizing deactivated accounts.

IG

Le mardi 1 mai 2018 19:24:15 UTC+2, lucamilanesio a écrit :

We could just have a GDPR plugin for:

- collecting explicit consensus

- removing all private details from the account if required

Removing the account itself can be dangerous and, as long as the details are gone and the account is set to disabled, we should be good from a GDPR perspective.

Luca

Sent from my iPhone

On 1 May 2018, at 17:10, Luca Milanesio <luca.mi...@gmail.com> wrote:

On 1 May 2018, at 00:44, thomasmulhall410 via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

Hi, is gerrit GDPR complient?

I actually had the same question in my mind :-O

I just filled https://bugs.chromium.org/p/gerrit/issues/detail?id=8874

But also does gerrit support a cookie notice too?

Gerrit supports header customisation, so it is potentially possible to create the notice.

The more problematic one is allowing users to be removed or the details masked :-(

--
--
To unsubscribe, email repo-disc...@googlegroups.com

[Edwin Kempin]

On Wed, May 2, 2018 at 8:20 AM Tech Advantage <a...@tech-advantage.com> wrote:

Basically all fields from the Contact Information and Identities tabs should be anonymized for an account to-be-removed-but-kept-for-interal-purpose.

username and Full Name are obvious.

The email addresses, even corporates one, are part of personal information per GDPR point-of-view as they uniquely identify someone.

Unfortunately anonymizing accounts completely is not as easy as it sounds, since it requires rewriting NoteDb refs:

- The refs/users/YY/XXXXXXX ref in All-Users that stores the account details

- The refs/groups/YY/XXXXXXXXXXXXXXXXXXXXXX refs in All-Users for groups that contained that user (the commit messages that serve as audit log for the group contain the account names of added/removed users)

- The refs/changes/YY/XXXX/meta refs for all changes where this user was involved (as the user is author of these commits and the user name is part of the author information)

 

To unsubscribe, email repo-discuss...@googlegroups.com

[Luca Milanesio]

On 2 May 2018, at 07:57, 'Edwin Kempin' via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

On Wed, May 2, 2018 at 8:20 AM Tech Advantage <a...@tech-advantage.com> wrote:

Basically all fields from the Contact Information and Identities tabs should be anonymized for an account to-be-removed-but-kept-for-interal-purpose.

username and Full Name are obvious.

The email addresses, even corporates one, are part of personal information per GDPR point-of-view as they uniquely identify someone.

Unfortunately anonymizing accounts completely is not as easy as it sounds, since it requires rewriting NoteDb refs:

That is neither good nor desirable: I believe we should introduce the ability to just "encrypt" the account details when writing the NoteDb objects.

*IF* that information is encrypted with one private key per account, then if the account wants to be forgotten, as per GDPR requirements, then we just need to remove the private key of the user and that information would not be readable anymore.

- The refs/users/YY/XXXXXXX ref in All-Users that stores the account details

That's the simple part.

- The refs/groups/YY/XXXXXXXXXXXXXXXXXXXXXX refs in All-Users for groups that contained that user (the commit messages that serve as audit log for the group contain the account names of added/removed users)

That may follow the same encryption scheme used for changes.

- The refs/changes/YY/XXXX/meta refs for all changes where this user was involved (as the user is author of these commits and the user name is part of the author information)

Same as before.

[Edwin Kempin]

On Wed, May 2, 2018 at 9:20 AM Luca Milanesio <luca.mi...@gmail.com> wrote:

On 2 May 2018, at 07:57, 'Edwin Kempin' via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

On Wed, May 2, 2018 at 8:20 AM Tech Advantage <a...@tech-advantage.com> wrote:

Basically all fields from the Contact Information and Identities tabs should be anonymized for an account to-be-removed-but-kept-for-interal-purpose.

username and Full Name are obvious.

The email addresses, even corporates one, are part of personal information per GDPR point-of-view as they uniquely identify someone.

Unfortunately anonymizing accounts completely is not as easy as it sounds, since it requires rewriting NoteDb refs:

That is neither good nor desirable:

I'm not saying that this is good or desirable, just stating that this is a problem :(

[Luca Milanesio]

On 2 May 2018, at 08:25, Edwin Kempin <eke...@google.com> wrote:

On Wed, May 2, 2018 at 9:20 AM Luca Milanesio <luca.mi...@gmail.com> wrote:

On 2 May 2018, at 07:57, 'Edwin Kempin' via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

On Wed, May 2, 2018 at 8:20 AM Tech Advantage <a...@tech-advantage.com> wrote:

Basically all fields from the Contact Information and Identities tabs should be anonymized for an account to-be-removed-but-kept-for-interal-purpose.

username and Full Name are obvious.

The email addresses, even corporates one, are part of personal information per GDPR point-of-view as they uniquely identify someone.

Unfortunately anonymizing accounts completely is not as easy as it sounds, since it requires rewriting NoteDb refs:

That is neither good nor desirable:

I'm not saying that this is good or desirable, just stating that this is a problem :(

Can someone go to Bruxelles and teach them what is source code, OpenSource and a Git repository?

Sometimes they make our lives so much difficult :-(

[Darragh Bailey]

On 2 May 2018 at 08:28, Luca Milanesio <luca.mi...@gmail.com> wrote:

On 2 May 2018, at 08:25, Edwin Kempin <eke...@google.com> wrote:

On Wed, May 2, 2018 at 9:20 AM Luca Milanesio <luca.mi...@gmail.com> wrote:

On 2 May 2018, at 07:57, 'Edwin Kempin' via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

On Wed, May 2, 2018 at 8:20 AM Tech Advantage <a...@tech-advantage.com> wrote:

Basically all fields from the Contact Information and Identities tabs should be anonymized for an account to-be-removed-but-kept-for-interal-purpose.

username and Full Name are obvious.

The email addresses, even corporates one, are part of personal information per GDPR point-of-view as they uniquely identify someone.

Unfortunately anonymizing accounts completely is not as easy as it sounds, since it requires rewriting NoteDb refs:

That is neither good nor desirable:

I'm not saying that this is good or desirable, just stating that this is a problem :(

Can someone go to Bruxelles and teach them what is source code, OpenSource and a Git repository?

Sometimes they make our lives so much difficult :-(

Seems I managed to send an earlier response to a single person rather than the group.

Just in case it's not clear, https://gdpr-info.eu/art-17-gdpr/ indicates the right to deletion is not absolute, https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/ provides a summary as well.

All of that suggests that it's not as simple as, you must delete the entire user details on request, there are legitimate use cases that trump the 'right to be forgotten'.

Maybe getting a detailed legal opinion might be the best way to determine exactly what is needed, possibly https://sfconservancy.org/ would be a good place to start with getting some clear answers on what is needed while still respecting the audit and IP identification purposes of an SCM tool?

--

[Luca Milanesio]

Hi Darragh,

thanks for the pointer.

Reading through the page I believe this is the clause that would apply to Git and thus Gerrit:

"

When does the right to erasure not apply?

• for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
• for the establishment, exercise or defence of legal claims.

"

The git log is needed for audit and archiving purposes. Additionally, it can be used for future legal claims about the software break of intellectual property.

By disabling the account BUT not removing / clearing his history on the Git repo or NoteDb, we should be fine.

I'm impressed by the fines: $20M or 4% of *global revenue*, whichever is the highest :-O

This is particularly negative for small and large businesses, where $20M fine could mean filing for bankruptcy.

Luca.

[Luca Milanesio]

Can I propose then the creation of a 'delete-account' plugin?

Similarly to the delete-project plugin, it will allow people to self-remove from the accounts table (2.14.x) and All-Users.

Luca.

[David Pursehouse]

On Wed, 2 May 2018, 20:19 Luca Milanesio, <luca.mi...@gmail.com> wrote:

Can I propose then the creation of a 'delete-account' plugin?

Why not make this a core functionality? 

[Luca Milanesio]

On 2 May 2018, at 12:30, David Pursehouse <david.pu...@gmail.com> wrote:

On Wed, 2 May 2018, 20:19 Luca Milanesio, <luca.mi...@gmail.com> wrote:

Can I propose then the creation of a 'delete-account' plugin?

Why not make this a core functionality? 

Because even core functionalities can be provided as plugins :-)

The less we put in the core, the more ability / agility we will have in reviewing and merging them.

Additionally, not all organisations would love to have this "self-removal" functionality, especially when integrating Gerrit with LDAP.

To summarise, my proposal is to start with a plugin and then, if we all agree, to have it as "core" plugin.

Luca

[Luca Milanesio]

Forgot to mention as well that a plugin could be a single code-base for multiple versions of Gerrit: less branching, less merging, less pain :-)

Luca.

[Luca Milanesio]

FYI, I've started working on the 'GDPR-compliance' plugin => https://github.com/GerritForge/gerrit-account-plugin

Retrospectively, it would be useful even outside the GDPR regulations, because allow a more "self-service" management of accounts, based on permissions.

I basically have copied the initial structure of the delete-project plugin :-)

Luca.

[lucamilanesio]

The first version of the account "self-removal" is ready at:

https://github.com/GerritForge/account

The first CI build for Gerrit 2.15 is at:

https://gerrit-ci.gerritforge.com/job/plugin-account-gh-bazel-stable-2.15/

If everyone agrees with the need of this plugin, I would be more than happy to create a Gerrit repository on gerrit-review.googlesource.com.

P.S. While developing a plugin, I found a problem in Gerrit where the GerritApi did not allow a user to reset his own account details. It is fixed in stable-2.15 at:

https://gerrit-review.googlesource.com/c/gerrit/+/177670

I am now going to put an initial UX to the plugin, mainly focused on PolyGerrit, the official UX for Gerrit 2.15 :-)

Luca.

Luca.

Luca.

To unsubscribe, email repo-discuss+unsub...@googlegroups.com

More info at http://groups.google.com/group/repo-discuss?hl=en

--- 
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.

[lucamilanesio]

I've created a "GDPR" topic for the review of the changes that are *explicitly* the GDPR regulations that this plugin helps to address.

See:

https://review.gerrithub.io/q/topic:%22GDPR%22+(status:open%20OR%20status:merged)

Please give your feedback and help with the review, as the GDPR deadline is approaching :-)

I had to use some "lower-level" API calls to workaround the current restriction in Gerrit that block the "self-deactivation" of accounts.

Luca.

[thomasmu...@yahoo.com]

Ah great luca, thanks for working on this. :)

[thomasmu...@yahoo.com]

I wonder should this be deployed on to gerrit-review?

On Tuesday, May 1, 2018 at 12:44:45 AM UTC+1, thomasmu...@yahoo.com wrote:

[luca.mi...@gmail.com]

Sent from my iPhone

On 22 May 2018, at 23:44, thomasmulhall410 via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

I wonder should this be deployed on to gerrit-review?

Yes, if there is consensus in doing that, I’ll be happy to move it over, for better discoverability.

Luca

On Tuesday, May 1, 2018 at 12:44:45 AM UTC+1, thomasmu...@yahoo.com wrote:

Hi, is gerrit GDPR complient?

I just filled https://bugs.chromium.org/p/gerrit/issues/detail?id=8874

But also does gerrit support a cookie notice too?

--
--
To unsubscribe, email repo-discuss...@googlegroups.com

More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.

[David Pursehouse]

On Wed, May 23, 2018 at 3:28 PM <luca.mi...@gmail.com> wrote:

Sent from my iPhone

On 22 May 2018, at 23:44, thomasmulhall410 via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

I wonder should this be deployed on to gerrit-review?

Yes, if there is consensus in doing that, I’ll be happy to move it over, for better discoverability.

I think he meant deploy the plugin on gerrit-review, rather than just host the source code (and reviews) there.

[Luca Milanesio]

On 23 May 2018, at 08:35, David Pursehouse <david.pu...@gmail.com> wrote:

On Wed, May 23, 2018 at 3:28 PM <luca.mi...@gmail.com> wrote:

Sent from my iPhone

On 22 May 2018, at 23:44, thomasmulhall410 via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

I wonder should this be deployed on to gerrit-review?

Yes, if there is consensus in doing that, I’ll be happy to move it over, for better discoverability.

I think he meant deploy the plugin on gerrit-review, rather than just host the source code (and reviews) there.

No, that wouldn't work because with gerrit-review and isn't needed either.

Gerrit-Review account management is based on Google Account and thus should already be GDPR-compliant.

Luca.

[Luca Milanesio]

On 23 May 2018, at 08:37, Luca Milanesio <luca.mi...@gmail.com> wrote:

On 23 May 2018, at 08:35, David Pursehouse <david.pu...@gmail.com> wrote:

On Wed, May 23, 2018 at 3:28 PM <luca.mi...@gmail.com> wrote:

Sent from my iPhone

On 22 May 2018, at 23:44, thomasmulhall410 via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

I wonder should this be deployed on to gerrit-review?

Yes, if there is consensus in doing that, I’ll be happy to move it over, for better discoverability.

I think he meant deploy the plugin on gerrit-review, rather than just host the source code (and reviews) there.

No, that wouldn't work because with gerrit-review and isn't needed either.

Gerrit-Review account management is based on Google Account and thus should already be GDPR-compliant.

I believe the problem is with the other publicly accessible Gerrit setups:

- Wikimedia

- OpenStack

- Eclipse Foundation

- other?

The plugin could be useful for them :-)

Having the plugin hosted on gerrit-review.googlesource.com would make it more discoverable and reviews accessible IMHO.

Luca.

[Edwin Kempin]

On Wed, May 23, 2018 at 9:48 AM Luca Milanesio <luca.mi...@gmail.com> wrote:

On 23 May 2018, at 08:37, Luca Milanesio <luca.mi...@gmail.com> wrote:

On 23 May 2018, at 08:35, David Pursehouse <david.pu...@gmail.com> wrote:

On Wed, May 23, 2018 at 3:28 PM <luca.mi...@gmail.com> wrote:

Sent from my iPhone

On 22 May 2018, at 23:44, thomasmulhall410 via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

I wonder should this be deployed on to gerrit-review?

Yes, if there is consensus in doing that, I’ll be happy to move it over, for better discoverability.

I think he meant deploy the plugin on gerrit-review, rather than just host the source code (and reviews) there.

No, that wouldn't work because with gerrit-review and isn't needed either.

Gerrit-Review account management is based on Google Account and thus should already be GDPR-compliant.

I believe the problem is with the other publicly accessible Gerrit setups:

- Wikimedia

- OpenStack

- Eclipse Foundation

- other?

The plugin could be useful for them :-)

Having the plugin hosted on gerrit-review.googlesource.com would make it more discoverable and reviews accessible IMHO.

+1 for hosting it there

[Luca Milanesio]

On 23 May 2018, at 08:53, Edwin Kempin <eke...@google.com> wrote:

On Wed, May 23, 2018 at 9:48 AM Luca Milanesio <luca.mi...@gmail.com> wrote:

On 23 May 2018, at 08:37, Luca Milanesio <luca.mi...@gmail.com> wrote:

On 23 May 2018, at 08:35, David Pursehouse <david.pu...@gmail.com> wrote:

On Wed, May 23, 2018 at 3:28 PM <luca.mi...@gmail.com> wrote:

Sent from my iPhone

On 22 May 2018, at 23:44, thomasmulhall410 via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

I wonder should this be deployed on to gerrit-review?

Yes, if there is consensus in doing that, I’ll be happy to move it over, for better discoverability.

I think he meant deploy the plugin on gerrit-review, rather than just host the source code (and reviews) there.

No, that wouldn't work because with gerrit-review and isn't needed either.

Gerrit-Review account management is based on Google Account and thus should already be GDPR-compliant.

I believe the problem is with the other publicly accessible Gerrit setups:

- Wikimedia

- OpenStack

- Eclipse Foundation

- other?

The plugin could be useful for them :-)

Having the plugin hosted on gerrit-review.googlesource.com would make it more discoverable and reviews accessible IMHO.

+1 for hosting it there

Agreed, let me create it now.

It *could* become a core-plugin IMHO, it is actually a feature that is needed in Gerrit after all, at least for those setups that are publicly accessible.

Luca.

[Luca Milanesio]

On 23 May 2018, at 09:02, Luca Milanesio <luca.mi...@gmail.com> wrote:

On 23 May 2018, at 08:53, Edwin Kempin <eke...@google.com> wrote:

On Wed, May 23, 2018 at 9:48 AM Luca Milanesio <luca.mi...@gmail.com> wrote:

On 23 May 2018, at 08:37, Luca Milanesio <luca.mi...@gmail.com> wrote:

On 23 May 2018, at 08:35, David Pursehouse <david.pu...@gmail.com> wrote:

On Wed, May 23, 2018 at 3:28 PM <luca.mi...@gmail.com> wrote:

Sent from my iPhone

On 22 May 2018, at 23:44, thomasmulhall410 via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

I wonder should this be deployed on to gerrit-review?

Yes, if there is consensus in doing that, I’ll be happy to move it over, for better discoverability.

I think he meant deploy the plugin on gerrit-review, rather than just host the source code (and reviews) there.

No, that wouldn't work because with gerrit-review and isn't needed either.

Gerrit-Review account management is based on Google Account and thus should already be GDPR-compliant.

I believe the problem is with the other publicly accessible Gerrit setups:

- Wikimedia

- OpenStack

- Eclipse Foundation

- other?

The plugin could be useful for them :-)

Having the plugin hosted on gerrit-review.googlesource.com would make it more discoverable and reviews accessible IMHO.

+1 for hosting it there

Agreed, let me create it now.

It *could* become a core-plugin IMHO, it is actually a feature that is needed in Gerrit after all, at least for those setups that are publicly accessible.

Done: the GDPR-sensitive changes are associated to the topic 'GDPR'.

https://gerrit-review.googlesource.com/q/topic:%22GDPR%22+(status:open)

Reviews are welcomed :-)

Luca.

[lucamilanesio]

I am glad to announce that the 'account' plugin is now feature complete to address the EU GDPR rules that are in force by today.

See the announcement on:

https://gitenterprise.me/2018/05/25/gerrithub-io-and-gdpr/

P.S. The changes on the account plugin are still under review, your comment and feedback is more than welcomed :-)

Open changes:

https://gerrit-review.googlesource.com/q/project:plugins/account

Happy GDPR-day to everyone in the EU ... and glad that I did not have to shutdown GerritHub.io to all the developers from the European Countries ... like many other US Web Sites had to do :-(

Luca.

Luca.

 

Luca.

Luca.

 

Luca

To unsubscribe, email repo-discuss+unsub...@googlegroups.com

More info at http://groups.google.com/group/repo-discuss?hl=en

--- 
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

-- 
-- 
To unsubscribe, email repo-discuss+unsub...@googlegroups.com

More info at http://groups.google.com/group/repo-discuss?hl=en

--- 
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

-- 
-- 
To unsubscribe, email repo-discuss+unsub...@googlegroups.com

More info at http://groups.google.com/group/repo-discuss?hl=en

--- 
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.

[thomasmu...@yahoo.com]

Ah thanks luca :).

Luca.

 

Luca.

Luca.

 

Luca

To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

-- 
-- 
To unsubscribe, email repo-discuss+unsub...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

--- 
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

-- 
-- 
To unsubscribe, email repo-discuss+unsub...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

--- 
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.

[thomasmu...@yahoo.com]

This could be useful for admins but could there be one so admins can delete users? :)

[thomasmu...@yahoo.com]

Though even though the account is created using google, gerrit wont delete accounts with manual input so dosen't that mean this would need to be on gerrit-review?