[FFmpeg-devel] [ANNOUNCE] Repeat vote: GA voters list updates
Thilo Borgmann
thilo.borgmann at mail.de
Tue Nov 14 14:49:48 EET 2023
Am 14.11.23 um 10:28 schrieb Tomas Härdin:
> lör 2023-11-11 klockan 10:42 +0100 skrev Jean-Baptiste Kempf:
>>
>> You have been told, now, several times, that a list of email is a
>> collection of Private Information, according to a GDPR and that you
>> are a process of this PI, and therefore liable to the law.
>
> Everyone with a copy of the git repository already has this
> information, and it has been willingly given by all contributors. Is
> further processing of already extant PI really not permissible
> according to the GDPR? Do we have to seek permission from all
> contributors to publish our git repositories containing PI that they
> have already given implicit permission to publish?
+1 that it is no problem to reshare public information.
A problem would arise if we connect this information with other information - new unknown information or an unknown link between the two.
> That said, this part strikes me as far more relevant wrt the GDPR:
>
>> I patched the voting system to log all authorized voters in the
>> future to prevent this situation in the future.
The logfile before:
Sun Nov 5 11:04:32 2023 127.0.0.1 Sending mail to a voter for poll E_af2d343f39602862
Sun Nov 5 11:04:32 2023 127.0.0.1 Sending mail to a voter for poll E_af2d343f39602862
The logfile afterwards:
Sun Nov 5 11:04:32 2023 127.0.0.1 Sending mail to a voter for poll E_af2d343f39602862 something at somewhere.com
Sun Nov 5 11:04:32 2023 127.0.0.1 Sending mail to a voter for poll E_af2d343f39602862 somethingelse at somewhereelse.com
The other outputs are unchanged.
This does not break any privacy about the ballots - it is still unknown what ballots voted if at all neither what that ballot eventually voted for.
This only adds the information which mail addresses are connected to the poll ID E_* (in other words, who was an authorized voter).
-Thilo
More information about the ffmpeg-devel
mailing list