From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-3.3 required=3.0 tests=AWL,BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=ham autolearn_force=no version=3.4.6 Received: from mail-qv1-xf35.google.com (mail-qv1-xf35.google.com [IPv6:2607:f8b0:4864:20::f35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id AF9AC1F543 for ; Thu, 15 Jun 2023 14:47:50 +0000 (UTC) Authentication-Results: dcvr.yhbt.net; dkim=pass (1024-bit key; unprotected) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.a=rsa-sha256 header.s=google header.b=DoLVw2fV; dkim-atps=neutral Received: by mail-qv1-xf35.google.com with SMTP id 6a1803df08f44-62de668852dso26997536d6.2 for ; Thu, 15 Jun 2023 07:47:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxfoundation.org; s=google; t=1686840469; x=1689432469; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=+HsJuxg40Sf2CLNSh52L+Sb9MqytYsfz6wMmg44c2TA=; b=DoLVw2fVVCMFXDt/66j0G2BWQJMWVqWHmGSCN+HnKvgfE6vr/atezwPFBr5fqFVLsX MZpfa+dcQ3Uni9PGTx+eVuOblG1H1B3eKt/d8ePPjcg84cSFGW84/4CESLVZogjGcHex xs2SFmaQrP6ST0YYqGvp/15m43cMHBSAT1Z0I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686840469; x=1689432469; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=+HsJuxg40Sf2CLNSh52L+Sb9MqytYsfz6wMmg44c2TA=; b=kLorfLRmld9C4U78cF+iHZSMoaR+6NRxj9aaImdG0TGypjQo6hozC044bfSAcZqZOv u9WHUmcTVcUldOGEIJyRZ0wN/gJ+rymK9nlJDDPOjY04+fBA2eU0sILfLEAmzo27wXtf 8BawMhur4XL8WUMQwYvr7DkKDBxmR+T2K53Nnul5b8BXQEo617vyuN0/9xFAR6wkVH+8 64yfn9E8ng33Sm/grISTSw+el7Hwd42aoXoLIjXj+nqapvaG8JiW29mwJ82Nqrliercx RosbEuZoT3iA7OQDU0mZwGSdkIDCYRH/7FJQBwieGgTgKTNIpXsXP2Z78fRJdif6peDL w0pw== X-Gm-Message-State: AC+VfDz9vZktBptm4fVBmOMF3ekUWhPUkM/lDGrNT9BXCmPaTlFtRufG kRAGVoAGefogMmL/EtIljQjJHloZUT1TTWdTRrE= X-Google-Smtp-Source: ACHHUZ4KZ4qltIJ56UFBVGRaqaXxJvy7IXPaurnfyOV/pn2AYxCFFCjMrLqzFuJSeBVDpIEFOgl/Rw== X-Received: by 2002:a05:6214:21ef:b0:628:35b0:e966 with SMTP id p15-20020a05621421ef00b0062835b0e966mr19587645qvj.21.1686840469432; Thu, 15 Jun 2023 07:47:49 -0700 (PDT) Received: from nitro.local ([204.48.95.97]) by smtp.gmail.com with ESMTPSA id t8-20020a0cb388000000b0061a68b5a8c4sm5917558qve.134.2023.06.15.07.47.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Jun 2023 07:47:49 -0700 (PDT) Date: Thu, 15 Jun 2023 10:47:46 -0400 From: Konstantin Ryabitsev To: Eric Wong Cc: meta@public-inbox.org, a.fatoum@pengutronix.de, u.kleine-koenig@pengutronix.de Subject: Re: Indicating the mirror's origin Message-ID: <20230615-focal-erosion-poop-df8246@meerkat> References: <20230614-icons-siren-usual-f1a72b@meerkat> <20230614235015.M82055@dcvr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20230614235015.M82055@dcvr> List-Id: On Wed, Jun 14, 2023 at 11:50:15PM +0000, Eric Wong wrote: > Konstantin Ryabitsev wrote: > > Good day: > > > > We've had a few requests to mirror public-inbox archives that originate on > > other systems so they can also be searchable and viewable via lore.kernel.org. > > I've been dragging my feet on these requests, because they are a potential > > liability in terms of GDPR compliance. > > I just tried using `git replace' for the first time: I think I didn't quite convey my idea -- let me try to step back a bit. What I have is lore.kernel.org, which is actually 3 different frontends all pulling git repositories from some other source of origin. Currently, I have two: - lkml.kernel.org, which subscribes to external lists via regular SMTP - subspace.kernel.org, which is our own mlmmj server and where public-inbox repositories are created via public-inbox-watch Since we control both lkml and subspace, we are the origin of the data, so if anyone requests archive removal, we can easily comply. Now, I want to be able to add other external public-inbox repositories to be mirrored on lore.kernel.org, but with some clear indication that we're not the origin of that data, we're merely mirroring it. Any GDPR removal requests need to be sent to $ORIGIN and we'll just propagate any changes. > git replace --edit $BLOB_OID I don't want to go down that route, because while we can do such surgery on a node, it would need to be rerun again if we bring up a new mirror node, and it's almost guaranteed to be forgotten. > I sometimes use the $INBOX_DIR/description file for that and it > affects WWW and NNTP, but not IMAP/POP3. I'm not sure if I want > to reintroduce header injection in case there's some conflict > with DKIM or other signature mechanisms[1] I don't think we need to worry about it if we pick a header that's almost certain to not be included in the default DKIM signature set. X-Originally-Archived-At: or some other header is guaranteed to never be signed. -K