On Fri, 2008-10-17 at 17:32 -0500, Arthur Pemberton wrote: Here's the big story. Fedora Project has a privacy policy that says someone can have their personal data removed at request.[1] All other content is covered by the contributor license agreement (CLA), so is open content and not under the privacy policy. The question then is, whose responsibility is it to ... * Take a personal data removal request; * Confirm it is legitimate; * Perform or authorize the removal Based on the fact that I had to involve Fedora Infrastructure last time, and they are the ones in the best position to verify ownership and remove private data, I'm proposing that: 1. The responsibility is Fedora Infrastructure's; 2. For every apparent or real request we get to remove private data, we direct the requester to fill out a ticket at http://fedorahosted.org/infrastructure, using the FAS account they want removed. If there any questions, problems, etc. from there, Infra is in the best position to resolve. Seem like a sane idea? [1] https://fedoraproject.org/wiki/Legal/PrivacyPolicy#How_to_Access.2C_Modif... -- Karsten Wade, Community Gardener Dev Fu : http://developer.redhatmagazine.com Fedora : http://quaid.fedorapeople.org gpg key : AD0E0C41