On Fri, Sep 04, 2020 at 01:47:58PM +0200, Tomasz Torcz wrote:
On Fri, Sep 04, 2020 at 07:16:02AM -0400, Neal Gompa wrote:
> On Fri, Sep 4, 2020 at 7:10 AM clime <clime(a)fedoraproject.org> wrote:
> >
> > On Fri, 4 Sep 2020 at 12:59, clime <clime(a)fedoraproject.org> wrote:
> > >
> > > On Fri, 4 Sep 2020 at 12:48, Aoife Moloney <amoloney(a)redhat.com>
wrote:
> > > >
> > > > However, the General Data Protection Regulation (GDPR) [3] and the
California
> > > > Consumer Privacy Act (CCPA) [4] basically makes the Fedora
Infrastructure team
> > > > (and thus Red Hat) responsible for the content hosted by any services
running in
> > > > our infrastructure. In other words, the Fedora Infrastructure team
would be
> > > > responsible to answer all GDPR/CCPA related requests and requirements
for any
> > > > and all services running in communishift (services that the team has
0 knowledge
> > > > about, that's the whole goal of communishift).
> >
>
> My read of this is that right now, there will be no way for the
> community to run applications in Fedora Infrastructure in a way that
> CPE can be divorced from it completely. That is because their goal of
> running only OpenShift and then not caring about what's inside is
> legally not possible.
Hmm. But how, for example, cloud providers are able to provide
infrastructure without taking responsibility for what's hosted?
I don't think GCP is handling any GPDR/CCPA requests for clients' stuff…
This is definitely one of the question we have and are looking into.
I don't really expect an answer. From my experience, it's
impossible
to get straight, yes/no, binary answer from lawyers.
Thus the slow process :(
The goal of the email was to inform about the current situation as we saw the
topic raised in a few places lately.
Pierre