Am 15.07.23 um 06:32 schrieb nick: > Junio C Hamano wrote: >> "nick" <nick@xxxxxxxxxxxxxxxxxx> writes: >> >>> However, I think it is worth the effort for the time zones. Is there any >>> reason Git doesn't automatically convert local time to UTC in timestamps >>> to prevent leaking the developer's time zone? >> >> Actually it is the other way around, if I understand correctly. >> >> Git could have been designed to discard that information like >> previous version control systems, but it is another piece of >> interesting information and made a conscious design decision to keep >> it. In other words, "is there any reason why we do not discard the >> information?" is a wrong question to ask in the context of VCS. > > I'll make my best case one last time and if it doesn't convince you, > then I have nothing else to offer. > > Git leaks private information about developers publicly by design > through its precise timestamps. You mentioned this makes it easier to > deny copyright claims, but one could get more or less the same benefit > without sacrificing privacy by rounding commit times to the nearest day. > I'm not advocating making this behavior the default, just that > developers be given the option to do it. > > The time zones reveal private information about developers and they > don't even serve a use case, as far as I'm aware. A backwards-compatible > way to solve this leak would be to convert timestamps to UTC by default > and have a Git config option to revert back to the current behavior. I get it to some extent: timezone and timestamps are personal data, which may only be collected and processed for a lawful purpose according to the GDPR. Git works just as well with timestamps that omit time of day and timezone, so is there a valid reason to collect that information? At least that's how I understand it, and I'm certainly not a lawyer. But Git is not a legal entity, it's just a command line program that you, the data subject, control. You can use the option --date or the environment variable GIT_AUTHOR_DATE to set the author timestamp and the variable GIT_COMMITTER_DATE to set the committer timestamp on commit. Not sure why there is no command line option for the latter, hmm. So I see this more as a usability issue. Git allows its users to tailor commits to suit their needs in many ways. You can edit file contents, history and metadata. For timestamp and timezone this isn't as convenient as it could be. If git commit has a --signoff option that can be enabled by default then adding config options for controlling timestamp granularity is hard to say no to. René
