René Scharfe wrote: > schrieb nick: > > Git leaks private information about developers publicly by design > > through its precise timestamps. You mentioned this makes it easier to > > deny copyright claims, but one could get more or less the same benefit > > without sacrificing privacy by rounding commit times to the nearest day. > > I'm not advocating making this behavior the default, just that > > developers be given the option to do it. > > I get it to some extent: timezone and timestamps are personal data, > which may only be collected and processed for a lawful purpose according to > the GDPR. > But Git is not a legal entity, it's just a command line program that you, > the data subject, control. As far as I know and I'm not a lawyer either, there are no legal issues related to this. To be clear, my argument is more a moral one, not a legal one. > So I see this more as a usability issue. Git allows its users to tailor > commits to suit their needs in many ways. You can edit file contents, > history and metadata. For timestamp and timezone this isn't as > convenient as it could be. If git commit has a --signoff option that > can be enabled by default then adding config options for controlling > timestamp granularity is hard to say no to. You're right that usability is not as good as it could be for those who want more privacy. Many of the i2p devs are known only under pseudonyms. They definitely don't want their timezones leaked while developing i2p. I imagine that they have other repos that they develop non-anonymously. They could create a separate shell alias for Git with coarse-grained timestamps and no timezone, but it would still require a lot of mental bookkeeping to remember to use the alias every time. A single mistake would leak their timezone. Git could solve this by offering a per-repo option that controls timestamp granularity.
