- the employee might not even work there, so the email not being valid anymore, the security argument looks lame
- contributions were used to be done by email, so the email address will be public anyway
The offending file is simply a DES speed benchmark submitted by this person: https://chromium.googlesource.com/chromium/deps/openssl/+/9c...
When I changed my name, I submitted a PR to change it in the CONTRIBUTORS file of a project I had fixed a bug for. The approver privately reached out to me and offered to coordinate a global history rewrite among the core devs on my behalf. I declined because I don’t have that sort of safety need, but I’m incredibly grateful that there are maintainers out there who would be willing to go out of their way for something like that to help a non-core dev out.
I imagine this might fall under Art. 17 3. (Right to erasure), possibly (e) specifically.
> Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
> […]
> for the establishment, exercise or defence of legal claims.
> – https://gdpr-info.eu/art-17-gdpr/
Although I wonder how it works with Art. 16 (Right to rectification) which does not list such an exception.
I’m also not sure what constitutes a “personal activity” in Art. 2 2. (c) (Material scope), so it might just not apply depending on the project.
> This Regulation does not apply to the processing of personal data:
>[…]
> by a natural person in the course of a purely personal or household activity;
