GDPR Compliance: Maintain Separate Mapping of Commits to Authors in Gitlab
Description
The General Data Protection Regulations (GDPR) which come into force on 25th May 2018 will harmonise peoples' rights over personally identifying information.
Git commits contain authorship information - name, email and timestamp - which are within scope of the GDPR.
Peoples' rights to alter and remove personally identifying information conflict with the git model, where the authorship information becomes part of the git history, and rewriting / removing it involves rewriting the complete git history, breaking references.
Proposal
Gitlab's git server should replace the author data supplied with a pushed commit with a UUID, and maintain an internal mapping of UUID -> author.
Gitlab administrators should be able to update / remove the author information associated with a commit.
Gitlab's UI should replace the UUID with the current author data when displaying commit data.