Closed ShoshinNikita closed 1 week ago
The simplest solution is to remove sensitive data just before uploading database dump to Dropbox:
echo "Cleaning up the database..."
echo "DROP TABLE IF EXISTS upload_tickets;" | sqlite3 $TARGET_FILE
echo "DROP TABLE IF EXISTS queue_messages;" | sqlite3 $TARGET_FILE
+echo "UPDATE users SET email = '<redacted>', name = '<redacted>', picture = '<redacted>';" | sqlite3 $TARGET_FILE
echo "VACUUM;" | sqlite3 $TARGET_FILE
@umonkey I think, this is the most important feature at this stage. Without it I cannot tell the world (I know of the similar tree-protection movement in Argentina) about the database and even cannot in good consciousness say people it is safe to do what we do. Participants' data must be protected (and deleted from earlier dumps) as per GDPR.
What is necessary for that feature?
Since the users table doesn't contain any other information than what was considered private, I just removed the whole table from the dumps. New dumps don't have this table. Old dumps were deleted. We have the history of changes in the database, so a history of dumps is not needed.
Table
users
contains sensitive data such as email and name. I'm not sure it's a good idea to include this information in the publicly available database dump.