From 35ed2ff24b50359e06f09fb73357563fd2be5b13 Mon Sep 17 00:00:00 2001 From: jkeithb Date: Mon, 4 Dec 2017 12:54:52 -0800 Subject: [PATCH 1/6] Changed required PSGet version to 1.6.0 --- gallery/psget/module/PreReleaseModule.md | 2 +- gallery/psget/script/PreReleaseScript.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/gallery/psget/module/PreReleaseModule.md b/gallery/psget/module/PreReleaseModule.md index 2cab01caac92..cf4f0ca1d800 100644 --- a/gallery/psget/module/PreReleaseModule.md +++ b/gallery/psget/module/PreReleaseModule.md @@ -7,7 +7,7 @@ title: PrereleaseModule --- # Prerelease Module Versions -Starting with version 1.5.0, PowerShellGet and the PowerShell Gallery provide support for tagging versions greater than 1.0.0 as a prerelease. Prior to this feature, prerelease items were limited to having a version beginning with 0. The goal of these features is to provide greater support for [SemVer v1.0.0](http://semver.org/spec/v1.0.0.html) versioning convention without breaking backwards compatibility with PowerShell versions 3 and above, or existing versions of PowerShellGet. This topic focuses on the module-specific features. The equivalent features for scripts are in the [Prerelease Versions of Scripts](../script/PrereleaseScript.md) topic. Using these features, publishers can identify a module or script as version 2.5.0-alpha, and later release a production-ready version 2.5.0 that supersedes the prerelease version. +Starting with version 1.6.0, PowerShellGet and the PowerShell Gallery provide support for tagging versions greater than 1.0.0 as a prerelease. Prior to this feature, prerelease items were limited to having a version beginning with 0. The goal of these features is to provide greater support for [SemVer v1.0.0](http://semver.org/spec/v1.0.0.html) versioning convention without breaking backwards compatibility with PowerShell versions 3 and above, or existing versions of PowerShellGet. This topic focuses on the module-specific features. The equivalent features for scripts are in the [Prerelease Versions of Scripts](../script/PrereleaseScript.md) topic. Using these features, publishers can identify a module or script as version 2.5.0-alpha, and later release a production-ready version 2.5.0 that supersedes the prerelease version. At a high level, the prerelease module features include: diff --git a/gallery/psget/script/PreReleaseScript.md b/gallery/psget/script/PreReleaseScript.md index 6994325405d2..b9563f39fdd1 100644 --- a/gallery/psget/script/PreReleaseScript.md +++ b/gallery/psget/script/PreReleaseScript.md @@ -8,7 +8,7 @@ title: PrereleaseScript # Prerelease Versions of Scripts -Starting with version 1.5.0, PowerShellGet and the PowerShell Gallery provide support for tagging versions greater than 1.0.0 as a prerelease. Prior to this feature, prerelease items were limited to having a version beginning with 0. The goal of these features is to provide greater support for [SemVer v1.0.0](http://semver.org/spec/v1.0.0.html) versioning convention without breaking backwards compatibility with PowerShell versions 3 and above, or existing versions of PowerShellGet. +Starting with version 1.6.0, PowerShellGet and the PowerShell Gallery provide support for tagging versions greater than 1.0.0 as a prerelease. Prior to this feature, prerelease items were limited to having a version beginning with 0. The goal of these features is to provide greater support for [SemVer v1.0.0](http://semver.org/spec/v1.0.0.html) versioning convention without breaking backwards compatibility with PowerShell versions 3 and above, or existing versions of PowerShellGet. This topic focuses on the script-specific features. The equivalent features for modules are in the [Prerelease Module Versions](../module/PrereleaseModule.md) topic. Using these features, publishers can identify a script as version 2.5.0-alpha, and later release a production-ready version 2.5.0 that supersedes the prerelease version. At a high level, the prerelease script features include: From 1c4f2beb5c08dfb2175665a6fb0efcea70b0118b Mon Sep 17 00:00:00 2001 From: jkeithb Date: Wed, 28 Mar 2018 13:50:11 -0700 Subject: [PATCH 2/6] Adding GDPR doc Provide info users need to request GDPR data subject requests, and export Gallery data pertaining to them. --- gallery/psgallery/psgallery_gdpr_dsr.md | 74 +++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 gallery/psgallery/psgallery_gdpr_dsr.md diff --git a/gallery/psgallery/psgallery_gdpr_dsr.md b/gallery/psgallery/psgallery_gdpr_dsr.md new file mode 100644 index 000000000000..d59528d04446 --- /dev/null +++ b/gallery/psgallery/psgallery_gdpr_dsr.md @@ -0,0 +1,74 @@ +--- +ms.date: 03/27/2018 +contributor: JKeithB +ms.topic: conceptual +keywords: gallery,powershell,psgallery,GDPR +title: PowerShell Gallery GDPR Compliance +--- + +# PowerShell Gallery GDPR Compliance + +## Overview + +In May 2018, a European privacy law, the General Data Protection Regulation (GDPR), will take effect. +The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located. + +Microsoft products and services are available today to help you meet the GDPR requirements. +Read more about Microsoft Privacy policy at [Trust Center](https://www.microsoft.com/trustcenter). + +The PowerShell Gallery meets GDPR requirements. + +The Powershell Gallery stores the following information that may be provided by users, which may contain End User Identifiable Information (EUII): + +* PowerShell Gallery account +* Items published to the PowerShell Gallery +* Email correspondence with the PowerShell Gallery team + +Most users do not create a PowerShell Gallery account, as it is not required unless the user is going to publish an item, or use the "Contact Owner" feature in the PowerShell Gallery. +The PowerShell Gallery does not store EUII data for users who have not created a PowerShell Gallery account, other than email correspondence initiated by the user. + +Users who create a PowerShell Gallery account can publish items to the PowerShell Gallery. +Those items are expected to be PowerShell code, but may contain other information. The information below will show how you can get all the items you have published to the PowerShell Gallery. + + +## DSR Export of PowerShell Gallery Data + +The following sections describe the PowerShell Gallery supports a GDPR Data Subject Request (DSR) by explaining how to export information stored in the PowerShell Gallery, and how to request deletion of this information. + +__Email__ + +Email correspondence may include any of the following: + +* Email sent to the owners of PowerShell Gallery items if the code analysis scans detected an issue with any item they have published to the PowerShell Gallery +* Email sent by anyone to the PowerShell Gallery team using the email address in the "Contact Us" page (cgadmin@microsoft.com) +* Registered users who use the "Contact Owner" feature in the PowerShell Gallery to send email to the owner of an item in the PowerShell Gallery + +Emails sent by or to the PowerShell Gallery have a retention policy of 90 days, in order to support possible security investigations should malicious code be discovered on the PowerShell Gallery. +Emails are deleted by policy after 90 days. + +Users may request copies of all emails that sent within the previous 90 days to or from the PowerShell Gallery to their email account. This can be done by sending an email to cgadmin@microsoft.com, with the title: "DSR Request for emails relating to this account", and stating in the body what they are seeking (for example: Please send all emails sent to or received from this email address that you currently have.) All emails involving that email address within 90 days of the request will be sent to the requesting email account within 7 business days. + + +__PowerShell Gallery Account Information__ + +If you have created a PowerShell Gallery account, you can find all information that has been stored in PowerShell Gallery by taking the following steps: + +1. Sign in to the PowerShell Gallery, then click on your username +2. The next page displayed is the Account page, which shows the email address used for the PowerShell Gallery account + +If you have created more than one account in the PowerShell Gallery, you will need to repeat these steps for each account. + +__Items in the PowerShell Gallery__ + +To facilitate exporting all versions of all items, users may download the script "GetPSGalleryItemsForAuthor" from the PowerShell Gallery, or from https://github.com/powershell/powershellgallery. This script will export a copy of every version of every item put onto the PowerShell Gallery based on the author information stored in the item. It is important to note that the Author is stored in the item manifest when you publish your item,and is not guaranteed to be the same as the account you use in the PowerShell Gallery. If you use some other value in the Author field, you will need to supply that value when using this script. + +You may download the script by using the following PowerShell command: + +Save-Script GetPSGalleryItemsForAuthor -path -repository psgallery + +You can then run the script directly, by running the following PowerShell commands: +cd +.\GetPSGalleryItemsForAuthor + +You will be prompted to supply the Author and a folder on your system where you want the items to be saved. + From de1475b6e6dd9675777c4b2f32de4ad4e3614a32 Mon Sep 17 00:00:00 2001 From: jkeithb Date: Wed, 28 Mar 2018 16:18:55 -0700 Subject: [PATCH 3/6] Updates from GDPR Staff review Changes made after reviewing doc with Angie Wilson. --- gallery/psgallery/psgallery_gdpr_dsr.md | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/gallery/psgallery/psgallery_gdpr_dsr.md b/gallery/psgallery/psgallery_gdpr_dsr.md index d59528d04446..c730e484c24a 100644 --- a/gallery/psgallery/psgallery_gdpr_dsr.md +++ b/gallery/psgallery/psgallery_gdpr_dsr.md @@ -18,7 +18,7 @@ Read more about Microsoft Privacy policy at [Trust Center](https://www.microsoft The PowerShell Gallery meets GDPR requirements. -The Powershell Gallery stores the following information that may be provided by users, which may contain End User Identifiable Information (EUII): +The Powershell Gallery stores the following information that may be provided by users, which may contain personal information: * PowerShell Gallery account * Items published to the PowerShell Gallery @@ -28,7 +28,7 @@ Most users do not create a PowerShell Gallery account, as it is not required unl The PowerShell Gallery does not store EUII data for users who have not created a PowerShell Gallery account, other than email correspondence initiated by the user. Users who create a PowerShell Gallery account can publish items to the PowerShell Gallery. -Those items are expected to be PowerShell code, but may contain other information. The information below will show how you can get all the items you have published to the PowerShell Gallery. +Those items are expected to be PowerShell code, but may contain other information including personal information. The information below will show how you can get all the items you have published to the PowerShell Gallery. ## DSR Export of PowerShell Gallery Data @@ -51,7 +51,7 @@ Users may request copies of all emails that sent within the previous 90 days to __PowerShell Gallery Account Information__ -If you have created a PowerShell Gallery account, you can find all information that has been stored in PowerShell Gallery by taking the following steps: +If you have created a PowerShell Gallery account, you can find all personal information that has been stored in PowerShell Gallery by taking the following steps: 1. Sign in to the PowerShell Gallery, then click on your username 2. The next page displayed is the Account page, which shows the email address used for the PowerShell Gallery account @@ -60,7 +60,7 @@ If you have created more than one account in the PowerShell Gallery, you will ne __Items in the PowerShell Gallery__ -To facilitate exporting all versions of all items, users may download the script "GetPSGalleryItemsForAuthor" from the PowerShell Gallery, or from https://github.com/powershell/powershellgallery. This script will export a copy of every version of every item put onto the PowerShell Gallery based on the author information stored in the item. It is important to note that the Author is stored in the item manifest when you publish your item,and is not guaranteed to be the same as the account you use in the PowerShell Gallery. If you use some other value in the Author field, you will need to supply that value when using this script. +To facilitate exporting all versions of all items published to the PowerShell Gallery by an user, users may download the script "GetPSGalleryItemsForAuthor" from the PowerShell Gallery, or from https://github.com/powershell/powershellgallery. This script will export a copy of every version of every item put onto the PowerShell Gallery based on the author information stored in the item. It is important to note that the Author is stored in the item manifest when you publish your item,and is not guaranteed to be the same as the account you use in the PowerShell Gallery. If you use some other value in the Author field, you will need to supply that value when using this script. You may download the script by using the following PowerShell command: @@ -70,5 +70,15 @@ You can then run the script directly, by running the following PowerShell comman cd .\GetPSGalleryItemsForAuthor -You will be prompted to supply the Author and a folder on your system where you want the items to be saved. +You will be prompted to supply the Author and a folder on your system where you want the items to be saved. + +## Deleting Personal Data From The PowerShell Gallery + +Users who wish to delete either their PowerShell Gallery account or an item in the PowerShell Gallery must send email to cgadmin with the title: "GDPR Request for items relating to this account", and stating in the body what they are seeking, for example: + +* Please delete version x.y.z of my item "item name" _or_ +* Please delete all versions of my item "item name" _or_ +* Please delete my PowerShell Gallery account + +The PowerShell Gallery administrators will reply to the email within 7 business days, and items specified will be deleted within 30 days after the request is sent. From 552f7ced0b412f897dd9e200a00fb7c98ee01d07 Mon Sep 17 00:00:00 2001 From: jkeithb Date: Wed, 28 Mar 2018 17:09:45 -0700 Subject: [PATCH 4/6] Marked code as PowerShell Fixed display issues by marking PS code areas properly. --- gallery/psgallery/psgallery_gdpr_dsr.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/gallery/psgallery/psgallery_gdpr_dsr.md b/gallery/psgallery/psgallery_gdpr_dsr.md index c730e484c24a..1fd5e16536ad 100644 --- a/gallery/psgallery/psgallery_gdpr_dsr.md +++ b/gallery/psgallery/psgallery_gdpr_dsr.md @@ -64,11 +64,17 @@ To facilitate exporting all versions of all items published to the PowerShell Ga You may download the script by using the following PowerShell command: +```powershell Save-Script GetPSGalleryItemsForAuthor -path -repository psgallery +``` + You can then run the script directly, by running the following PowerShell commands: + +```powershell cd .\GetPSGalleryItemsForAuthor +``` You will be prompted to supply the Author and a folder on your system where you want the items to be saved. From b44168a36dbe71ceb06e20a508b292084bcfffb7 Mon Sep 17 00:00:00 2001 From: jkeithb Date: Wed, 28 Mar 2018 17:13:13 -0700 Subject: [PATCH 5/6] Updated TOC with GDPR Added GDPR documentation to Gallery TOC. --- gallery/TOC.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gallery/TOC.yml b/gallery/TOC.yml index cd9234e172e7..ee3dab6f949d 100644 --- a/gallery/TOC.yml +++ b/gallery/TOC.yml @@ -47,6 +47,8 @@ href: psgallery/psgallery_requires_license_acceptance.md - name: Require License Acceptance on Deploy to Azure Automation href: psgallery/psgallery_deploy_to_azure_automation_requireLicenseAcceptance.md + - name: PowerShell Gallery GDPR Compliance + href: psgallery/psgallery_gdpr_dsr.md - name: PowerShellGet href: psget/overview.md items: From e632f8b52c97816672fc37312df8caeb2c983728 Mon Sep 17 00:00:00 2001 From: jkeithb Date: Thu, 29 Mar 2018 16:02:44 -0700 Subject: [PATCH 6/6] Fixing typo in PS cmd Minor typo fixed --- gallery/psgallery/psgallery_gdpr_dsr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gallery/psgallery/psgallery_gdpr_dsr.md b/gallery/psgallery/psgallery_gdpr_dsr.md index 1fd5e16536ad..df49385de515 100644 --- a/gallery/psgallery/psgallery_gdpr_dsr.md +++ b/gallery/psgallery/psgallery_gdpr_dsr.md @@ -73,7 +73,7 @@ You can then run the script directly, by running the following PowerShell comman ```powershell cd -.\GetPSGalleryItemsForAuthor +.\GetPSGalleryItemsForAuthor.ps1 ``` You will be prompted to supply the Author and a folder on your system where you want the items to be saved.