@patrick_townsend @gabrielesvelto Usual disclaimer: I am not a lawyer and this is not legal advice.

I don’t think a GDPR request to delete one’s information from e.g. the Linux git history would work. Kernel developers have a stronger legitimate interest in keeping that data (repository integrity, IP ownership tracking) than the requestor has in its removal. This works because the Linux git history can only be appended by trusted contributors, so it does not include malware, CSAM, or other illegal material.

Any site that allows data to be uploaded by untrusted third parties is much more complex and I would consult with a lawyer before running one.