I just got spam email from PyTorch Foundation / Linux Foundation to my email address used purely in Linux kernel sources and LKML. Email not passed to anyone, not even used as reply/from ever, not used on conferences (so not scan badging) so PyTorch Foundation <pytorchevents@linuxfoundation.org> apparently just grabbed it from kernel sources or kernel mailing list to create database of users for spam mailing.

Such a disappointment @lfeurope @linuxfoundation

I would write them email with a complain, but contact form on https://www.linuxfoundation.org/about/contact simply does not work - clicking button "Submit" is a no-op.

And now I see that PyTorch Foundation has been doing this for longer - I see at least one more mailing (to the same address from kernel sources) on 4th of February.

@krzk I got the same thing sent to my @kernel.org address and at least three other addresses I'm sure I never gave them, including one that only showed up by accident as the committer (not author or S-o-b) ID in some kernel commits back in 2007. The only other emails I ever received there are low-quality phishing attempts.

I found one earlier email sent to the @kernel.org one, dated July 31, Subject "The KubeCon + CloudNativeCon North America 2025 Schedule Is Live!".

@arnd @krzk

I got the same to mails that never appeared on LKML. They do appear on other Git forges though. So I don't think it is limited to data harvested from the Kernel community.

@krzk Now you made me aware, I checked, and I also received that email on a contrived address I briefly used for sending kernel patches more than a decade ago!
FTR, the form also didn't work when they had secretly subscribed me to the Hyperledger newsletter 7y ago... My complaint emails were never acknowledged, but the second one did seem to have the intended effect.

@ablu @arnd Harvesting from Github is not particularly better...

@geert @arnd I sent email to helpdesk at korg, but obviously it's not korg issue.
IMO, harvesting emails and creating such database of involuntary subscribers by Linux Foundation project is absolutely not acceptable. @lfeurope @linuxfoundation should be THE example in standards for data privacy and compliance.

@krzk It being PyTorch, I expect the answer will be "we asked an AI agent to put together a database of addresses that would be interested in receiving PyTorch announcements."

@monsieuricon Nice joke, but I am afraid it might be actually true...

@krzk Not a joke -- I really expect the answer to boil down to that.

I received answer from Linux Foundation, apologizing for what happened explaining a bit with: "This occurred due to an internal marketing
operations error where a list intended for technical cross-referencing was
inadvertently marked as a mailable promotional list."

There is no explanation how the "technical cross-referencing" was created, but I assume that list is result of harvesting/scrapping addresses from available sources. Email address, even publicly exposed, is personal data, according to GDPR. Public availability does not remove GDPR protection.

The PyTorch Foundation therefore did not have right to collect these addresses.

Linux Foundation in reply to me stated they ONLY remove the addresses from marketing lists. They did not confirm that they removed the addresses from "list intended for technical cross-referencing", thus I find the the answers not satisfying.

And pasting here my response for reference:

Thank you for responding and caring about this matter. It partially resolves the problem, but unfortunately only partially.

Email address of EU individual, like me or few other maintainers who confirmed that they received mentioned PyTorch Foundation mailing, is personal data thus protected by GDPR. Public availability of that address does not remove GDPR protection.

Therefore according to GDPR, neither the PyTorch Foundation, the Linux Foundation EU nor the Linux Foundation, was allowed to create the “list intended for technical cross-referencing”. You cannot harvest these emails, even if you do not intend to send advertising material.

Removal of harvested emails from marketing databases is of course correct, but insufficient. Linux Foundation and PyTorch Foundation should remove ALL HARVESTED emails from all other databases, including from the “list intended for technical cross-referencing”.

GDPR applies not only to Linux Foundation EU, but also to PyTorch Foundation which operates in EU. Specifically, the advertisement spam sent by PyTorch Foundation was about conference “PyTorchCon Europe 2026” it held/is holding in Paris, France. thus clearly it operated in EU. The emails were belonging to identifiable individual (e.g. me) and EU residents (e.g. also me), thus meeting all conditions necessary to trigger GDPR protection of personal data.

@krzk How else did you think these fancy graphs and statistics in LF Reports are created? From cross-referenced data extracted from git repos, of course.

@geert And PyTorch needed it for ... ? :)