[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#759382: do not keep so much logs



On 2014-09-22 10:23:05 -0400, Antoine Beaupré wrote:
> On 2014-09-22 10:14:34, Vincent Lefevre wrote:
> > On 2014-09-22 09:23:11 -0400, Antoine Beaupré wrote:
> >> On 2014-09-22 05:29:10, Vincent Lefevre wrote:
> >> > Not your users, but people who connect to the web server. But the
> >> > French law requires (required?) / advises to keep the logs for one
> >> > year. There's a discussion in French here:
> >> >
> >> >   http://forum.ovh.com/archive/index.php/t-47594.html
> >> >
> >> > Basically this is needed when:
> >> >   * Users can create contents.
> >> >   * In case of security breach, when someone can do bad things
> >> >     via Apache only.
> >> 
> >> Ouzbekistan law may also require providers to send their logs directly
> >> to the state and install backdoors into their servers, are we going to
> >> do that for all of Debian by default?
> >
> > I don't care about Ouzbekistan. In most countries, users are
> > responsible for what their servers do, and keeping logs is a
> > way to protect them.
> 
> I care about Ouzbekistan the same way I care about France.

I don't know where you live, but this is the same in most countries,
except that the period varies.

> >> > Everyone says that disk space is cheap.
> >> 
> >> I don't. Do you?
> >
> > Debian devs do.
> 
> I'm a debian dev.

You may be in the minority.

> >> Not everyone lives in a country that forces their providers to spy on
> >> their users.
> >
> > Please could you avoid saying stupid things?
> 
> No, as they are not stupid. I would prefer it if you would refrain from
> qualifying what I consider to be reasonable statements as "stupid". That
> you disagree doesn't make them stupid.

What you say is a lie. France does not force users to spy on other
users.

> I do believe that the european logging directives, for example, are a
> way to force providers to spy on their users on the behalf of the
> state. Other countries do not have such requirements and still have
> other legal means of getting to the data they need for criminal
> prosecution. Forcing providers to keep logs is a way to force
> deanonymisation of our users on the network, and is a fundamental issue
> with freedom of speech and association.

When someone connects to my web server, this is not my user.
This is someone (human or not) I don't know.

> > Wow! Most web servers keep logs for a long time by choice. Visitors
> > who do not agree with that should not use the web.
> 
> Webservers that want to choose to keep logs for a long time can do
> so.

And webservers that want to choose to keep logs for a short time
can do so. So, there was no reason to change the default period.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)


Reply to: