On 2014-09-22 10:52:48, Vincent Lefevre wrote: > I don't know where you live, but this is the same in most countries, > except that the period varies. Where I live is irrelevant. It is not the same in all countries: some have more or less strict restrictions, some don't have any at all. The United States of America, for example, do not enforce logging. >> >> > Everyone says that disk space is cheap. >> >> >> >> I don't. Do you? >> > >> > Debian devs do. >> >> I'm a debian dev. > > You may be in the minority. I may be. It could also be because I am involved in buying the hardware at work. >> >> Not everyone lives in a country that forces their providers to spy on >> >> their users. >> > >> > Please could you avoid saying stupid things? >> >> No, as they are not stupid. I would prefer it if you would refrain from >> qualifying what I consider to be reasonable statements as "stupid". That >> you disagree doesn't make them stupid. > > What you say is a lie. France does not force users to spy on other > users. I disagree. I think that forcing logging is forcing webserver operators to surveil their users, in the ultimate goal of revealing their activities to the authorities, and therefore spying. Saying that this is a lie implies that I am deliberately construing another reality and masking information I would know. That is incorrect: we are in a disagreement about the purpose of those policies. You think it's good, I think it's bad. It doesn't make me stupid or a liar. >> I do believe that the european logging directives, for example, are a >> way to force providers to spy on their users on the behalf of the >> state. Other countries do not have such requirements and still have >> other legal means of getting to the data they need for criminal >> prosecution. Forcing providers to keep logs is a way to force >> deanonymisation of our users on the network, and is a fundamental issue >> with freedom of speech and association. > > When someone connects to my web server, this is not my user. > This is someone (human or not) I don't know. I disagree. I think the client of a webserver is a user of a webserver. Aren't people visiting (say) github.com users of github? Isn't there a "terms of service" policy at the bottom of every freaking website these days that they assume you have read and that implies you are a user of their services? >> > Wow! Most web servers keep logs for a long time by choice. Visitors >> > who do not agree with that should not use the web. >> >> Webservers that want to choose to keep logs for a long time can do >> so. > > And webservers that want to choose to keep logs for a short time > can do so. So, there was no reason to change the default period. I guess there was a compelling reason enough so that the default was changed. I have given numerous reasons why globally, the default logging should be reduced (resource usage, privacy, etc). You have given a single reason why, locally (namely in France), the default should be 52 weeks, and haven't adressed the question as to what to do with variations in those policies outside of France. I do not see why we should keep 52 weeks of logs to satisfy the legal requirements of just one country in the world, especially since that change isn't sufficient to ensure compliance, and may break compliance in other countries. Anyways, I do not need to be CC'd further in your communications here, I am not the maintainer of this package, I just reported this bug and I'm not the one you need to convince. A. -- We have no friends but the mountains. - Kurdish saying
Attachment:
pgpQJuqbD1bFr.pgp
Description: PGP signature