Bug#759382: do not keep so much logs

To: Antoine Beaupré <anarcat@koumbit.org>
Cc: 759382@bugs.debian.org
Subject: Bug#759382: do not keep so much logs
From: Vincent Lefevre <vincent@vinc17.net>
Date: Mon, 22 Sep 2014 16:14:34 +0200
Message-id: <[🔎] 20140922141434.GE3600@ypig.lip.ens-lyon.fr>
Reply-to: Vincent Lefevre <vincent@vinc17.net>, 759382@bugs.debian.org
In-reply-to: <[🔎] 877g0vpz5s.fsf@marcos.anarc.at>
References: <20140826212848.9716.81869.reportbug@angela.anarc.at> <[🔎] 20140922092910.GA5877@ypig.lip.ens-lyon.fr> <[🔎] 877g0vpz5s.fsf@marcos.anarc.at>

On 2014-09-22 09:23:11 -0400, Antoine Beaupré wrote:
> On 2014-09-22 05:29:10, Vincent Lefevre wrote:
> > Not your users, but people who connect to the web server. But the
> > French law requires (required?) / advises to keep the logs for one
> > year. There's a discussion in French here:
> >
> >   http://forum.ovh.com/archive/index.php/t-47594.html
> >
> > Basically this is needed when:
> >   * Users can create contents.
> >   * In case of security breach, when someone can do bad things
> >     via Apache only.
> 
> Ouzbekistan law may also require providers to send their logs directly
> to the state and install backdoors into their servers, are we going to
> do that for all of Debian by default?

I don't care about Ouzbekistan. In most countries, users are
responsible for what their servers do, and keeping logs is a
way to protect them.

Note also that Debian cares about local laws. Otherwise there
would be no problems with patented algorithms.

> > Everyone says that disk space is cheap.
> 
> I don't. Do you?

Debian devs do.

> Not everyone lives in a country that forces their providers to spy on
> their users.

Please could you avoid saying stupid things?

> Yet anyone can be a victim of massive visits on their website (aka
> "slashdotting") which will basically fill up the drives, regardless
> of the country they live in.

In such a case, size based rules would be better than date based ones.

> > IMHO, the default log rotation should be changed back to 1 year,
> > at least to protect users in case of legal matters. Alternatively,
> > size-based log rotation could be used, e.g. with:
> >
> >         rotate 15
> >         size 100M
> 
> I think keeping logs does not protect users,

By "users", I meant here the responsible of web servers.

> it actually exposes them to undue surveillance. When speaking of
> "users" here, I refer also to the visitors of the website, which
> never agreed to install debian, choose how much logs are kept and so
> on. We have a responsability towards those as well.

Wow! Most web servers keep logs for a long time by choice. Visitors
who do not agree with that should not use the web.

> Also, the above configuration, on small sites, could even mean keeping
> logs even longer than the original configuration.

Not a real problem.

> On big sites, it will not respect the legal requirements.

Admins of big sites will probably have a closer look at the config
anyway.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Bug#759382: do not keep so much logs
  - From: Antoine Beaupré <anarcat@koumbit.org>

References:
- Bug#759382: do not keep so much logs
  - From: Vincent Lefevre <vincent@vinc17.net>
- Bug#759382: do not keep so much logs
  - From: Antoine Beaupré <anarcat@koumbit.org>

Prev by Date: Bug#759382: do not keep so much logs
Next by Date: Bug#759382: do not keep so much logs
Previous by thread: Bug#759382: do not keep so much logs
Next by thread: Bug#759382: do not keep so much logs
Index(es):
- Date
- Thread