On 2014-09-22 10:52:48, Vincent Lefevre wrote:
> On 2014-09-22 10:23:05 -0400, Antoine Beaupré wrote:
>> On 2014-09-22 10:14:34, Vincent Lefevre wrote:
>> > On 2014-09-22 09:23:11 -0400, Antoine Beaupré wrote:
>> >> On 2014-09-22 05:29:10, Vincent Lefevre wrote:
>> >> > Not your users, but people who connect to the web server. But the
>> >> > French law requires (required?) / advises to keep the logs for one
>> >> > year. There's a discussion in French here:
>> >> >
>> >> > http://forum.ovh.com/archive/index.php/t-47594.html
>> >> >
>> >> > Basically this is needed when:
>> >> > * Users can create contents.
>> >> > * In case of security breach, when someone can do bad things
>> >> > via Apache only.
>> >>
>> >> Ouzbekistan law may also require providers to send their logs directly
>> >> to the state and install backdoors into their servers, are we going to
>> >> do that for all of Debian by default?
>> >
>> > I don't care about Ouzbekistan. In most countries, users are
>> > responsible for what their servers do, and keeping logs is a
>> > way to protect them.
>>
>> I care about Ouzbekistan the same way I care about France.
>
> I don't know where you live, but this is the same in most countries,
> except that the period varies.
After a little more research, here's an overview of the national data
retention policies in Europe:
http://wiki.vorratsdatenspeicherung.de/Overview_of_national_data_retention_policies
Data retention seems to have been ruled out as inconstitutional in
Germany, to show an example of how important it could be to keep minimal
logs.
According to people well versed in those legal intricaties, there are
currently no restrictions on web server logging. Most of the data
retention directives apply to ISPs (Internet Service Providers) and
require that organisations providing connectivity to the internet need
to keep track of which IP belongs to which customer. There are also
restrictions for phone service providers.
As far as I know, there are no legal requirements for web hosting
providers to keep logs in the european directive. I would be curious to
hear on which basis you claim that french law requires hosting providers
to keep logs at all. The forum post you refer to is vague at best, and
doesn't even seem to be an official position of OVH. It also mentions
that keeping *more* logs is illegal and that most accounts hosted on OVH
probably don't respect the law.
So please provide more references to back up your laim that "most
countries need data retention" if you want to make a proper point here.
Thanks,
A.
--
Man really attains the state of complete humanity when he produces,
without being forced by physical need to sell himself as a commodity.
- Ernesto "Che" Guevara
Attachment:
pgp4Q8Wz0nn97.pgp
Description: PGP signature