On 2014-09-22 09:23:11 -0400, Antoine Beaupré wrote: > On 2014-09-22 05:29:10, Vincent Lefevre wrote: > > Not your users, but people who connect to the web server. But the > > French law requires (required?) / advises to keep the logs for one > > year. There's a discussion in French here: > > > > http://forum.ovh.com/archive/index.php/t-47594.html > > > > Basically this is needed when: > > * Users can create contents. > > * In case of security breach, when someone can do bad things > > via Apache only. > > Ouzbekistan law may also require providers to send their logs directly > to the state and install backdoors into their servers, are we going to > do that for all of Debian by default?
I don't care about Ouzbekistan. In most countries, users are responsible for what their servers do, and keeping logs is a way to protect them. Note also that Debian cares about local laws. Otherwise there would be no problems with patented algorithms. > > Everyone says that disk space is cheap. > > I don't. Do you? Debian devs do. > Not everyone lives in a country that forces their providers to spy on > their users. Please could you avoid saying stupid things? > Yet anyone can be a victim of massive visits on their website (aka > "slashdotting") which will basically fill up the drives, regardless > of the country they live in. In such a case, size based rules would be better than date based ones. > > IMHO, the default log rotation should be changed back to 1 year, > > at least to protect users in case of legal matters. Alternatively, > > size-based log rotation could be used, e.g. with: > > > > rotate 15 > > size 100M > > I think keeping logs does not protect users, By "users", I meant here the responsible of web servers. > it actually exposes them to undue surveillance. When speaking of > "users" here, I refer also to the visitors of the website, which > never agreed to install debian, choose how much logs are kept and so > on. We have a responsability towards those as well. Wow! Most web servers keep logs for a long time by choice. Visitors who do not agree with that should not use the web. > Also, the above configuration, on small sites, could even mean keeping > logs even longer than the original configuration. Not a real problem. > On big sites, it will not respect the legal requirements. Admins of big sites will probably have a closer look at the config anyway. -- Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
