On 2014-09-22 10:23:05 -0400, Antoine Beaupré wrote: > On 2014-09-22 10:14:34, Vincent Lefevre wrote: > > On 2014-09-22 09:23:11 -0400, Antoine Beaupré wrote: > >> On 2014-09-22 05:29:10, Vincent Lefevre wrote: > >> > Not your users, but people who connect to the web server. But the > >> > French law requires (required?) / advises to keep the logs for one > >> > year. There's a discussion in French here: > >> > > >> > http://forum.ovh.com/archive/index.php/t-47594.html > >> > > >> > Basically this is needed when: > >> > * Users can create contents. > >> > * In case of security breach, when someone can do bad things > >> > via Apache only. > >> > >> Ouzbekistan law may also require providers to send their logs directly > >> to the state and install backdoors into their servers, are we going to > >> do that for all of Debian by default? > > > > I don't care about Ouzbekistan. In most countries, users are > > responsible for what their servers do, and keeping logs is a > > way to protect them. > > I care about Ouzbekistan the same way I care about France.
I don't know where you live, but this is the same in most countries, except that the period varies. > >> > Everyone says that disk space is cheap. > >> > >> I don't. Do you? > > > > Debian devs do. > > I'm a debian dev. You may be in the minority. > >> Not everyone lives in a country that forces their providers to spy on > >> their users. > > > > Please could you avoid saying stupid things? > > No, as they are not stupid. I would prefer it if you would refrain from > qualifying what I consider to be reasonable statements as "stupid". That > you disagree doesn't make them stupid. What you say is a lie. France does not force users to spy on other users. > I do believe that the european logging directives, for example, are a > way to force providers to spy on their users on the behalf of the > state. Other countries do not have such requirements and still have > other legal means of getting to the data they need for criminal > prosecution. Forcing providers to keep logs is a way to force > deanonymisation of our users on the network, and is a fundamental issue > with freedom of speech and association. When someone connects to my web server, this is not my user. This is someone (human or not) I don't know. > > Wow! Most web servers keep logs for a long time by choice. Visitors > > who do not agree with that should not use the web. > > Webservers that want to choose to keep logs for a long time can do > so. And webservers that want to choose to keep logs for a short time can do so. So, there was no reason to change the default period. -- Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
