On 1 May 2018 at 09:03, Evgeny Khramtsov <[email protected]> wrote: > While I'm fine with having a separate extension, I'm against the PR > itself. I think the behaviour is up to a local policy. We shouldn't make > default recommendations based on some local laws (GDPR). Because if we > do that, we can easily add "NOT" to all "SHOULD"s, and in this case we > will describe the local law of Russia (where it is required to keep all > users data for at least 6 months). I would really advise XSF to avoid > making political statements. Not to mention that the text brings > nothing to the document and only increases its size: it doesn't > describe any protocol, it doesn't describe security considerations, it > doesn't describe UX, so what does it do? Can we replace the text with > "People SHOULD live in peace?" Because the meaning of the statement > doesn't change a lot and a reader can easily ignore it. >
Right, there is a tension between prompt deletion (for consumer data under the GDPR) and retention (for corporate data and other regimes). I don't believe that Surevine's server is in any way required to delete my data should I leave under the GDPR, for example. That said, I don't think that saying that operators should be able to delete files is a political statement - it's just that it's potentially naïve, and does not have an impact on Security or Interoperability (which is what RFC 2119 language is for). I'd be happier with a section in the document (or another document) that pointed out legal compliance issues we are aware of, irrespective of the regime they're affected by. Dave.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
