I'm pretty sure we log the date anl time along with IP and requested page. Le 5 octobre 2020 05:54:32 GMT-04:00, "pelzflorian (Florian Pelz)" a écrit : >On Sun, Oct 04, 2020 at 11:56:04AM -0400, Julien Lepiller wrote: >> The GDPR is not the only legislation that applies to us. For >> services hosted in France for instance, there is a legal obligation >> to keep logs for at least one year (not sure exactly who that >> applies to). There could be something similar in Germany where >> berlin is located. > >A quick web search does not reveal any such obligation in Germany. >I also know people who don’t log. But again, IANAL. > >The Debian Privacy Policy says they store web logs for 15 days. >But iplocation.net tells me their server is hosted in the Netherlands. > >If the Guix admins do not intend to use such data to “respond to >excess usage or security attacks” on the website, logging should be >disabled and I will remove that wording from the proposed patch. > >> I think some of the wording is vague. Does "can be used to identify" >> mean we will use the IP to identify the person (is it the reason we >> process this data?) Or is it something that we could technically do, >> but refuse to do? > >I changed it to > >During your use of Guix’ software in its default configuration, >your IP address will be revealed to the network services you use. >From an IP address it may be possible to identify who uses the >service and from which internet connection. These services include > >Attached is the complete patch with this single change. > >Are there other things which are badly worded? > >Regards, >Florian