Le 5 octobre 2020 05:54:32 GMT-04:00, "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> a écrit :

On Sun, Oct 04, 2020 at 11:56:04AM -0400, Julien Lepiller wrote:
The GDPR is not the only legislation that applies to us. For
services hosted in France for instance, there is a legal obligation
to keep logs for at least one year (not sure exactly who that
applies to). There could be something similar in Germany where
berlin is located.

A quick web search does not reveal any such obligation in Germany.
I also know people who don’t log.  But again, IANAL.

The Debian Privacy Policy says they store web logs for 15 days.
But iplocation.net tells me their server is hosted in the Netherlands.

If the Guix admins do not intend to use such data to “respond to
excess usage or security attacks” on the website, logging should be
disabled and I will remove that wording from the proposed patch.

I think some of the wording is vague. Does "can be used to identify"
mean we will use the IP to identify the person (is it the reason we
process this data?) Or is it something that we could technically do,
but refuse to do?

I changed it to

During your use of Guix’ software in its default configuration,
your IP address will be revealed to the network services you use.
From an IP address it may be possible to identify who uses the
service and from which internet connection.  These services include

Attached is the complete patch with this single change.

Are there other things which are badly worded?

Regards,
Florian