From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp1 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id KEi6G0QAe18zaQAA0tVLHw
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 05 Oct 2020 11:15:16 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1 with LMTPS
	id 8DyJF0QAe1+cFwAAbx9fmQ
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 05 Oct 2020 11:15:16 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id DBE059400C9
	for <larch@yhetil.org>; Mon,  5 Oct 2020 11:15:15 +0000 (UTC)
Received: from localhost ([::1]:33116 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1kPOSY-00089t-Lw
	for larch@yhetil.org; Mon, 05 Oct 2020 07:15:14 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:45828)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1kPOSM-00089j-Uo
 for bug-guix@gnu.org; Mon, 05 Oct 2020 07:15:02 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:36568)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1kPOSM-0004hk-Ks
 for bug-guix@gnu.org; Mon, 05 Oct 2020 07:15:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1kPOSM-0004pX-FL
 for bug-guix@gnu.org; Mon, 05 Oct 2020 07:15:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#43796: Privacy policy
Resent-From: Julien Lepiller <julien@lepiller.eu>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Mon, 05 Oct 2020 11:15:02 +0000
Resent-Message-ID: <handler.43796.B43796.160189647518517@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43796
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de>
Received: via spool by 43796-submit@debbugs.gnu.org id=B43796.160189647518517
 (code B ref 43796); Mon, 05 Oct 2020 11:15:02 +0000
Received: (at 43796) by debbugs.gnu.org; 5 Oct 2020 11:14:35 +0000
Received: from localhost ([127.0.0.1]:48114 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1kPORv-0004oa-8K
 for submit@debbugs.gnu.org; Mon, 05 Oct 2020 07:14:35 -0400
Received: from lepiller.eu ([89.234.186.109]:53342)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <julien@lepiller.eu>) id 1kPORs-0004oO-VO
 for 43796@debbugs.gnu.org; Mon, 05 Oct 2020 07:14:34 -0400
Received: from lepiller.eu (localhost [127.0.0.1])
 by lepiller.eu (OpenSMTPD) with ESMTP id 8b27f6dc;
 Mon, 5 Oct 2020 11:14:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date
 :in-reply-to:references:mime-version:content-type
 :content-transfer-encoding:subject:to:cc:from:message-id; s=
 dkim; bh=mJ40Zo1nUgCtkCWVTWAYMkWigB1p2AlxURQjf5y4IHs=; b=k/vLdlF
 FebowWSdZtUNvsuF4lJfMku2iAeBT7DTD9JGr3y9Wvkmc6BjSyONgJ7iHIvMUGUJ
 TLvd6502wOc421lwyWsP4qb3Lg96H0DCLoGcD4FA1/yQfhhq7xTlbSxwycsm154j
 A3XOCh2XBnXGBoHpFViwR2JesIoRiCBB921tyBDY8tkQHUjjzt5bXyeJ9VnEbZEg
 ZTBQkBEuL783XMqV7LW16edPMtQR4UgHN42d5RssqvKYEuNWZykPLyvlZlsYWOF1
 3SwzxP55BQFP3Ihrexb2wrw7w1oeWrbhQuXffrMUUeGi7Qr9YbK7c63E0RTGzZ4A
 hAMWmzTCrBIqxig==
Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 905b3db7
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); 
 Mon, 5 Oct 2020 11:14:29 +0000 (UTC)
Date: Mon, 05 Oct 2020 07:14:21 -0400
User-Agent: K-9 Mail for Android
In-Reply-To: <20201005095432.la7qsn3vilmu4a57@pelzflorian.localdomain>
References: <20201004153419.kyacfjdwmok6yybg@pelzflorian.localdomain>
 <90C37536-BB8F-47D4-ABD8-BA8493E9485E@lepiller.eu>
 <20201005095432.la7qsn3vilmu4a57@pelzflorian.localdomain>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="----FTQJZXVEW91QIV50E0QUG8O5PLQ8ZQ"
Content-Transfer-Encoding: 7bit
From: Julien Lepiller <julien@lepiller.eu>
Message-ID: <A1A0F4BE-12DF-4A6C-B5BF-4BC8AF104DC3@lepiller.eu>
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-Spam-Score: -1.0 (-)
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Cc: 43796@debbugs.gnu.org
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
X-Scanner: scn0
Authentication-Results: aspmx1.migadu.com;
	dkim=fail (rsa verify failed) header.d=lepiller.eu header.s=dkim header.b=k/vLdlF ;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=lepiller.eu (policy=none);
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Spam-Score: 1.09
X-TUID: kFl0id1CYbT6

------FTQJZXVEW91QIV50E0QUG8O5PLQ8ZQ
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable

I'm pretty sure we log the date anl time along with IP and requested page=
=2E

Le 5 octobre 2020 05:54:32 GMT-04:00, "pelzflorian (Florian Pelz)" <pelzfl=
orian@pelzflorian=2Ede> a =C3=A9crit :
>On Sun, Oct 04, 2020 at 11:56:04AM -0400, Julien Lepiller wrote:
>> The GDPR is not the only legislation that applies to us=2E For
>> services hosted in France for instance, there is a legal obligation
>> to keep logs for at least one year (not sure exactly who that
>> applies to)=2E There could be something similar in Germany where
>> berlin is located=2E
>
>A quick web search does not reveal any such obligation in Germany=2E
>I also know people who don=E2=80=99t log=2E  But again, IANAL=2E
>
>The Debian Privacy Policy says they store web logs for 15 days=2E
>But iplocation=2Enet tells me their server is hosted in the Netherlands=
=2E
>
>If the Guix admins do not intend to use such data to =E2=80=9Crespond to
>excess usage or security attacks=E2=80=9D on the website, logging should =
be
>disabled and I will remove that wording from the proposed patch=2E
>
>> I think some of the wording is vague=2E Does "can be used to identify"
>> mean we will use the IP to identify the person (is it the reason we
>> process this data?) Or is it something that we could technically do,
>> but refuse to do?
>
>I changed it to
>
>During your use of Guix=E2=80=99 software in its default configuration,
>your IP address will be revealed to the network services you use=2E
>>From an IP address it may be possible to identify who uses the
>service and from which internet connection=2E  These services include
>
>Attached is the complete patch with this single change=2E
>
>Are there other things which are badly worded?
>
>Regards,
>Florian

------FTQJZXVEW91QIV50E0QUG8O5PLQ8ZQ
Content-Type: text/html;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head></head><body>I'm pretty sure we log the date anl time along wit=
h IP and requested page=2E<br><br><div class=3D"gmail_quote">Le 5 octobre 2=
020 05:54:32 GMT-04:00, "pelzflorian (Florian Pelz)" &lt;pelzflorian@pelzfl=
orian=2Ede&gt; a =C3=A9crit :<blockquote class=3D"gmail_quote" style=3D"mar=
gin: 0pt 0pt 0pt 0=2E8ex; border-left: 1px solid rgb(204, 204, 204); paddin=
g-left: 1ex;">
<pre class=3D"k9mail">On Sun, Oct 04, 2020 at 11:56:04AM -0400, Julien Lep=
iller wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt =
1ex 0=2E8ex; border-left: 1px solid #729fcf; padding-left: 1ex;">The GDPR i=
s not the only legislation that applies to us=2E For<br>services hosted in =
France for instance, there is a legal obligation<br>to keep logs for at lea=
st one year (not sure exactly who that<br>applies to)=2E There could be som=
ething similar in Germany where<br>berlin is located=2E<br></blockquote><br=
>A quick web search does not reveal any such obligation in Germany=2E<br>I =
also know people who don=E2=80=99t log=2E  But again, IANAL=2E<br><br>The D=
ebian Privacy Policy says they store web logs for 15 days=2E<br>But iplocat=
ion=2Enet tells me their server is hosted in the Netherlands=2E<br><br>If t=
he Guix admins do not intend to use such data to =E2=80=9Crespond to<br>exc=
ess usage or security attacks=E2=80=9D on the website, logging should be<br=
>disabled and I will remove that wording from the proposed patch=2E<br><br>=
<blockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 1ex 0=2E8ex; bor=
der-left: 1px solid #729fcf; padding-left: 1ex;">I think some of the wordin=
g is vague=2E Does "can be used to identify"<br>mean we will use the IP to =
identify the person (is it the reason we<br>process this data?) Or is it so=
mething that we could technically do,<br>but refuse to do?<br></blockquote>=
<br>I changed it to<br><br>During your use of Guix=E2=80=99 software in its=
 default configuration,<br>your IP address will be revealed to the network =
services you use=2E<br>From an IP address it may be possible to identify wh=
o uses the<br>service and from which internet connection=2E  These services=
 include<br><br>Attached is the complete patch with this single change=2E<b=
r><br>Are there other things which are badly worded?<br><br>Regards,<br>Flo=
rian<br></pre></blockquote></div></body></html>
------FTQJZXVEW91QIV50E0QUG8O5PLQ8ZQ--