[Fedora-legal-list] Making Infrastructure httpd logs public
Emanuel Rietveld
codehotter at gmail.com
Wed Apr 18 14:39:59 UTC 2012
On Wed, Apr 18, 2012 at 2:15 AM, Ian Weller <ian at ianweller.org> wrote:
> As part of the statistics++ project [1] it is Infrastructure's plan to
> make data about visits to Fedora Project web servers public, in order to
> automate the information made available on the Statistics wiki page.
>
> The httpd logs currently contain personally-identifiable information:
> the IP address the request originated from and the user agent header.
>
> We think that at an absolute minimum we need to hash the IP address
> (with a seed, obviously) and leave the user agent header as is. But we
> wanted to make sure we got legal's opinion on this.
>
> [1]: h
>
> --
> Ian Weller <ian at ianweller.org>
>
(Moving thread to Infra list as my question is not a legal one)
What is the proposed hashing anonymizing scheme for the IP addresses?
How can you do this securely? Keep in mind that an attacker can
control some of the hashes in the public logs (by visiting the web
servers with various ip addresses).
More information about the infrastructure
mailing list