[Fedora-legal-list] Making Infrastructure httpd logs public
Ian Weller
ian at ianweller.org
Tue Apr 17 17:56:01 UTC 2012
On Tue, Apr 17, 2012 at 01:36:50PM -0400, Tom Callaway wrote:
> On 04/17/2012 01:15 PM, Ian Weller wrote:
> > As part of the statistics++ project [1] it is Infrastructure's plan to
> > make data about visits to Fedora Project web servers public, in order to
> > automate the information made available on the Statistics wiki page.
> >
> > The httpd logs currently contain personally-identifiable information:
> > the IP address the request originated from and the user agent header.
> >
> > We think that at an absolute minimum we need to hash the IP address
> > (with a seed, obviously) and leave the user agent header as is. But we
> > wanted to make sure we got legal's opinion on this.
>
> Can you show me a hypothetical "before" and "after" example?
Assuming we treat the logs as described above:
Before example (private, on Fedora log servers):
66.391.22.111 - - [15/Apr/2012:04:02:56 +0000] "GET /static/css/fedora960-lang.css HTTP/1.0" 200 233 "http://start.fedoraproject.org/index.html.en" "Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0"
After example (available to public via statistics++ project):
c9326fa15a1d8a773386ddcdc16132f8 - - [15/Apr/2012:04:02:56 +0000] "GET /static/css/fedora960-lang.css HTTP/1.0" 200 233 "http://start.fedoraproject.org/index.html.en" "Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0"
Requests from the same IP address would have the same hash so that we
could run scripts that count unique visitors.
--
Ian Weller <ian at ianweller.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/legal/attachments/20120417/a35bad60/attachment.sig>
More information about the legal
mailing list