In a message dated 11/28/2010 9:06:36 PM Pacific Standard Time, russnelson@gmail.com writes:
The policy is very explicit. It says that logs may be kept. If you know anything about operational requirements, you will understand that that means that logs are not routinely kept, but may be kept in order to diagnose problems. It's not practical to be more explicit than that. Aude has already explained that in the usual case, the http server itself keeps no logs (because they'd just tell ops which squids are accessing which server), and the squids themselves discard 99.9% of all accesses.
You're not likely to get any better explanation of what happens, because it's simply not practical or productive to keep you informed of which squids or servers have had logging turned on. Rest assures that nobody at the WMF cares who is accessing what page. They have more interesting problems to solve!
Yes I agree, the policy is extremely vague. We may be struck by lightning, we may be abducted by aliens, we may be sentient beings. May doesn't say anything. Why have a policy which uses "may"? So you can do anything at all and say "well we did say we MAY..." That's not a policy, it's a non-policy.
I know quite a lot about operational requirements, and I know that policies should state clearly what IS being done, not what may be done. It's quite practical to be more explicit. For example, the policy could state clearly what exactly is being done. That would be more explicit.
I know what Aude stated. I asked for a citation to the actual policy of the WMF on that point. But apparently there isn't any. You mean it's not practical or productive to keep users informed of what information is being stored on them. Why bother with a clear privacy policy, why not simply ignore anyone who pushes for one? And then claim you're not.... Very clever.
W
On Mon, Nov 29, 2010 at 6:26 AM, WJhonson@aol.com wrote:
In a message dated 11/28/2010 9:06:36 PM Pacific Standard Time, russnelson@gmail.com writes:
Yes I agree, the policy is extremely vague. We may be struck by lightning, we may be abducted by aliens, we may be sentient beings. May doesn't say anything. Why have a policy which uses "may"? So you can do anything at all and say "well we did say we MAY..." That's not a policy, it's a non-policy.
The policy, by using the word "may" states the maximum amount of what we may do. It does on the one hand warn users of what *might* be done, on the other hand ensures them about what might definitely *not* be done.
I know quite a lot about operational requirements, and I know that policies should state clearly what IS being done, not what may be done. It's quite practical to be more explicit. For example, the policy could state clearly what exactly is being done. That would be more explicit.
Yes, that would be more explicit. It would also mean that every minute change of procedure would entail a policy change. Policies are not meant to be descriptions of what we do and how we do it, they are meant to be the rules that we put on ourselves about what we do and what we do not do. There are things that we promise to do and there are things that we promise not to do. But there are also things that we want to keep a leeway of doing, not doing or doing in a different way without needing a formal board resolution each time something changes.
I know what Aude stated. I asked for a citation to the actual policy of the WMF on that point. But apparently there isn't any. You mean it's not practical or productive to keep users informed of what information is being stored on them. Why bother with a clear privacy policy, why not simply ignore anyone who pushes for one? And then claim you're not.... Very clever.
W _______________________________________________ foundation-l mailing list foundation-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
On Mon, Nov 29, 2010 at 4:41 AM, Andre Engels andreengels@gmail.com wrote:
On Mon, Nov 29, 2010 at 6:26 AM, WJhonson@aol.com wrote:
I know quite a lot about operational requirements, and I know that policies should state clearly what IS being done, not what may be done. It's quite practical to be more explicit. For example, the policy could state clearly what exactly is being done. That would be more explicit.
Yes, that would be more explicit. It would also mean that every minute change of procedure would entail a policy change. Policies are not meant to be descriptions of what we do and how we do it, they are meant to be the rules that we put on ourselves about what we do and what we do not do. There are things that we promise to do and there are things that we promise not to do. But there are also things that we want to keep a leeway of doing, not doing or doing in a different way without needing a formal board resolution each time something changes.
Surely there are ways to publish policies which don't require a formal board resolution every time something changes. Also, any emergency exceptions could always be documented later, after the emergency has been resolved.
But I'm not sure how practical it would be. Maybe there are times when you want to be able to analyze people's page views without tipping them off to the fact that you're doing so.
On Mon, Nov 29, 2010 at 8:20 AM, Anthony wikimail@inbox.org wrote:
Surely there are ways to publish policies which don't require a formal board resolution every time something changes. Also, any emergency exceptions could always be documented later, after the emergency has been resolved.
The policy shouldn't change based on minute implementation details. Like Andre said, it is designed to describe the general policies, not the specifics.
A page on wikitech like [[Log rotation procedures]] would both document the process and be citable to those who have questions.
And it doesn't need a board resolution at all :D
-Chad
On Mon, Nov 29, 2010 at 1:56 PM, Chad innocentkiller@gmail.com wrote:
On Mon, Nov 29, 2010 at 8:20 AM, Anthony wikimail@inbox.org wrote:
Surely there are ways to publish policies which don't require a formal board resolution every time something changes. Also, any emergency exceptions could always be documented later, after the emergency has been resolved.
The policy shouldn't change based on minute implementation details.
Of course not. Basic principles, on the other hand, like who determines when to keep logs, how long they are allowed to keep them, for what reasons they are allowed to keep them, who can make an exception for emergency reasons, how they are to document those exceptions. These absolutely should be in a written policy. What's the alternative? Those with the passwords do whatever they feel like and are accountable to no one?
On Mon, Nov 29, 2010 at 5:40 PM, Anthony wikimail@inbox.org wrote:
Those with the passwords do whatever they feel like and are accountable to no one?
Those with the passwords are accountable to the foundation, which is accountable to the donors. The foundation needs to make sure that the money donated to it is spent wisely, and not frittered away on frivolous requirements. If the foundation does a bad job of that, it will be replaced by some party which CAN do a good job of being responsible to donors. Speaking of donors, I hope that everyone contributing to this discussion has also contributed to the foundation!
wikimedia-l@lists.wikimedia.org