[Foundation-l] should not web server logs (of requests) be published?
Anthony
wikimail at inbox.org
Mon Nov 29 22:40:57 UTC 2010
On Mon, Nov 29, 2010 at 1:56 PM, Chad <innocentkiller at gmail.com> wrote:
> On Mon, Nov 29, 2010 at 8:20 AM, Anthony <wikimail at inbox.org> wrote:
>> Surely there are ways to publish policies which don't require a formal
>> board resolution every time something changes. Also, any emergency
>> exceptions could always be documented later, after the emergency has
>> been resolved.
>>
>
> The policy shouldn't change based on minute implementation details.
Of course not. Basic principles, on the other hand, like who
determines when to keep logs, how long they are allowed to keep them,
for what reasons they are allowed to keep them, who can make an
exception for emergency reasons, how they are to document those
exceptions. These absolutely should be in a written policy. What's
the alternative? Those with the passwords do whatever they feel like
and are accountable to no one?
More information about the foundation-l
mailing list