On Sun, 14 Apr 2024, 14:05 Bruno Haible, <br...@clisp.org> wrote: > > Jonathan Wakely wrote: > > > It would not be straightforward to track all SSH access on the farm, both > > > for privacy reasons and technical reasons (the farm has very diverse > > > systems, and some people run jobs via cron). > > > > What are the privacy reasons? > > > > It's a free, public service offered to the community, why should users have > > any expectation of being able to use it in secret? > > > > If you don't want the cfarm admins to be aware of whether or not you are > > using the service, you should pay for your own access to another service. > > While the principles of handling personal information (limiting the purposes, > minimizing the data, ...) [1] are legally binding only in the EU, they are > good guidelines for helping ensure privacy all over the world. > > If the compilefarm were to track all SSH access on the farm, taking > correlations on the data would, for example: > - reveal whether the accesses are within or outside regular business hours, > - reveal if two persons have nearly the same login/logout times and thus > allow conjectures about their relationship. > > The stated purpose in this thread is to detect "long-dormant users". > Tracking all SSH accesses would produce more data than needed for the > purpose — which goes against the principle of data minimization.
There no need for "tracking all ssh access" (that was just what Baptiste said). It would be enough to just keep a record of whether a user has logged in at all in the past 6 months, with a resolution of a day if you're concerned about recording the hours anybody uses. I'm sure the system logs already show when somebody logs in, so the information you're concerned about already exists. [jwakely@gcc2-power8 ~]$ /usr/bin/last | grep haible haible pts/0 176.199.253.237 Fri Apr 5 13:36 - 13:36 (00:00) Is this a problem? > > Other approaches (such as getting the 'atime' of the ~user/.ssh/* files > once a year) would produce less data. But it was not what was discussed > in the sourceware.org thread and replied-to by Baptiste. > > Bruno > > [1] > https://en.wikipedia.org/wiki/General_Data_Protection_Regulation#Principles_and_lawful_purposes > > > _______________________________________________ cfarm-users mailing list cfarm-users@lists.tetaneutral.net https://lists.tetaneutral.net/listinfo/cfarm-users
