On Sun, 14 Apr 2024 at 20:45, Jonathan Wakely <jwakely....@gmail.com> wrote: > > On Sun, 14 Apr 2024, 14:05 Bruno Haible, <br...@clisp.org> wrote: > > > > Jonathan Wakely wrote: > > > > It would not be straightforward to track all SSH access on the farm, > > > > both > > > > for privacy reasons and technical reasons (the farm has very diverse > > > > systems, and some people run jobs via cron). > > > > > > What are the privacy reasons? > > > > > > It's a free, public service offered to the community, why should users > > > have > > > any expectation of being able to use it in secret? > > > > > > If you don't want the cfarm admins to be aware of whether or not you are > > > using the service, you should pay for your own access to another service. > > > > While the principles of handling personal information (limiting the > > purposes, > > minimizing the data, ...) [1] are legally binding only in the EU, they are > > good guidelines for helping ensure privacy all over the world. > > > > If the compilefarm were to track all SSH access on the farm, taking > > correlations on the data would, for example: > > - reveal whether the accesses are within or outside regular business > > hours, > > - reveal if two persons have nearly the same login/logout times and thus > > allow conjectures about their relationship. > > > > The stated purpose in this thread is to detect "long-dormant users". > > Tracking all SSH accesses would produce more data than needed for the > > purpose — which goes against the principle of data minimization. > > > There no need for "tracking all ssh access" (that was just what > Baptiste said). It would be enough to just keep a record of whether a > user has logged in at all in the past 6 months, with a resolution of a > day if you're concerned about recording the hours anybody uses. I'm > sure the system logs already show when somebody logs in, so the > information you're concerned about already exists. > > [jwakely@gcc2-power8 ~]$ /usr/bin/last | grep haible > haible pts/0 176.199.253.237 Fri Apr 5 13:36 - 13:36 (00:00) > > Is this a problem?
That info is already available to anybody with cfarm access. Recording "how user jwakely logged in in the past approximately 180 days" as root doesn't seem any worse. > > > > > > Other approaches (such as getting the 'atime' of the ~user/.ssh/* files > > once a year) would produce less data. But it was not what was discussed > > in the sourceware.org thread and replied-to by Baptiste. > > > > Bruno > > > > [1] > > https://en.wikipedia.org/wiki/General_Data_Protection_Regulation#Principles_and_lawful_purposes > > > > > > _______________________________________________ cfarm-users mailing list cfarm-users@lists.tetaneutral.net https://lists.tetaneutral.net/listinfo/cfarm-users
