Does not-logged-in access to savannah satisfy
https://www.eff.org/policy?
I note that that is their policy for themselves, essentially their own
instantation of their best practices recommendations at
https://www.eff.org/wp/osp.
If not, how does it fall short?
Savannah does not use "cryptolog" or anything else to encrypt the logs
or obfuscate IP addresses hitting Savannah services.
We also don't remove log data after 7 days.
Everything else looks effectively the same.
(Unless lots of work has been done, this is true of www.gnu.org,
www.fsf.org, ftp.gnu.org, and everything else too ...)
karl
