| 27 Oct 2025 |
 Vladimír Čunát | So far. | 17:19:41 |
 emily | another consideration is that with Transmission 4 it starts logging things like
source-salted-fym81xbq7b5j> [2025-10-27 17:23:14.340] Sintel: [66.56.81.6]:32243 [qBittorrent 5.1.0]: got unrequested piece 364:49152->16384
| 17:28:37 |
| emily | I am not sure what the GDPR implications of temporarily recording the IP addresses of torrent swarm peers in public Hydra logs are | 17:28:57 |
| emily | I'd guess that publicly announcing your IP to serve data to anyone who asks via a tracker means that your IP is no longer personal information | 17:29:22 |
| emily | but I am not a lawyer… | 17:29:29 |
| emily | anyway, if there is a strong feeling about not running these on Hydra I can adjust it in my drop PR | 17:37:02 |
| emily | otherwise I'll leave the status quo | 17:37:05 |
| emily | fwiw, I assume that a postFetch could turn these into zero-byte FODs | 17:37:45 |
| emily | although of course it would still be downloading Sintel like 6 times per platform on every staging-next, just not pushing it to cache | 17:38:04 |
| Vladimír Čunát | With FOD you have a problem to force rebuilds. | 17:51:56 |
| Vladimír Čunát | Normally FODs don't get rebuilt. | 17:52:05 |
| Vladimír Čunát | i.e. it wouldn't be testing anything beyond a single attempt. Not even on stdenv rebuilds, basically never. | 17:52:45 |
 tgerbet | In reply to @emilazy:matrix.org
I'd guess that publicly announcing your IP to serve data to anyone who asks via a tracker means that your IP is no longer personal information Not really you still need explicit consent to process/expose the information.
We have had a case a few years ago in France that ended up at the CJEU. The processing of the IP addresses have been accepted for this specific case but only because it was the only way for rightholders to detect/report infringements.
It might be OK for the Hydra use case but it is likely not something we want to test in court 😅
https://torrentfreak.com/disclosure-of-pirates-identities-compatible-with-eu-privacy-laws-230929/ | 17:57:24 |
| emily | do you need consent to publish google.com's IP? | 17:57:39 |
| emily | it's offered in a public database (DNS) to the general public in order for people to access services from it | 17:57:51 |
| emily | someone participating in a public torrent swarm is asking a public database (torrent tracker) to offer their IP to the general public in order for people to access services (downloading chunks / peer exchange / …) from it | 17:58:21 |
| emily | (of course, whether people realize that clicking download is essentially volunteering to act as a public internet server is another matter, which I can imagine the GDPR caring about…) | 17:58:51 |
| tgerbet | Google is not a natural person and even if you can consider that consent was given to the torrent tracker, it does not extend to the other parties that might process the information (collection is considered a processing)
And yes I agree the whole thing is weird for P2P context | 18:21:36 |
| emily | then I guess we should hydraPlatforms = [ ]; it? though that won't stop people using it in packages. | 18:31:52 |
| emily | AFAICT it would require turning down the log level all the way to not showing any warnings or info messages at all to get rid of the IP logging. | 18:32:12 |
 toonn | IP addresses can be personal data, but if they cannot be traced back to a specific natural person then it's not personal data. | 18:55:01 |
| toonn | If it's only timestamps and IPs I doubt that would count as personal data. | 18:55:19 |
| toonn | Other factors that come into this are whether the treatment is reasonable. Logging IPs every hour for years doesn't seem reasonable. A log every couple days for a month or so seems pretty reasonable. | 18:56:18 |
| emily | I'll leave the decision about how to handle it to others I think | 19:41:47 |
| emily | since it's not totally obvious to me if we want hydraPlatforms = [ ] or a config.inHydra throw or a postFetch making the FOD not big or making sure we don't have IPs in the logs or what | 19:42:37 |
| toonn | My vote is for none of those, it doesn't matter. At least IP logging-wise. Caching Sintel over and over on Hydra is different consideration. | 19:44:16 |
| emily | yeah I meant in terms of cache use too | 20:48:58 |
|  ➡️@amadaluzia:unredacted.org joined the room. | 23:56:29 |
| 28 Oct 2025 |
 Mic92 | hexa (signing key rotation when): I would like to test those earlier commits on Wednesday: https://github.com/NixOS/hydra/issues/1535#issuecomment-3438017869 | 05:06:17 |
| Mic92 | * hexa (signing key rotation when): I would like to test those earlier hydra commits on Wednesday: https://github.com/NixOS/hydra/issues/1535#issuecomment-3438017869 | 05:08:06 |
