In order to comply with EU protection of private life (GDPR) / security while keeping on selecting the best throughput, would it be possible to have (apart from World) one more area that would be European Union (i-e restricted to EU list of countries) in the list of countries for the servers from which we download Manjaro Linux / PAMAC servers ?
How about using
pamac-mirrors to select mirrors by country or region?
How (and why) would using a mirror outside of the EU alter the safety and how (and why) would it not comply with … this?
Thanks for the link. As far as i see there is nothing done for GDPR legal compliance except selecting countries manually.
But as Nachlese said, how is downloading files through a mirror breaking GDPR? How is it not compliant?
Just to give a simple example : if you are a professional in the public sector working from your notebook, it may be useful not to have your IP connecting anywhere. Having just a “European Union” area defined is a simple way to avoid problems.
Do you think this is how GDPR works?
AFAIK mirrors already comply with GDPR as they do not collect nor process any personal data.
If you want the full text, here it is : https://gdpr-info.eu/
More seriously is it not just about privacy but avoiding exposing data outside of European Union. I suppose by the way that Manjaro Germany already knows about it as Germans are very strict on such matters. My initial post was just about simplifying it on user side as i didn’t see any European Union selection in the list of countries.
Moreover in those times it is a sales argument too, especially in the public sector … knowing that the GAFAM are having complicated times with their cloud solutions because of it since lawyers from Netherlands pointed out that even if cloud solutions are in Europe, if done by GAFAM they fall under US law …
well - @omano asked
and I before put a rather specific question - to you
You expect me to prove me wrong? You expect me to go read 100 pages of law to answer myself when you’re the one requesting legal conformity you claim there is not?
FYI the World option is actually for a worldwide CDN. There is currently no available equivalent limited to Europe.
A quick search if it can give you some replies about GDPR, security, data protection etc. knowing that the main problem that has been pointed out by lawyers in Netherland is about cloud servers using US technology Data protection and privacy in Netherlands - Lexology
but in the same way you can imagine that Ukrainians certainly don’t use Russian servers those times …
… sadly, that is not an answer to the question(s)
Essentially, you seem worried for whatever reason
and want to “do something” but don’t even know why it would be necessary or a problem.
Erm… in which way would a mirror server collect your personal data according to the GDPR? Isn’t it all about regulations about personal data ONLY? Does even the forum collect personal data?
I already answered then in first post, you can already do that, as we say RTFM at some point, I didn’t post the link for nothing Pacman-mirrors - Manjaro
PS: still, I don’t see how downloading an update package from a mirror is against GDPR.
PS2: also, if you’re concerned about your IP pinging the mirror, then use a VPN or something I don’t know, seems like a “you” problem. I’m pretty sure Manjaro is GDPR compliant. I’m actually fairly positive on that.
//EDIT: @philm (sorry for pinging you ), as the head of the project, maybe you can confirm or not what has been said in the thread for official clarification?
It makes no sense to create an entity for sole purpose of being political correct.
This is not a case unique to Manjaro but applies to all Linux distributions.
Mirrors are run by 3rd party and as such Manjaro has no say in how the mirror is operated.
Any individual or company can setup a mirror and sync the repo.
When the said entity open an issue with WEB / repo.manjaro.org · GitLab the mirror is added to official pool of mirrors.
The mirror provides a copy of Manjaro’s repository of signed packages - packages which are produced by various entities around the world - entities whoms sourcecode - for the majority - has been built and packaged by Arch Linux.
Those packages may or may not comply with GDPR as they may originate from anywhere and therefore it is the end user which must ensure that the usage of such packages are within the users acceptable parameters.
It is also possible to create a custom mirror pool thus restricting from which locations packages are fetched - for a european user the following command will provide a list of mirrors located within the geographical entity called Europe which can be selected by the user
sudo pacman-mirrors --continent ---interactive
I think you misunderstand how the “Worldwide”, or “Global” as it’s actually called, entry works.
Worldwide is all mirrors. There is no filtering, it’s just all of them.
Global is the CDN77 entry, which is a CDN that has mirrors all over the world too.
Why is it an issue for you to just choose your country?
PS: As far as I know, GDPR is only an issue when a server pulls information from you, not when you pull information (packages) from a server, so I don’t really see the issue here.
Sure, the servers know your IP address, to send the packages to you, but all websites in the world does the same to present you a page.
Mirrors can be selected by country using
--country option with specific named countries
--continent to limit search to Europe
I object to suggestion that mirror selection use a mutable political union. Manjaro should remain politically neutral
there is nothing done for GDPR legal compliance
If the mirrors do not collect or process personal data they would be exempt from GDPR and there is nothing to do
A script reducing the mirror list to European Union countries
#! /bin/zsh echo Set pacman to mirrors in EU + fastrack and sync echo . echo 22-0930 Those EU countries not in mirror list = Croatia, Cyprus, Ireland, Latvia, Lithuania, Luxembourg, Malta, Romania, Slovakia, Slovenia echo . echo Full EU members list: https://en.wikipedia.org/wiki/Member_state_of_the_European_Union#Membership echo Full mirrors list: pacman-mirrors -l echo . read -s -k $'?Press any key to continue or Ctl-C to stop.\n' echo . sudo pacman-mirrors -c Austria Belgium Bulgaria Czechia Denmark Estonia Finland France Germany Greece Hungary Italy Netherlands Poland Portugal Spain Sweden sudo pacman-mirrors -f 5 sudo pacman -Syyu