Secure shell (ssh) server

The ssh server is used for authenticated read and write access to repository group accounts.

It keeps records of successful and unsuccessful login attempts. These are kept for between four and five weeks and contain:

  • IP address of connecting client
  • Account that was accessed
  • Time of connection and disconnection

Any actions performed during a successful login are logged in the particular repository group account that the user accessed. These logs are kept indefinitely.

Repository group account managers are responsible for and have ultimate control over the contents of their repositories.

Anonymous git daemon

The git daemon provides unauthenticated read-only access to public repositories.

It keeps records of requests. These are kept for between four and five weeks and contain:

  • IP address of connecting client
  • Repository that was accessed
  • Time of request

Web server

The web server provides documentation, and read-only access to public and private repositories.

It keeps standard Apache logs, recording the details of every HTTP[S] interaction as listed below. These logs are deleted after 14 days. Beyond that point only anonymous statistical data is kept for reporting purposes. We may keep log files for a longer period for the purposes of assisting with an investigation.

Details stored in the standard Apache log files:

  • IP address of connecting client
  • Time stamp
  • Authenticated user id
  • Request made
  • Server's response code and number of bytes returned
  • The "user agent" string identifying the make of client

Raven

Web access to private repositories is authenticated, and the Raven privacy policy applies to those parts of this site.

Cookies are used only for Raven authentication.