Nobody would have said this a year ago. How are people getting so swept up in this privacy zeitgeist that they think web admins keeping logs is horrendous?
At my company doing this would be in complete violation of our data retention policy (not GPDR related). Where are companies running production services without handling logging of sensitive information? Regulation or not that kind of data is a huge liability for our legal department.
I know! Just imagine...your (likely dynamic) IP address exists in forgotten log files all over the web. The horror!
One of the most annoying things about the GDPR fandom is the black and white nature it seems to inevitably take. If your log files store IP addresses, you're clearly evil and shady and are violating human rights, just as bad as if you're recording people's conversations at home with the intent to deprive them of insurance or publish their sexual histories or whatever.
What possible "horrendous" harm is there from apache's default config storing IP addresses? Can you give me an actual harm that has befallen someone as a result of this that isn't some freak one-in-a-billion example?
you can log ip adresses. keeping them forever is bad.
It means that any future government, no matter how evil it is, could query your log and know precisely what I am doing on the internet right now. I might not want that.