Our default policy is to keep generic RPC server logs for O(weeks). It's best practice as we log a lot of structured data that can be large -- especially at our QPS. Furthermore, we have data retention timelines to keep.

>Our default policy is to keep generic RPC server logs for O(weeks).

Out of curiosity, when was this policy adopted? After these security holes were discovered?

Doesn't the statement "That means we cannot confirm which users were impacted by this bug" indicate it was adopted before the hole was discovered?