XMPP Council - 2018-02-07


  1. Dave has left
  2. Lance has joined
  3. SamWhited has joined
  4. SamWhited has joined
  5. Dave has left
  6. Dave has left
  7. SamWhited has joined
  8. SamWhited has joined
  9. Dave has left
  10. vanitasvitae has left
  11. Lance has left
  12. Dave has left
  13. moparisthebest has joined
  14. Dave has left
  15. moparisthebest has joined
  16. moparisthebest has joined
  17. Dave has left
  18. Dave has left
  19. Dave has left
  20. Dave has left
  21. Dave has left
  22. Dave has left
  23. Dave has left
  24. Dave has left
  25. Lance has joined
  26. Dave has left
  27. Lance has left
  28. Lance has joined
  29. Dave has left
  30. Lance has left
  31. genofire has left
  32. Dave has left
  33. SamWhited has left
  34. genofire has left
  35. Dave has left
  36. Dave has left
  37. Lance has joined
  38. Lance has left
  39. Dave has left
  40. Dave has left
  41. Dave has left
  42. Dave has left
  43. Dave has left
  44. Dave has left
  45. Dave has left
  46. Zash has left
  47. Dave has left
  48. Dave has left
  49. Dave has left
  50. Dave has left
  51. Tobias has joined
  52. SamWhited has left
  53. Dave has left
  54. Lance has joined
  55. Lance has left
  56. ralphm has left
  57. Dave has left
  58. ralphm has left
  59. ralphm has left
  60. Dave has left
  61. Dave has left
  62. Dave has left
  63. genofire has left
  64. genofire has left
  65. ralphm has left
  66. ralphm has joined
  67. Dave has left
  68. Dave has left
  69. Dave has left
  70. Dave has left
  71. Dave has left
  72. Dave has left
  73. ralphm has left
  74. Dave has left
  75. Dave has left
  76. ralphm has left
  77. Dave has left
  78. Dave has left
  79. Dave has left
  80. Dave has left
  81. Dave has left
  82. genofire has joined
  83. genofire has joined
  84. Dave has left
  85. Dave has left
  86. Dave has left
  87. Dave has left
  88. ralphm has left
  89. Dave has left
  90. Dave has left
  91. Dave has left
  92. Dave has left
  93. Dave has left
  94. Dave has left
  95. ralphm has left
  96. ralphm has left
  97. Dave has left
  98. Dave has left
  99. Ge0rG has left
  100. Dave has left
  101. Dave has left
  102. moparisthebest has joined
  103. Ge0rG has left
  104. Dave has left
  105. ralphm has joined
  106. moparisthebest has joined
  107. Dave has left
  108. Dave has left
  109. vanitasvitae has left
  110. Dave has left
  111. Dave has left
  112. Dave has left
  113. Dave has left
  114. Dave has left
  115. ralphm has left
  116. moparisthebest has left
  117. moparisthebest has joined
  118. Tobias has left
  119. Dave has left
  120. Dave has left
  121. Dave has left
  122. ralphm has joined
  123. Dave has left
  124. Dave has left
  125. Dave has left
  126. ralphm has left
  127. Dave has left
  128. Dave has left
  129. Dave Updated https://docs.google.com/spreadsheets/d/1AZ-Sna6OiRG--b-mJMKv3XXfrn3Nehm0kAtlyJvImL0/edit to match the agenda sent out, and also note a additional votes from November.
  130. jonasw Dave, are you also tracking editor actions? if so, can you mark them as done?
  131. Dave has left
  132. Dave jonasw, All of them? :-)
  133. jonasw maybe ;-)
  134. jonasw I’d have to check
  135. Dave has left
  136. Dave has left
  137. Dave has left
  138. Dave has left
  139. Dave has left
  140. jonasw sorry, since my work schedule shifted I won’t be able to take minutes anymore :/. the meetings fall in the last part of my work time and/or commute.
  141. Dave has left
  142. Dave has left
  143. Dave has left
  144. ralphm has left
  145. Dave has left
  146. SamWhited has joined
  147. SamWhited has joined
  148. Dave has left
  149. genofire has left
  150. jere has joined
  151. moparisthebest has left
  152. moparisthebest has joined
  153. jere has left
  154. jere has joined
  155. zinid has joined
  156. Dave has left
  157. Dave has left
  158. Ge0rG has left
  159. Ge0rG has joined
  160. Ge0rG has left
  161. Lance has joined
  162. Lance has left
  163. Ge0rG has joined
  164. Ge0rG Hi?
  165. zinid you again?
  166. Ge0rG Sorry, I can go again.
  167. Dave has left
  168. daniel has joined
  169. Dave Afternoon all. Shall we begin?
  170. daniel sure
  171. Dave Oh, do we have anyopne to take minutes?
  172. Dave Hmmm. OK, then. I'll see what I can craft afterwards.
  173. Dave 1) Roll Call
  174. Dave Kev already sent apologies.
  175. Ge0rG .o/
  176. Dave SamWhited, ?
  177. SamWhited Sorry, having computer trouble. Here by phone.
  178. Dave OK.
  179. Dave 2) Advance XEP-0363 to Draft https://xmpp.org/extensions/xep-0363.html
  180. Dave has left
  181. Dave (These first four items are all Last Calls this Council issued and then forgot about until jonasw and SamWhited spotted them and reminded me, sorry!)
  182. Ge0rG I've commented on potential security issues with the quoting of HTTP headers in 363, on list.
  183. Dave Ge0rG, Is that a -1 pending this, then?
  184. Ge0rG I think that a malicious XMPP server _might_ be able to infiltrate a corporate network under some circumstances.
  185. Ge0rG Dave: I suppose so.
  186. Ge0rG Dave: I'm not very confident in my constructed case, but I'd like to have some other experts (Daniel, Sam) have a look at what I fantasized.
  187. Dave Ge0rG, OK - that's fine, by the way, and maybe it's just a case of noting the possibility in the Security Considerations. But if it's a possibility, it should be noted.
  188. Ge0rG And probably just a security note in the XEP ... what you said.
  189. SamWhited Computer issues fixed; here for real now.
  190. Dave daniel, SamWhited - Any vote for advancing XEP-0363?
  191. daniel Ge0rG, i can't say if this is actually a security issue. but i'm ok with mentioning it in the security considerations
  192. daniel +1 (not that it really matters with Ge0rGs -1)
  193. Dave daniel, Means if its fixed it'll go through.
  194. SamWhited I'm +1; I haven't seen Ge0rG's email, but if the gist is just "headers should be escaped properly" it seems like mentioning it in the security considerations is reasonable.
  195. Ge0rG daniel: I'm +1 once my concerns are addressed in the XEP, either by a short Security note or by invalidating my attack vector.
  196. Ge0rG either way, the XEP allows encoding things into HTTP headers which would be forbidden by HTTP.
  197. Dave OK. I'm on-list, FWIW, there's feedback I seem to have forgotten about so I'll review that first.
  198. Zash Ge0rG: https://mail.jabber.org/pipermail/standards/2017-November/033936.html this?
  199. Ge0rG So I think a client MUST sanitize the headers
  200. Dave has left
  201. Ge0rG Zash: yes
  202. Dave So, 3) Advance XEP-0352 to Draft
  203. Dave https://xmpp.org/extensions/xep-0352.html
  204. peter has joined
  205. daniel +1
  206. SamWhited +1
  207. Ge0rG I think it's useful and practical, but I really don't like the weasel-wording in §3.2
  208. Dave I'm +1, noting that Kev has unanswered feedback, so I'm fully expecting him to -1 until that's addressed.
  209. Ge0rG Did the summit provide any insight into better and unified rules for this?
  210. Dave Actually, on second thoughts, I'll do a holding -1 to avoid doubt.
  211. Dave Ge0rG, No, I don't think it did. I'm not convinced that's a bad thing.
  212. Ge0rG I think that CSI goes hand-in-hand with push and message "urgency", and that we should -1 until we have the Big Picture.
  213. SamWhited I really don't think it makes sense to specify what the server does in this case; there are some obvious ones it could do like the ones listed, but this seems very service dependent.
  214. Dave Ge0rG, There's a risk that trying to do the "right" thing ends up back with SIFT, which is a place I'd rather not go.
  215. Dave Ge0rG, So are you -1'ing this one?
  216. Ge0rG +0
  217. Dave Ge0rG, Thanks.
  218. Dave 4) Advance XEP-0234 to Draft
  219. Dave https://xmpp.org/extensions/xep-0234.html
  220. SamWhited +1
  221. daniel -1
  222. Dave daniel, You noted some unaddressed feedback in the Last Call, is that your reasoning?
  223. daniel yes
  224. daniel i was about to write so
  225. Dave daniel, Excellent, thanks.
  226. Dave has left
  227. Dave has left
  228. Ge0rG It's a complex XEP that I haven't implemented yet (and don't intend to). I will re-read and on-list, probably with +0
  229. Dave daniel, I'll assume you'll watch that and vote +1.
  230. Dave 5) Advance XEP-0186 to Draft
  231. Dave https://xmpp.org/extensions/xep-0186.html
  232. Ge0rG +1, though I don't have first-hand experience with it, the XEP looks reasonable.
  233. SamWhited +1
  234. daniel +1
  235. Dave +1
  236. Dave 5) XEP-0198 handling of mismatched h value
  237. Dave https://github.com/xsf/xeps/pull/579
  238. daniel +1
  239. Dave Also see list discussion.
  240. SamWhited Ahh, I saw the list discussion but not the PR
  241. SamWhited +1, this seems reasonable
  242. Dave I'm -1, I think a specific stream error needs to be specified, and the behaviour probably could be SHOULD.
  243. Ge0rG I don't like the specific wording (and there is a typo in it), but I'm +1 for adding this disclaimer
  244. Dave (Which is already feedback to the list)
  245. Dave OK.
  246. Ge0rG Dave: I think your reasons for -1 are very well hidden in your mail.
  247. Dave Ge0rG, I'll spell it out more clearly, then.
  248. Ge0rG Dave: thanks
  249. Dave Ge0rG, FWIW, I decided I'd pull this onto the agenda despite thinking it needed more on the basis that it could be applied quicker.
  250. Dave Ah. I've misnumbered and that was item (6). No wonder I'm confused. So:
  251. Ge0rG Dave: do we need to vote on the exact *wording* of the change or just on its merit?
  252. Dave 7) Post Summit Discussion
  253. Dave Ge0rG, The technical content. (typos are an editorial thing). But specific error etc is something for us.
  254. Dave Anyone got any comments about the Summit? Anything we think we should act on?
  255. Ge0rG I want server operators to sign the Spam Fighting Manifesto.
  256. Ge0rG I don't think either Board or Council can make that happen.
  257. Dave has left
  258. Dave Ge0rG, I agree that's not a Council thing, though Council can make a statement about it if we want?
  259. Dave (But I can note it in the minutes, too).
  260. Ge0rG Dave: what kind of statement could I expect? The only council-relevant thing is the mention of 0157, IIUC
  261. Dave I'd also like to propose a motion that Council thanks the Summit organisers and sponsors.
  262. Ge0rG +1
  263. SamWhited That seems reasonable
  264. Ge0rG It was a very productive time, as far as I can see from my laggy remote position.
  265. Dave Ge0rG, We can make a statement about anything, really. "Oooh, that's a good idea". If we think it is.
  266. Dave daniel, Anything on thanking? (It really is a vote, and I'll conveniently ignore Kev's on-list vote since he's one of the organisers in this instance)
  267. daniel +1
  268. Dave daniel, Ta.
  269. Dave 8) AOB
  270. Dave Anyone?
  271. Dave 9) Next Meeting
  272. Dave +1W?
  273. SamWhited Let's deprecate XHTML-IM. It's on the agenda, but got skipped again, I think
  274. Ge0rG +1W WFM
  275. daniel +1w
  276. SamWhited +1w WFM
  277. Dave SamWhited, Quite. I'll put it - I promise - on next week and I'll write something to the list on this today.
  278. Dave SamWhited, Is that OK by you?
  279. SamWhited I can live with that
  280. Dave has left
  281. Dave SamWhited, Yeah, sorry. Appreciate your patience.
  282. Dave Right, thanks all.
  283. Dave 10) Ite, Meeting Est.
  284. SamWhited Thanks all
  285. Ge0rG Thanks all, thanks Dave
  286. zinid has left
  287. daniel has left
  288. Dave Ge0rG, Link to your Manifesto thing for the minutes?
  289. jonasw Dave, https://gist.github.com/ge0rg/2e4accf6950821ca45f743fdf587c08e
  290. mathieui (I think it should be a proper repo and not a gist, by the way)
  291. jonasw I agree
  292. ralphm has left
  293. Tobias has left
  294. Tobias has joined
  295. Ge0rG mathieui: yes
  296. Ge0rG mathieui: it is not a proper repo because I wanted to get feedback from some server admins before making it public, because changing it once people have signed is a no-go
  297. Ge0rG Dave: well done notes :)
  298. Ge0rG Dave: you have qualified for keeping that job :P
  299. Dave Ge0rG, Hmmm. Doing them every week for Board actually meant I figured out what was useful. Although Laura did try to out-do me by adding colours.
  300. ralphm has joined
  301. Ge0rG Which reminds me to mention my impression from the summit webex that the XSF consists only of white men.
  302. pep. I don't think the XSF is the only place like that unfortunately :(
  303. pep. And I'm just adding to the white male mix
  304. SouL My impression is that the XSF consists of people that want to be part of it.
  305. SouL has left
  306. pep. SouL: just like most others entities/companies with the same issue
  307. ralphm has left
  308. SouL pep., that reminds me when at the university people complained about there were no girls (or just a few) studying computer science, for example. That's why I say that :) You cannot force people into things. It's sad to not have diversity, but that's what happens.
  309. SamWhited That's part of the problem; if you want new people with different backgrounds and different ideas you have to attract them, otherwise the only people who want to be there are the same people who are already there and their friends.
  310. SamWhited It's not about forcing people into things, it's about recruiting outside of the same small circles.
  311. mathieui SouL, you can force people out of things, though
  312. SouL mathieui, completely agree.
  313. mathieui (before the 90s, IT was a really mixed domain)
  314. Ge0rG SamWhited: "people that want to be part of it" and can afford it.
  315. Dave has left
  316. SamWhited Indeed; Ge0rG++, mathieui++
  317. mathieui (also, that probably belongs in xsf@ rather than council@, at least)
  318. Zash Ge0rH, mathieuj ?
  319. Ge0rG there was an interesting (and probably very controversial) article about girls on average being more interested in "people" and boys more in "things", leading to a lower number of females in STEM fields, if no external pressure is applied.
  320. peter I spent a lot of time on hiring and recruiting at my last company, and if you want to hire people other than the kind of people you've already got, you have to put in the effort to make it happen (e.g. not hire friends of current employees, actively search for candidates, etc.). Most people don't put in that effort, with predictable results.
  321. mathieui also, the free software community is already largely a self-perpetuating cycle of nerd stereotypes, which does not help
  322. Dave has left
  323. Ge0rG hey peter!
  324. peter Hey, I'm making a rare appearance here! ;-)
  325. Dave has left
  326. Dave has left
  327. Dave SouL, if the xsf only consists of people who want to be part of it, that means women and non-existent men do not, which is worrying.
  328. Dave Non white was autocorrected weirdly there...
  329. Zash People would also need to know about the XSF
  330. mathieui yea
  331. SouL Dave, indeed. I'm just explaining my (little) experience on this topic.
  332. Dave Zash, or, worse, already do and passed us by.
  333. pep. Zash: yeah I feel that's a bigger issue
  334. peter IMHO it might be easier to change this kind of thing in a company because hiring happens and a hiring manager (as I was) can push for changes. /me shrugs
  335. Zash So, Marketing, the solution to all problems?
  336. pep. Market all the things \o/
  337. Zash The thing where members have to ask to be members, and be voted on, probably produces a ton of bias.
  338. Dave Yup
  339. Dave It's the very definition of self selection
  340. Dave We might advertise that the voting in is largely a formality
  341. peter ^ understatement of the year
  342. pep. Were there ever anybody refused?
  343. peter Yes, but it's rare.
  344. jonasw 17:54:54 Ge0rG> Which reminds me to mention my impression from the summit webex that the XSF consists only of white men. only solution: someone’s gotta get an operation.
  345. pep. What's the incentive for keeping the vote in place
  346. mathieui pep., for one, to enforce the rule about the % of members of a company
  347. mathieui and to prevent some kind of other hostile takeover, I guess, too
  348. pep. You don't need a vote for that to yoy
  349. pep. do you*
  350. pep. (For the company ratio)
  351. mathieui I’m not too knowledgeable about the inner workings and implications of a foundation either
  352. Ge0rG Now official: https://github.com/ge0rg/jabber-spam-fighting-manifesto (will announce on operators@ tomorrow)
  353. mathieui Ge0rG, one question, though
  354. mathieui at jabber.fr we have around a hundred different domains
  355. mathieui how do we specify that?
  356. peter Legally, the XSF is a membership organization. We need some rules about accepting members. Those rules are defined in the Bylaws. Folks are welcome to propose a change to the bylaws.
  357. Dave pep., We've rejected two people in my time. One for refusing to give his/her real name publicly, and one for giving only his real name, claiming we all knew him, and we only knew him by the nickname he had. (That latter was Bear).
  358. ralphm has joined
  359. Tokodomo has joined
  360. peter has left
  361. Tokodomo has left
  362. Ge0rG mathieui: "jabber.fr + 100 domains" maybe?
  363. Ge0rG mathieui: if you have a public list of the domains, link to it from the third field
  364. pep. Dave: we just need rules then, and when people apply for membership we can enforce the rules if applicable, I fail to find an argument for the vote. Maybe to prevent "hostile takeovers" as mathieui but even then..
  365. pep. Or maybe the vote could be the exception
  366. Zash In my experience, anti-takeover is usually implemented by having the board have longer, overlapping terms.
  367. Dave Zash, That would be useful for other reasons. I did wonder about explicitly trying to sort that out, but I've lacked energy to figure out a sane transition.
  368. Zash Yeah, transition rules can be tricky
  369. Flow how to overlapping terms help againsts takeovers?
  370. Zash If you wanna do a take-over, you need to hijack two meetings
  371. SouL I thought accepting people by voting was related to members choosing the Board and Council.
  372. Flow so for the overlapping period both boards have to come to mutual aggreements?
  373. Zash Hm?
  374. Zash It gives you time to figure out their evil plans, and then the members can call an extra meeting and kick the evil people out.
  375. Flow Zash, there is a period were are to boards in place, what if board A decides to do C and board B decided to not do C?
  376. Zash Or something.
  377. Dave Flow, One board, with members with overlapping terms.
  378. Zash Flow: There's one board
  379. Dave Flow, So each election is for half the board.
  380. Flow ahh, got it
  381. Zash Longer terms also allow people to do more long term planning
  382. pep. Hmm, transitions...
  383. Zash I do wonder if longer council terms would help ... with something.
  384. pep. We'd need the same format right? Maybe not longer but rolling term
  385. ralphm has joined
  386. daniel has joined
  387. peter has joined
  388. peter Related to earlier discussion: https://www.w3.org/community/w3c-women/
  389. ralphm has joined
  390. pep. It's not just women really, it's all non-white males, but that's a start
  391. pep. But then if we make a group for them they might complain about segregation :p
  392. peter In my limited experience, this is not something to talk about but something to act on, which is what I did at my last company. I'm no longer in a hiring role, but learned some valuable lessons.
  393. pep. peter: sure. For now we can try to find a way to transition and make new members feel a bit more welcomed. (See propositions above)
  394. peter pep.: that sounds like a good start
  395. pep. This should really have been in xsf@
  396. peter likely so
  397. pep. anybody not ok about me pasting this into the other room?
  398. Syndace has left
  399. Syndace has joined
  400. Syndace has left
  401. Syndace has joined
  402. Dave has left
  403. Dave has left
  404. ralphm has joined
  405. Dave has left
  406. ralphm has left
  407. Dave has left
  408. ralphm has joined
  409. Dave has left
  410. Dave has left
  411. Dave has left
  412. Dave has left
  413. Dave has left
  414. Dave has left
  415. Dave has left
  416. Dave has left
  417. Dave has left
  418. Dave has left
  419. SamWhited has left
  420. Dave has left
  421. peter has left
  422. Dave has left
  423. Dave has left
  424. Dave has left
  425. Dave has left
  426. Dave has left
  427. ralphm has joined
  428. daniel has left
  429. Zash has left
  430. Dave has left
  431. Dave has left
  432. Dave has left
  433. SouL has joined
  434. Dave has left
  435. Dave has left