XSF Discussion - 2018-12-13


  1. Zash

    Hm, memberbot doesn't tell me what I'm voting for

  2. Zash

    Huh, xhtmlim bug?

  3. ralphm

    Worked fine for me (Conversations).

  4. Zash

    Not a client issue it seems

  5. Zash

    It's sending <b> and <i>. Those aren't allowed per https://xmpp.org/extensions/xep-0071.html#def-text

  6. jonas’

    that should only lead to them not having any effect

  7. jonas’

    I think?

  8. jonas’

    unsupported tags should be replaced with their content

  9. ralphm

    Yes

  10. Zash

    I can't do that.

  11. ralphm

    Huh?

  12. ralphm

    That's the most basic of HTML handling

  13. jonas’

    although I’d argue that disallowed tags ≠ unsupported tags and disallowed tags should be dropped altogether. however, I’d go with replace with content even for disallowed.

  14. ralphm

    Ignore what you don't know

  15. ralphm

    Right

  16. Zash

    No, I'm saying that my sanitizing code can't do that.

  17. jonas’

    although one could argue that disallowed tags ≠ unsupported tags and disallowed tags should be dropped altogether. however, I’d go with replace with content even for disallowed.

  18. Zash

    It's not possible to replace tags with text.

  19. Zash

    It must replace tags with tags or nothing.

  20. ralphm

    So you found two bugs

  21. Zash

    Now, the real question is: Where does the plain text <body> go?

  22. jonas’

    Zash, it’s even worse, you need to be able to replace tags with mixed content

  23. jonas’

    if you get sent <p>something <b>foo<i>bar</i>baz</b> something</p>, the result should be <p>something foobarbaz something</p> (assuming p is allowed)

  24. ralphm

    If a client supports XHTML-IM, it will ignore the body

  25. Zash

    But there was no <body>

  26. Zash

    or a message at all

  27. Zash

    I only received the "Approve (yes/no)" messages and I don't see where the others went

  28. ralphm

    I'd check out the bot and try out. I'd be surprised if it didn't send body

  29. Zash

    Lookl like Link Mauve already noticed this and https://github.com/linkmauve/memberbot/commit/4f539b8571c48f84129c284517f6bb692352247e

  30. ralphm

    Also note the body

  31. Zash

    Sure, but I didn't receive those at all for some reason

  32. Zash

    So either my firewall ate them or my XHTML-IM filter ate them

  33. jonas’

    tasty

  34. dwd

    Afternoon, all.

  35. ralphm

    hi dwd

  36. ralphm set the topic to

    XSF Board Meeting | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

  37. ralphm bangs gavel

  38. ralphm

    0. Welcome + Agenda

  39. ralphm

    Welcome!

  40. ralphm

    Who do we have?

  41. nyco

    Hey

  42. Guus

    hi

  43. ralphm

    dwd asked us to discuss Compliance Suites, so there might be some Council members around to join for that item.

  44. Seve

    Hello :)

  45. dwd

    All things are possible.

  46. ralphm

    MattJ?

  47. Guus

    You can summon MattJ by mentioning him...

  48. dwd

    Ge0rG and Link Mauve?

  49. Guus

    normally

  50. dwd

    Guus, You have to say MattJ three times in front of a mirror, I think.

  51. Guus

    My name has a similar, but different effect: the mirror breaks.

  52. ralphm

    Mirror, mirror, who's the luast of all?

  53. dwd is on minutes, by the way.

  54. Guus

    thanks

  55. Seve

    dwd, thank you very much

  56. ralphm

    1. Appointment of officers

  57. ralphm

    Alex has agreed to serve for another year as Secretary. I motion we reconfirm Alex Gnauck as our Secretary.

  58. Ge0rG is there for purposes of the Compliance Suite

  59. Guus

    +1

  60. Guus

    (you're here for many purposes, Ge0rG )

  61. Seve

    +1

  62. nyco

    +1

  63. ralphm

    Yay!

  64. ralphm

    Peter has agreed to serve for another year as Treasurer. I motion we reconfirm Peter Saint-André as our Treasurer.

  65. Guus

    +1

  66. Seve

    +1

  67. ralphm

    nyco?

  68. ralphm

    Since we already have 3 votes, I'll say Yay again.

  69. Guus

    Thank you, Alex and Peter, for putting in the effort once again. Appreciated!

  70. ralphm

    Missing votes to follow

  71. ralphm

    On our Executive Director, Peter mentioned he didn't have time last week, but could this week. I haven't picked up on that, yet.

  72. nyco

    +1

  73. ralphm

    (thanks nyco)

  74. Guus

    (do we need the missing votes to confirm them? We have quorum, don't we?)

  75. nyco

    sorry

  76. ralphm

    Guus: we don't but I think it is nice if we have votes from all Directors.

  77. Seve

    I agree

  78. ralphm

    And chiming in with Guus thanking Peter and Alex.

  79. Seve as well

  80. ralphm

    2. Compliance Suites

  81. MattJ

    Hey

  82. nyco

    ho

  83. MattJ

    Sorry, here now

  84. Guus

    (wow, sloooow mirror!)

  85. ralphm

    Hi MattJ, feel free to put in your votes.

  86. ralphm

    Meanwhile, dwd: go!

  87. MattJ

    +1 to Alex for Secretary, +1 to Peter for Teasurer

  88. ralphm

    dwd?

  89. dwd

    Oh, sorry - Ge0rG would be best to lead here.

  90. nyco

    I'll have to leave at 16:00

  91. Ge0rG

    We had a discussion in Council regarding what form Compliance Suites should take, but I'm not even sure what we wanted to escalate to Board

  92. nyco

    naming?

  93. dwd

    TThe thing to escalate was in terms of using them as a marketing tool, perhaps filtering the software the XSF lists, etc.

  94. nyco

    "XMPP 2019"?

  95. Ge0rG

    Ah, so compliant software. Yeah.

  96. Guus

    I don't think council needs board to approve naming?

  97. nyco

    please define "marketing tool"

  98. Guus

    I don't think council needs board to approve naming (of XEPs)?

  99. nyco

    agree with that, naming can be left to the Council

  100. Ge0rG

    We had a discussion about badges some years ago. So that compliant software can be marked as such with nifty labels

  101. ralphm

    Guus: some, most are Council's business

  102. Ge0rG

    I think the current technical form of CS is appropriate, if we can have a prominent link on the top of the XEP list

  103. dwd

    nyco, Well, that's it, isn't it? The Council merely noted that we don'tt do much as an organisation with the compliance suites - what marketing could we do with them?

  104. nyco

    badges can be cool, very visual, understandable in one eye shot, impactful I like that idea

  105. ralphm

    Badges comes up every time Compliance Suites are discussed

  106. jonas’ wants to enqueue himself for the Any Other Business section of the board meeting

  107. ralphm

    The problem is that someone needs to check, right?

  108. Ge0rG

    nyco: that opens the question of whether badges will be issued by XSF after some formal/automatic verification, or if everybody can just assign them on their own

  109. Ge0rG

    and what kind of abuse management mechanism we have then

  110. MattJ

    This same conversation :)

  111. MattJ

    There is no way we can verify who complies and who doesn't, so either the badges are free for everyone or we shouldn't have them

  112. jonas’

    just like with trademarks, spot an infringement and sue them?

  113. nyco

    yep, qualification, certification, etc.

  114. jonas’

    (of course, we can’t do that because manpower)

  115. MattJ

    I'd be totally fine with prominent links to the compliance suites, and treating them purely as guidance for developers

  116. ralphm

    I don't feel like being in the business of certifying

  117. Ge0rG

    "business" is a rather correct analogy, I fear

  118. dwd

    Sure, but we can also let people self-certify and pull this from them if they are clearly taking the piss.

  119. Ge0rG

    So what can we do, short of a certification business, to promote XMPP 2019?

  120. nyco

    I like this: https://www.coreinfrastructure.org/programs/badge-program/

  121. ralphm

    If someone claims their software complies with the suite, and they don't, well, let the intarntubes' scorn be on them.

  122. nyco

    it's declarative, but promote good/best practices

  123. MattJ

    dwd, "clearly" is still subjective, unfortunately

  124. Guus

    I think we, as the XSF should pace ourselves a bit here.

  125. nyco

    "intarntubes" 😉

  126. dwd

    Perhaps. But given that if people don't even claim a free thing, then that's a valuable signal in itself...

  127. Guus

    I'd not object to run some sort of compliance checker in our domain, akin to what we do with xmpp.net (of which the state is itself somehwat unclear)

  128. Ge0rG

    xmpp.net is broken, not unclear ;)

  129. jonas’

    although at the moment the only thing broken is the DNSSEC verification

  130. jonas’

    which means that SRV records are not honoured for 99% of services

  131. ralphm

    And also not an XSF effort

  132. Guus

    Ge0rG part of the reason why it remains broken is that we don't know who's responsible, I thik.

  133. jonas’

    MattJ did a lot of good work on it.

  134. Ge0rG

    Guus: I think it's because the intersection of people who have the knowledge, the time and the power to fix is is empty.

  135. MattJ

    I have some time, I've put some work into it, fixed some stuff, but it still needs a little bit more - I'll get to it soon (but probably not before next week)

  136. Kev

    Isn't it mostly that it's abandoned upstream?

  137. nyco

    so the intersection of people who have the knowledge, the time and the power to do badges is empty as well?

  138. ralphm

    I'd be ok with someone designing an official badge, and letting people use that when they feel like they should show it.

  139. MattJ

    Kev, I've forked the repo and am fixing stuff, so happy to be the new upstream

  140. ralphm

    I'd have to be convinced to have compliance testing itself be an XSF activity

  141. MattJ

    ralphm, +1

  142. nyco

    let's ask lead devs: if they were badges, would you use them?

  143. MattJ

    Yes, probably

  144. Kev

    I doubt it.

  145. Ge0rG

    ralphm: it would probably make sense to have badges according to the compliance suite blocks, i.e. "core|advanced" "web|im|mobile" "client|server"

  146. Guus

    Ralph, I think that making the tools to do the checking available, could be an XSF activity

  147. ralphm

    Ge0rG: sure

  148. Ge0rG

    ralphm: it would probably make sense to have badges according to the compliance suite blocks, i.e. "core|advanced" "web|im|mobile" "client|server" *2019*

  149. dwd

    My advice to the Board would be: Make the badges, and if they're useless, drop them.

  150. MattJ

    Guus, no, the checking is next to impossible I'm afraid

  151. Guus

    But I'm not in favor of us doing the checking / publishing it, etc, other than to the extend what xmpp.net does for anyone that uses the tool.

  152. Ge0rG

    I'd use badges, except my client doesn't qualify because I don't consider Avatars a must-have.

  153. ralphm

    Guus: I think that building such tools is ambitious project

  154. ralphm

    an

  155. MattJ

    I stick to "impossible" :)

  156. Ge0rG

    large parts of CS can't be usefully tested automatically.

  157. Guus

    ralphm , I"m not saying 'build it'

  158. Guus

    I'm suggesting: host one, if someone builds it.

  159. ralphm

    MattJ: I'm a positive guy :-D

  160. Ge0rG

    But it would be awesome to have a client/server test suite that I could run my code against.

  161. nyco

    we can "test"/"validate" appetite for badges, with only a small prototype

  162. MattJ

    compliance.conversations.im is a good example. It's a great tool, but anyone could easily pass 100% by cheating

  163. ralphm

    Guus: oh, I mistook 'making' for 'building', then.

  164. dwd

    nyco, Right. You don't even need a checker. Maybe people won't take the piss.

  165. ralphm

    Let's do this, as dwd also mentioned, ask if someone would like to design such badges.

  166. MattJ

    +1

  167. Ge0rG

    I'd say developers should be allowed to use the badge on their own, with a way for users to complain and the XSF to revoke badges.

  168. Seve

    I'm not sure about this. Badges should be something you can trust. And nobody is going to endorse those, from what I understand.

  169. Guus

    but, to address dwd's suggestion: I don't see anything wrong with linking a set of badges to the compliance suite xeps

  170. nyco

    maybe we should not start with the design, which is costly

  171. ralphm

    Then, if we have such a person, they can work with Council regarding what they should include.

  172. MattJ

    nyco, it may be possible to find someone willing to donate time

  173. ralphm

    nyco: we've already have had the Suites themselves. I don't see people putting the text around their clients, so a badge is then what we can do. If we don't start with design, what then?

  174. nyco

    for example, instead instead of an automated testing system, we can start with a crowdsourced testing system

  175. Ge0rG

    yeah, we shouldn't start out with tasking a commercial designer, rather ask for volunteers

  176. ralphm

    nyco: while I am not against that idea, I don't think it should be an XSF activity.

  177. ralphm

    And I didn't mention paying for a design.

  178. nyco

    16:01

  179. nyco

    "costly" does not forcefully mean "money", can mean time, effort, delay...

  180. dwd is now in another meeting, and will catch up with Minutes later...

  181. MattJ

    If we don't have anyone in the community, there are people I'd be happy to reach out to

  182. ralphm

    So far I've seen two +1 (me and MattJ) and one +0 (Guus).

  183. ralphm

    What do we do?

  184. Guus

    for what: create a batch?

  185. Ge0rG

    I think the Board should decide whether such implementation badges should be hosted on xmpp.org or if they can be hosted by the respective implementations.

  186. ralphm

    Ge0rG: I'd be ok with hosting it themselves, and adding to our lists when they do

  187. Ge0rG

    And then whether Badges are assigned explicitly by the XSF, or whether implementations can claim a badge and we have a way to retract that.

  188. Guus

    ralphm, "adding to our lists" <-- what do you mean, exactly, with that?

  189. ralphm

    Ge0rG: I am not in favor of assigning them explicitly

  190. MattJ

    I'd like them to still be within the control of the XSF, and enforce some basic constraints on their use... like linking them to a specific place

  191. ralphm

    Guus: https://xmpp.org/software/

  192. Ge0rG

    Something like: "Developers are allowed to display the respective badge if they are in good belief that their implementation complies with the respective part of CS. This can be disputed by users, upon which the XSF may retract this right from a developer"

  193. nyco

    if Compliances Suites are a responsibility/duty of the XSF, I see badges as the same

  194. ralphm

    MattJ: like we had with Jabber Powered?

  195. MattJ

    Yes

  196. Ge0rG

    The list that contains Pidgin as an endorsed XMPP client.

  197. MattJ

    Yes

  198. Guus

    I'm not in favor of adding badges to our lists of software. I am +1 of having badges created that can be used freely by others.

  199. ralphm

    I like that

  200. Ge0rG

    Guus: "freely" is too free for me, personally.

  201. Guus

    Ge0rG we won't be able to enforce anything anyway

  202. nyco

    I'm gone, sorry

  203. Guus

    Thanks nyco

  204. ralphm

    Guus: my idea was that a project wants to, when they register their software, we could include a way to say if they want to carry the badge in their entry. It wouldn't be an endorsement.

  205. Ge0rG

    Guus: we will be if badges are only shown on the XSF pages ;)

  206. Guus

    badges can very easily be copied.

  207. Ge0rG

    Using a trademark on the badges will allow control over how they may be used.

  208. ralphm

    Guus: we would if the XSF retains the rights on the badge and have a policy.

  209. Ge0rG

    We don't need hundreds of pages of legalese for that.

  210. Ge0rG

    But e.g. the Bluetooth logo is managed in that way.

  211. Guus

    ralphm I'm pretty sure that people we don't want to use the badge, won't care about our policy.

  212. Guus

    They'd simply use it in their software / download page, whatever.

  213. Kev

    I think the XSF being in a position to revoke would be a painful thing for us.

  214. Kev

    We /know/ that people tend to ... exaggerate compliance with things.

  215. Ge0rG

    Kev: what's your alternative suggestion?

  216. ralphm

    Guus: let scorn be on them

  217. Ge0rG

    Guus: having the legal right to enforce doesn't mean making use of that right.

  218. jonas’

    don’t you lose trademark rights if you don’t enforce them?

  219. Guus

    ralphm exactly - which is why I'm fine with _having badges_ to be used by others. I'm against us assigning specific badges to specific projects though (on our site)

  220. Kev

    It does unless you want it to be useless.

  221. Seve

    I don't see the point of the badges if we cannot make people trust the badges.

  222. Kev

    If you want badges (and I'm not convinced they're adding any value at all, but whatever), I think the best you can hope for is the same as claiming compliance at the moment. It's a claim.

  223. Ge0rG

    I see the point, but there are really only three options here: 1. explicitly white-list badge-bearers (can be still worked around) 2. have a policy for self-assessment and retraction 3. allow everyone to claim everything and ignore violations

  224. Seve

    Unless the badges are just for guidance and we don't endorse it officially

  225. ralphm

    https://web.archive.org/web/20060307012614/http://jabberpowered.org:80/

  226. Kev

    But it's not clear to me what problem the badges are solving, either.

  227. Guus

    if someone wants to fly a banner, claiming compliancy with a certain XEP, I'd be OK for us to provide a uniform design to that. I want to prevent us from listing things as 'compliant' though.

  228. ralphm

    I suggest everybody here has a look at that, think about whether we want something like it for badges and continue this discussion next week.

  229. ralphm

    Guus: I can see that

  230. Kev

    Guus: Which is exactly the state at the moment with saying you support CS2018, I think.

  231. Guus

    before we hammer off - @jonas' had an AOB.

  232. Guus

    Kev, exactly, but with a fancy colorful badge.

  233. Guus

    (which might add a uniform way of recognizing things, at best)

  234. jonas’

    is this intended to have Approving Body Council? https://xmpp.org/extensions/xep-0381.html

  235. jonas’

    it doesn’t make sense to me, but maybe that’s just me

  236. ralphm

    3. AOB

  237. Ge0rG

    > and will not alter the official Logo in any way, including its size 🤔

  238. ralphm

    Ge0rG: we can modify all the terms, it just something we did before, and might be a good start for the rest of the discussion

  239. Guus

    @jonas' at first glance, I think you're right. Council does not approve SIGs.

  240. Guus

    jonas' at first glance, I think you're right. Council does not approve SIGs.

  241. ralphm

    jonas’: agreed, Board should be the approving body

  242. jonas’

    suggestion: I change the approving body to board and re-issue the LC

  243. ralphm

    Given this has been in the queue for two years, I'm not sure if it still makes sense

  244. Ge0rG

    ralphm: I really like it

  245. ralphm

    jonas’: ok

  246. jonas’

    the LC might be a good way to figure it out -- and to move it to rejected if not needed.

  247. ralphm

    indeed

  248. Guus

    jonas’ : agreed.

  249. ralphm

    And whether its authors still want it

  250. ralphm

    Anything else?

  251. ralphm

    4. Date of Next

  252. ralphm

    +1W

  253. ralphm

    5. Close

  254. ralphm

    Thanks all!

  255. Guus

    do we need a formal third +1 for Jonas' question?

  256. ralphm bangs gavel

  257. ralphm

    Guus: I don't think so. Clearly a typo

  258. Seve

    Thank you very much everybody :)

  259. ralphm

    And we just missed it on our radar. Also nobody asked about it.

  260. ralphm set the topic to

    XSF Discussion | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

  261. Guus

    I don't think it works that way, even if it's a typo, but, fine. 🙂

  262. ralphm

    Guus: well, Council cannot approve SIGs

  263. ralphm

    so...

  264. Guus

    that's true

  265. ralphm

    So the logical conclusion is that we are the approving body

  266. ralphm

    It just popped up on the radar because Council has been listing all the open LCs

  267. jonas’

    s/Council/Editor/, but yeah

  268. ralphm

    I stand corrected

  269. jonas’

    need to re-issue them for this term

  270. ralphm

    aye

  271. Guus

    MattJ : thanks for taking over the upstream stuff for xmpp.net - would you mind putting it all in one place?

  272. Guus

    meaning: clone everything, even if you didn't modify it yet, in one account under either github or bitbucket (or whatever)?

  273. Guus

    It's somewhat confusing (to me) to figure out what part of the software lives where, and who's maintaining it. I'd love to have one account where this all is listed.

  274. Guus

    I'd not be against creating an xmpp.net github repo, just for this, outside of XSF control.

  275. Guus

    (my board hat was off, there)

  276. Guus

    Also, feel free to add me to any such org.

  277. Ge0rG

    I've heard there is an org called JabberSPAM now.

  278. Ge0rG

    Oh, I think that org would actually need an XSF seal of approval.

  279. jonas’

    JabberSPAM?

  280. jonas’

    certainly for TM use

  281. Guus

    We'll get you the T-Shirt, Ge0rG

  282. Guus

    when its approved, obviously.

  283. ralphm

    Ge0rG: can you send an email to Board about this?

  284. jonas’

    trademark@

  285. ralphm

    Because indeed, that might be a TM issue

  286. ralphm

    jonas’: that, too, yes

  287. jonas’

    trademark@jabber.org is the official address for TM issues AFAIK

  288. ralphm

    jonas’: I also wanted Board, because Peter isn't our ED anymore, and I'm unsure who's handling this now

  289. jonas’

    I see

  290. Ge0rG

    We need to fix https://xmpp.org/about/xsf/jabber-trademark/license-decision-process.html then

  291. ralphm

    I'll include this in the chat with Peter

  292. Ge0rG

    ralphm: AFAIR, board@ is moderators-only

  293. ralphm

    Good point

  294. Ge0rG

    eh, members-only

  295. Ge0rG

    So there is no way to contact Board.

  296. Ge0rG

    ralphm: also mention his comment on https://github.com/xsf/xmpp.org/pull/200

  297. ralphm

    Just send it to that address and me. There's also info@xmpp.org, but that's probably also Peter, so we need to figure that out.

  298. ralphm

    Since he's still an officer of the corporation, I'm sure it is fine

  299. Ge0rG

    ralphm: sent to info@ and to you

  300. lnj

    Is here someone who could create me an account on the wiki?

  301. Ge0rG

    lnj: yeah

  302. lnj

    Ge0rG, Could you create one for me or how does that work?

  303. Ge0rG

    lnj: I need your email address and the desired CamelCase username.

  304. Ge0rG

    lnj: via PM is alright

  305. lnj

    ... wait a sec .. need to start gajim for pms

  306. Ge0rG

    lnj: xmpp:georg@yax.im if that's better

  307. Guus

    assuming that your email address is the first thing that you'll post on the public wiki, maybe a PM isn't that important?

  308. jonas’

    Kev, nudge nudge https://github.com/xsf/xeps/pull/718

  309. Kev

    I don't think I was aware of that, let me mail myself.

  310. Neustradamus

    Jabberspam -> Safety Jabber, you can search on ML

  311. Neustradamus

    https://safetyjabber.com/ https://android.safetyjabber.com https://sj.ms/ https://safetyapps.zone/sjim.html http://safetyjabbercom.blogspot.com/ https://sjsoftwaredev.com/sj-im/ ...

  312. Ge0rG

    Neustradamus: I can't even...

  313. ralphm

    Uhm https://safetyjabber.com/trademarks.php

  314. genofire

    Neustradamus: Skype usw PGP ? 🤣

  315. Ge0rG

    ralphm: it's an interesting question whether you can enforce trademark on a substring.

  316. ralphm

    I'm sure that Cisco has ways

  317. moparisthebest

    Ge0rG, write a new RDBMS named SafetyOracleDatabase and let us know how it goes :)