XMPP Council - 2018-11-07

It looks like we won't get a formal Council Agenda Mail today, so I'd like to put https://github.com/xsf/xeps/issues/717 for a semi-formal opinion poll for today.

It's almost That Time again.

Kev: do you happen to be sufficiently present to chair, in case Dave doesn't appear in time?

Hey dwd!

Kev, SamWhited, daniel: Meeting time?

I'm reasonably convinced I'll have to vanish.

i’m here

But I'm here for now - really shouldn't chair though in case I'm called away. Ge0rG, want to do the honours?

dwd: at your service.

1) Roll Call

looks like we have Daniel, Dave and me, so it might be a quorum until Dave vanishes.

Here. Actually meeting cancelled.

(I think).

2) Lack of Agenda Bashing

oops, sorry, I"m here

We don't have an Agenda, into which I tried to sneak https://github.com/xsf/xeps/issues/717 which failed horribly.

We also don't have on our Agenda a list of expired Council votes that we should recast.

Any other additions?

wait did you create an issue on github instead of just writing to the mailinglist?

i’m confused

daniel: I fead I did, yes. But to my defense, I did write to standards@ half a year ago and didn't get an answer to the important question.

I think Ge0rG was hoping he could create an issue to create an agendum.

> I did write to standards@ half a year ago and didn't get an answer to the important question. but that’s the norm for like 50% of the posts there :-)

My train of thought was: create issue, obtain "needs council" tag, make Dave add it to the agenda, discuss today.

oh yah, if it only needs council then that was probably fine, I might have misunderstood

Then it really is just an issue for the editors (after seeking advise from us)

SamWhited: no, you were right. I violently ignored due process.

ok but lets ignore how it got on the agenda and just pretend it did

I'm not even sure I really want a formal vote on that or just feedback from you folks regarding the change I have in mind.

I can't find XEP-0283, it seems to have been moved.

dwd: unfortunately the new address was lost when it was automatically removed from the roster.

i think a similiar question arised from the muc destroyed thing that has a new jid

So it looks like we have no further items to add to the Agenda and implicitly moved to: 3) https://github.com/xsf/xeps/issues/717

that's in a way the same security question

daniel: the answer there was "tombstones"

But jokes aside, I'd like to see a PR. My gut feeling is that it ought to be possible to satisfy the rationale in §4, while also satisfying automated [re]subscribing.

do i leave the old jid and join the new one

Ge0rG, right yeah. but the question is do i automatically join the new one

which i guess is kinda similiar to do i automatically switch over to the new jid

dwd: to be honest, I don't quite understand the rationale in §4. It looks like a managed environment with auto-approval based on domains? Or is it actually the problem that the receiving client just blindly accepts whatever <moved/> is shoved up to them without checking with the new account?

daniel: right.

Ge0rG, I think basically you're right. A poor implementation which is *too* trusting could certainly be abused. But it feels like limiting trust should give us a reasonable outcome.

IMO, if you prove ownership of old-account and new-account by publishing cross-references on both, it should be enough proof for remote entities to automatically replace your JID

But... I'd like to see a PR. My gut feelings do not constitute advance acceptance. :-)

the only attack vector left is _temporary_ control over an account. But I'd argue that if you take control over my account for a minute, it's compromised anyway

What's the process? The XEP author submitted it in 2010 and I have no idea why it's even in Experimental still.

Do we need to dig up Tory Patnoe?

There are use cases where the new account holder no longer has access to the old account, mind. But those ened to be manual.

Ge0rG, make a PR

dwd: yes, I'm not speaking of those.

Ah, no. Council can accept you as a new author. Would you like us to?

the author will be pinged via mail and xmpp

or council simply overrides it :)

dwd: only after removing all the pseudo-security-issues cruft from it that I don't understand anyway.

So I'll start with a PR and then we can speak about authorship

Ge0rG, make a PR which does that and also puts you as author, then.

jonas’: thanks

is this the right time to mention that i don’t like the mutual subscription thing xmpp has going on?

daniel: yes.

Agreed.

daniel, No. I'd like to hear about it, but not right now.

daniel, why, and what would you like to see instead? ✏

SamWhited: with what exactly do you agree?

But I suppose dwd is right, we should move on with our (lack of) Agenda.

"i don’t like the mutual subcription thing xmpp has going on"

anyway lets move on

(I promise I was paying attention to the discussion before that, I just don't have much of an opinion one way or the other on moved)

should we give Ge0rG ownership of that xep

Unless I hear objections from Sam or Daniel now on allowing automatic JID replacement in 0283, I'll put a PR on my todo

I'd like to see a PR. I do have a feeling that changing it so that some other server can force your server to make new S2S connections might be bad somehow.

But I can't actually think of any problem, it just feels odd for me to be able to tell something to connect to something else.

SamWhited: that's interesting, I'll consider that

SamWhited: I suppose you shouldn't simply connect on a <moved new/> but wait for a ping from the new account

But as multiple servers are involved, this is prone to race conditions, so the protocol must be bullet-proof in that

yeah i have too much of a headache right now to actually think through the consequences but I'm ok with allowing Ge0rG to make a PR and/or take ownership of a 8 year old xep

Yay!

4) AOB

Me too; it was election night here last night so I was up until 0200 refreshing various news sources compulsively…

So I may be a bit foggy today :)

We have another election night on 2018-11-22, and I'd *love* to get rid of the many "EXPIRED"s in the SoD.

many of the EXPIREDs are not up for revoting though

some of them are VETOED

somebody with a bit of a time budget and RW permissions needs to review the votes.

*sigh*

And it looks like everybody here lacks both.

dwd, I’ll request +w on the SoD now

At the moment, though I might do before the next meeting.

sYdCst5Woy

Gosh, that was incomprehensible, sorry.

jonas’, Best change that password.

I'm trying to find mine now; I could have sworn I voted on some of these.

dwd, it’s a token I put in my request to get +w

Mind that recasting the votes will give everybody +2W of on-list time, so we will be into the next Council if we don't get our votes together on 21st

I meant to say: I don't have the time right now, but I might get the time together before the next meeting.

Tedd Sterr did actually collate all the votes for me to put in there.

dwd, hand me +w, I might have a slot tomorrow night where I can review at least some of them

dwd: maybe you could give Tedd +w then?

dwd: I don't want to push you into committing to anything, but it would be really great to have that list cleaned up in time for our next Agenda.

I was -1 on file sharing notifications at least, so far those are the only minutes I can find (XMPP Council Minutes 2018-08-01).

I'll wait if there are others to be added though in case some of the ones I'm looking for are already in Ted's list.

Maybe everyone from Council can try to aggregate their missing votes until end of this week, then?

We've got only 1.5min left, and I still have two Agenda items open.

So I'm moving on for now.

5) AOAOB

6) Next Meeting does +1W work for you?

can someone give me a link to that spreadsheet so i know what to vote on

WFM

daniel: https://docs.google.com/spreadsheets/d/1AZ-Sna6OiRG--b-mJMKv3XXfrn3Nehm0kAtlyJvImL0/edit#gid=0

i probably can’t do next week

thanks

Looks like we lost Dave.

7) Close

Thanks everyone! Let's hope +1W works out :)

dwd, thanks, that worked