Ge0rGIt looks like we won't get a formal Council Agenda Mail today, so I'd like to put https://github.com/xsf/xeps/issues/717 for a semi-formal opinion poll for today.
Ge0rGIt's almost That Time again.
Ge0rGKev: do you happen to be sufficiently present to chair, in case Dave doesn't appear in time?
Ge0rGKev, SamWhited, daniel: Meeting time?
dwdI'm reasonably convinced I'll have to vanish.
dwdBut I'm here for now - really shouldn't chair though in case I'm called away. Ge0rG, want to do the honours?
Ge0rGdwd: at your service.
Ge0rG1) Roll Call
Ge0rGlooks like we have Daniel, Dave and me, so it might be a quorum until Dave vanishes.
dwdHere. Actually meeting cancelled.
Ge0rG2) Lack of Agenda Bashing
SamWhitedoops, sorry, I"m here
Ge0rGWe don't have an Agenda, into which I tried to sneak https://github.com/xsf/xeps/issues/717 which failed horribly.
Ge0rGWe also don't have on our Agenda a list of expired Council votes that we should recast.
Ge0rGAny other additions?
danielwait did you create an issue on github instead of just writing to the mailinglist?
Ge0rGdaniel: I fead I did, yes. But to my defense, I did write to standards@ half a year ago and didn't get an answer to the important question.
dwdI think Ge0rG was hoping he could create an issue to create an agendum.
daniel> I did write to standards@ half a year ago and didn't get an answer to the important question.
but that’s the norm for like 50% of the posts there :-)
Ge0rGMy train of thought was: create issue, obtain "needs council" tag, make Dave add it to the agenda, discuss today.
SamWhitedoh yah, if it only needs council then that was probably fine, I might have misunderstood
SamWhitedThen it really is just an issue for the editors (after seeking advise from us)
Ge0rGSamWhited: no, you were right. I violently ignored due process.
danielok but lets ignore how it got on the agenda and just pretend it did
Ge0rGI'm not even sure I really want a formal vote on that or just feedback from you folks regarding the change I have in mind.
dwdI can't find XEP-0283, it seems to have been moved.
Ge0rGdwd: unfortunately the new address was lost when it was automatically removed from the roster.
danieli think a similiar question arised from the muc destroyed thing that has a new jid
Ge0rGSo it looks like we have no further items to add to the Agenda and implicitly moved to:
danielthat's in a way the same security question
Ge0rGdaniel: the answer there was "tombstones"
dwdBut jokes aside, I'd like to see a PR. My gut feeling is that it ought to be possible to satisfy the rationale in §4, while also satisfying automated [re]subscribing.
danieldo i leave the old jid and join the new one
danielGe0rG, right yeah. but the question is do i automatically join the new one
danielwhich i guess is kinda similiar to do i automatically switch over to the new jid
Ge0rGdwd: to be honest, I don't quite understand the rationale in §4. It looks like a managed environment with auto-approval based on domains? Or is it actually the problem that the receiving client just blindly accepts whatever <moved/> is shoved up to them without checking with the new account?
dwdGe0rG, I think basically you're right. A poor implementation which is *too* trusting could certainly be abused. But it feels like limiting trust should give us a reasonable outcome.
Ge0rGIMO, if you prove ownership of old-account and new-account by publishing cross-references on both, it should be enough proof for remote entities to automatically replace your JID
dwdBut... I'd like to see a PR. My gut feelings do not constitute advance acceptance. :-)
Ge0rGthe only attack vector left is _temporary_ control over an account. But I'd argue that if you take control over my account for a minute, it's compromised anyway
Ge0rGWhat's the process? The XEP author submitted it in 2010 and I have no idea why it's even in Experimental still.
Ge0rGDo we need to dig up Tory Patnoe?
dwdThere are use cases where the new account holder no longer has access to the old account, mind. But those ened to be manual.
jonas’Ge0rG, make a PR
Ge0rGdwd: yes, I'm not speaking of those.
dwdAh, no. Council can accept you as a new author. Would you like us to?
jonas’the author will be pinged via mail and xmpp
jonas’or council simply overrides it :)
Ge0rGdwd: only after removing all the pseudo-security-issues cruft from it that I don't understand anyway.
Ge0rGSo I'll start with a PR and then we can speak about authorship
jonas’Ge0rG, make a PR which does that and also puts you as author, then.
danielis this the right time to mention that i don’t like the mutual subscription thing xmpp has going on?
jonas’daniel, why, and what would you like to see insetad?
dwddaniel, No. I'd like to hear about it, but not right now.
jonas’daniel, why, and what would you like to see instead?
Ge0rGSamWhited: with what exactly do you agree?
Ge0rGBut I suppose dwd is right, we should move on with our (lack of) Agenda.
SamWhited"i don’t like the mutual subcription thing xmpp has going on"
danielanyway lets move on
SamWhited(I promise I was paying attention to the discussion before that, I just don't have much of an opinion one way or the other on moved)
danielshould we give Ge0rG ownership of that xep
Ge0rGUnless I hear objections from Sam or Daniel now on allowing automatic JID replacement in 0283, I'll put a PR on my todo
SamWhitedI'd like to see a PR. I do have a feeling that changing it so that some other server can force your server to make new S2S connections might be bad somehow.
SamWhitedBut I can't actually think of any problem, it just feels odd for me to be able to tell something to connect to something else.
Ge0rGSamWhited: that's interesting, I'll consider that
Ge0rGSamWhited: I suppose you shouldn't simply connect on a <moved new/> but wait for a ping from the new account
Ge0rGBut as multiple servers are involved, this is prone to race conditions, so the protocol must be bullet-proof in that
danielyeah i have too much of a headache right now to actually think through the consequences but I'm ok with allowing Ge0rG to make a PR and/or take ownership of a 8 year old xep
SamWhitedMe too; it was election night here last night so I was up until 0200 refreshing various news sources compulsively…
SamWhitedSo I may be a bit foggy today :)
Ge0rGWe have another election night on 2018-11-22, and I'd *love* to get rid of the many "EXPIRED"s in the SoD.
jonas’many of the EXPIREDs are not up for revoting though
jonas’some of them are VETOED
Ge0rGsomebody with a bit of a time budget and RW permissions needs to review the votes.
Ge0rGAnd it looks like everybody here lacks both.
jonas’dwd, I’ll request +w on the SoD now
dwdAt the moment, though I might do before the next meeting.
dwdGosh, that was incomprehensible, sorry.
dwdjonas’, Best change that password.
SamWhitedI'm trying to find mine now; I could have sworn I voted on some of these.
jonas’dwd, it’s a token I put in my request to get +w
Ge0rGMind that recasting the votes will give everybody +2W of on-list time, so we will be into the next Council if we don't get our votes together on 21st
dwdI meant to say: I don't have the time right now, but I might get the time together before the next meeting.
dwdTedd Sterr did actually collate all the votes for me to put in there.
jonas’dwd, hand me +w, I might have a slot tomorrow night where I can review at least some of them
Ge0rGdwd: maybe you could give Tedd +w then?
Ge0rGdwd: I don't want to push you into committing to anything, but it would be really great to have that list cleaned up in time for our next Agenda.
SamWhitedI was -1 on file sharing notifications at least, so far those are the only minutes I can find (XMPP Council Minutes 2018-08-01).
SamWhitedI'll wait if there are others to be added though in case some of the ones I'm looking for are already in Ted's list.
Ge0rGMaybe everyone from Council can try to aggregate their missing votes until end of this week, then?
Ge0rGWe've got only 1.5min left, and I still have two Agenda items open.
Ge0rGSo I'm moving on for now.
Ge0rG6) Next Meeting
does +1W work for you?
danielcan someone give me a link to that spreadsheet so i know what to vote on