XMPP Council - 2018-11-07

  1. Ge0rG

    It looks like we won't get a formal Council Agenda Mail today, so I'd like to put https://github.com/xsf/xeps/issues/717 for a semi-formal opinion poll for today.

  2. Ge0rG

    It's almost That Time again.

  3. Ge0rG

    Kev: do you happen to be sufficiently present to chair, in case Dave doesn't appear in time?

  4. Ge0rG

    Hey dwd!

  5. Ge0rG

    Kev, SamWhited, daniel: Meeting time?

  6. dwd

    I'm reasonably convinced I'll have to vanish.

  7. daniel

    i’m here

  8. dwd

    But I'm here for now - really shouldn't chair though in case I'm called away. Ge0rG, want to do the honours?

  9. Ge0rG

    dwd: at your service.

  10. Ge0rG

    1) Roll Call

  11. Ge0rG

    looks like we have Daniel, Dave and me, so it might be a quorum until Dave vanishes.

  12. dwd

    Here. Actually meeting cancelled.

  13. dwd

    (I think).

  14. Ge0rG

    2) Lack of Agenda Bashing

  15. SamWhited

    oops, sorry, I"m here

  16. Ge0rG

    We don't have an Agenda, into which I tried to sneak https://github.com/xsf/xeps/issues/717 which failed horribly.

  17. Ge0rG

    We also don't have on our Agenda a list of expired Council votes that we should recast.

  18. Ge0rG

    Any other additions?

  19. daniel

    wait did you create an issue on github instead of just writing to the mailinglist?

  20. daniel

    i’m confused

  21. Ge0rG

    daniel: I fead I did, yes. But to my defense, I did write to standards@ half a year ago and didn't get an answer to the important question.

  22. dwd

    I think Ge0rG was hoping he could create an issue to create an agendum.

  23. daniel

    > I did write to standards@ half a year ago and didn't get an answer to the important question. but that’s the norm for like 50% of the posts there :-)

  24. Ge0rG

    My train of thought was: create issue, obtain "needs council" tag, make Dave add it to the agenda, discuss today.

  25. SamWhited

    oh yah, if it only needs council then that was probably fine, I might have misunderstood

  26. SamWhited

    Then it really is just an issue for the editors (after seeking advise from us)

  27. Ge0rG

    SamWhited: no, you were right. I violently ignored due process.

  28. daniel

    ok but lets ignore how it got on the agenda and just pretend it did

  29. Ge0rG

    I'm not even sure I really want a formal vote on that or just feedback from you folks regarding the change I have in mind.

  30. dwd

    I can't find XEP-0283, it seems to have been moved.

  31. Ge0rG

    dwd: unfortunately the new address was lost when it was automatically removed from the roster.

  32. daniel

    i think a similiar question arised from the muc destroyed thing that has a new jid

  33. Ge0rG

    So it looks like we have no further items to add to the Agenda and implicitly moved to: 3) https://github.com/xsf/xeps/issues/717

  34. daniel

    that's in a way the same security question

  35. Ge0rG

    daniel: the answer there was "tombstones"

  36. dwd

    But jokes aside, I'd like to see a PR. My gut feeling is that it ought to be possible to satisfy the rationale in §4, while also satisfying automated [re]subscribing.

  37. daniel

    do i leave the old jid and join the new one

  38. daniel

    Ge0rG, right yeah. but the question is do i automatically join the new one

  39. daniel

    which i guess is kinda similiar to do i automatically switch over to the new jid

  40. Ge0rG

    dwd: to be honest, I don't quite understand the rationale in §4. It looks like a managed environment with auto-approval based on domains? Or is it actually the problem that the receiving client just blindly accepts whatever <moved/> is shoved up to them without checking with the new account?

  41. Ge0rG

    daniel: right.

  42. dwd

    Ge0rG, I think basically you're right. A poor implementation which is *too* trusting could certainly be abused. But it feels like limiting trust should give us a reasonable outcome.

  43. Ge0rG

    IMO, if you prove ownership of old-account and new-account by publishing cross-references on both, it should be enough proof for remote entities to automatically replace your JID

  44. dwd

    But... I'd like to see a PR. My gut feelings do not constitute advance acceptance. :-)

  45. Ge0rG

    the only attack vector left is _temporary_ control over an account. But I'd argue that if you take control over my account for a minute, it's compromised anyway

  46. Ge0rG

    What's the process? The XEP author submitted it in 2010 and I have no idea why it's even in Experimental still.

  47. Ge0rG

    Do we need to dig up Tory Patnoe?

  48. dwd

    There are use cases where the new account holder no longer has access to the old account, mind. But those ened to be manual.

  49. jonas’

    Ge0rG, make a PR

  50. Ge0rG

    dwd: yes, I'm not speaking of those.

  51. dwd

    Ah, no. Council can accept you as a new author. Would you like us to?

  52. jonas’

    the author will be pinged via mail and xmpp

  53. jonas’

    or council simply overrides it :)

  54. Ge0rG

    dwd: only after removing all the pseudo-security-issues cruft from it that I don't understand anyway.

  55. Ge0rG

    So I'll start with a PR and then we can speak about authorship

  56. jonas’

    Ge0rG, make a PR which does that and also puts you as author, then.

  57. Ge0rG

    jonas’: thanks

  58. daniel

    is this the right time to mention that i don’t like the mutual subscription thing xmpp has going on?

  59. Ge0rG

    daniel: yes.

  60. SamWhited


  61. jonas’

    daniel, why, and what would you like to see insetad?

  62. dwd

    daniel, No. I'd like to hear about it, but not right now.

  63. jonas’

    daniel, why, and what would you like to see instead?

  64. Ge0rG

    SamWhited: with what exactly do you agree?

  65. Ge0rG

    But I suppose dwd is right, we should move on with our (lack of) Agenda.

  66. SamWhited

    "i don’t like the mutual subcription thing xmpp has going on"

  67. daniel

    anyway lets move on

  68. SamWhited

    (I promise I was paying attention to the discussion before that, I just don't have much of an opinion one way or the other on moved)

  69. daniel

    should we give Ge0rG ownership of that xep

  70. Ge0rG

    Unless I hear objections from Sam or Daniel now on allowing automatic JID replacement in 0283, I'll put a PR on my todo

  71. SamWhited

    I'd like to see a PR. I do have a feeling that changing it so that some other server can force your server to make new S2S connections might be bad somehow.

  72. SamWhited

    But I can't actually think of any problem, it just feels odd for me to be able to tell something to connect to something else.

  73. Ge0rG

    SamWhited: that's interesting, I'll consider that

  74. Ge0rG

    SamWhited: I suppose you shouldn't simply connect on a <moved new/> but wait for a ping from the new account

  75. Ge0rG

    But as multiple servers are involved, this is prone to race conditions, so the protocol must be bullet-proof in that

  76. daniel

    yeah i have too much of a headache right now to actually think through the consequences but I'm ok with allowing Ge0rG to make a PR and/or take ownership of a 8 year old xep

  77. Ge0rG


  78. Ge0rG

    4) AOB

  79. SamWhited

    Me too; it was election night here last night so I was up until 0200 refreshing various news sources compulsively…

  80. SamWhited

    So I may be a bit foggy today :)

  81. Ge0rG

    We have another election night on 2018-11-22, and I'd *love* to get rid of the many "EXPIRED"s in the SoD.

  82. jonas’

    many of the EXPIREDs are not up for revoting though

  83. jonas’

    some of them are VETOED

  84. Ge0rG

    somebody with a bit of a time budget and RW permissions needs to review the votes.

  85. jonas’


  86. Ge0rG

    And it looks like everybody here lacks both.

  87. jonas’

    dwd, I’ll request +w on the SoD now

  88. dwd

    At the moment, though I might do before the next meeting.

  89. jonas’


  90. dwd

    Gosh, that was incomprehensible, sorry.

  91. dwd

    jonas’, Best change that password.

  92. SamWhited

    I'm trying to find mine now; I could have sworn I voted on some of these.

  93. jonas’

    dwd, it’s a token I put in my request to get +w

  94. Ge0rG

    Mind that recasting the votes will give everybody +2W of on-list time, so we will be into the next Council if we don't get our votes together on 21st

  95. dwd

    I meant to say: I don't have the time right now, but I might get the time together before the next meeting.

  96. dwd

    Tedd Sterr did actually collate all the votes for me to put in there.

  97. jonas’

    dwd, hand me +w, I might have a slot tomorrow night where I can review at least some of them

  98. Ge0rG

    dwd: maybe you could give Tedd +w then?

  99. Ge0rG

    dwd: I don't want to push you into committing to anything, but it would be really great to have that list cleaned up in time for our next Agenda.

  100. SamWhited

    I was -1 on file sharing notifications at least, so far those are the only minutes I can find (XMPP Council Minutes 2018-08-01).

  101. SamWhited

    I'll wait if there are others to be added though in case some of the ones I'm looking for are already in Ted's list.

  102. Ge0rG

    Maybe everyone from Council can try to aggregate their missing votes until end of this week, then?

  103. Ge0rG

    We've got only 1.5min left, and I still have two Agenda items open.

  104. Ge0rG

    So I'm moving on for now.

  105. Ge0rG

    5) AOAOB

  106. Ge0rG

    6) Next Meeting does +1W work for you?

  107. daniel

    can someone give me a link to that spreadsheet so i know what to vote on

  108. SamWhited


  109. Ge0rG

    daniel: https://docs.google.com/spreadsheets/d/1AZ-Sna6OiRG--b-mJMKv3XXfrn3Nehm0kAtlyJvImL0/edit#gid=0

  110. daniel

    i probably can’t do next week

  111. daniel


  112. Ge0rG

    Looks like we lost Dave.

  113. Ge0rG

    7) Close

  114. Ge0rG

    Thanks everyone! Let's hope +1W works out :)

  115. jonas’

    dwd, thanks, that worked