XMPP Council - 2021-04-07


  1. Lance has left
  2. Lance has joined
  3. stpeter has left
  4. Lance has left
  5. paul has left
  6. Lance has joined
  7. Lance has left
  8. moparisthebest has left
  9. moparisthebest has joined
  10. Tobias has joined
  11. moparisthebest has left
  12. moparisthebest has joined
  13. paul has joined
  14. B has left
  15. B has joined
  16. moparisthebest has left
  17. moparisthebest has joined
  18. Guus has joined
  19. Guus has left
  20. Guus has joined
  21. Guus has left
  22. debacle has joined
  23. B has left
  24. B has joined
  25. Wojtek has joined
  26. Guus has joined
  27. Guus has left
  28. B has left
  29. Sam has left
  30. B has joined
  31. Sam has joined
  32. daniel has left
  33. Holger has left
  34. daniel has joined
  35. debacle has left
  36. debacle has joined
  37. daniel has left
  38. stpeter has joined
  39. David has left
  40. David has joined
  41. daniel has joined
  42. Holger has joined
  43. daniel Hi
  44. jonas’ oh
  45. jonas’ 1) Roll Call
  46. Zash hello
  47. jonas’ staring at graphs
  48. daniel I'm here
  49. dwd Afternoon.
  50. jonas’ pinging Ge0rG
  51. dwd I like graphs. Especially boring ones.
  52. jonas’ this one threatens to become non-boring, hence I was a bit distracted
  53. jonas’ 2) Agenda Bashing
  54. jonas’ any modifications?
  55. jonas’ please mention any AOB during the meeting—I know that Ge0rG had some AOB, but it seems that we’re now lacking Ge0rG
  56. jonas’ 3) Editor’s Update
  57. jonas’ - Last Call on XEP-0313 expired (last week already) - Last Call on XEP-0280 expired yesterday (2021-04-06)
  58. jonas’ 4) Items for voting
  59. jonas’ 4a) Decide on Advancement of XEP-0313: Message Archive Management URL: https://xmpp.org/extensions/xep-0313.html Abstract: This document defines a protocol to query and control an archive of messages stored on a server.
  60. jonas’ I share Ge0rGs concerns about the security considerations section
  61. jonas’ his AOB is related
  62. dwd Is the AOB about CVE listing in XEPs?
  63. jonas’ yes
  64. Zash on-list, haven't read all the LC replies yet
  65. daniel On list as well
  66. jonas’ also on-list
  67. daniel I have complicated feelings about both of these xeps...
  68. jonas’ do you want to share your feelings with the group, daniel? :)
  69. dwd I would like to understand the CVE position, and run that past the list ideally, before voting.
  70. Zash I'd say they feel like pretty large parts of Modern XMPP
  71. daniel Both feel like rather temporary fixes to more fundamental issues in the protocol
  72. jonas’ daniel, are you hinting at Bind2 + IM-NG?
  73. Zash Towards Future XMPP?
  74. Zash Future Modern*
  75. daniel Maybe. But even IM-NG is going to be complicated
  76. daniel More like what Zash said
  77. Kev They’re both pretty temporary. If either lasts more than a couple of decades I’d be surprised.
  78. Sam Obligatory advertisement for next week's office hours: Towards XMPP 2.0 roundtable discussion
  79. daniel But that said that shouldn't necessarily stood us from advancing them
  80. SouL has left
  81. daniel It's just an explanation towards why we are never really going to be happy about those two xeps
  82. jonas’ daniel, that’s certainly true
  83. Kev I think if one doesn’t have complicated thoughts about these XEPs (at least carbons, maybe MAM), they probably don’t understand :)
  84. Zash Hm, it'd probably be good to go through previous LCs (there has been a couple, right?) and check if everything raised there has been adressed
  85. Zash Something something representing a big shift in how XMPP works 🤷️
  86. jonas’ Zash, do you volunteer? :)
  87. Zash I did not say that 🙂
  88. daniel IIRC a lot of the previous LCs were it doesn't cover this specific edge case
  89. daniel And I don't think it will ever do that
  90. daniel We just have to live with that. Probably...
  91. jonas’ I mean at this stage, the XEPs are certainly a 80%-95% solution to the problem of "how to get all relevant messages on all devices"
  92. Zash Until IM-NG et all?
  93. dwd Actually, thinking more about this, +1 to advancing. We can add the CVE bits in afterward just fine.
  94. Ge0rG I've gone through my LC feedback for 0280 at least
  95. jonas’ they’re worth moving to Draft based on that.
  96. jonas’ Ge0rG, \o/
  97. Ge0rG I'm on-list for 313 because I really want to see a discussion of the points I brought up
  98. jonas’ Ge0rG, I skimmed them and my summary is mostly "Bind2"
  99. Ge0rG And honestly I'm most interested in properly specified storage rules in 313
  100. jonas’ Ge0rG, I skimmed them and my summary is mostly "Bind2" (for the long part at the bottom)
  101. Zash I'm wondering if those rules aren't going to have to evolve as we go forward, with new XEPs etc.
  102. Zash Same with carbons
  103. Ge0rG jonas’: well, bind2 won't solve all problems of 313
  104. jonas’ Ge0rG, see the parenthesis I added
  105. Ge0rG Zash: yes, so having them under a separate namespace is a good idea
  106. daniel > I'm wondering if those rules aren't going to have to evolve as we go forward, with new XEPs etc. > Same with carbons Yes. We don't really have a good definition of what a message is
  107. daniel That's the problem with both of these xeps
  108. Ge0rG Not in the context of IM
  109. jonas’ yep
  110. Zash Ge0rG, I think I meant like, new XEPs should maybe describe whether the payloads they describe should/should not be stored.
  111. jonas’ IM-NG has an idea how to address (pun intended) this, I think it deserves more experimentation
  112. Ge0rG I hope that my work on the 0280 rules can be applied equally to 313
  113. Zash Tho a whole new $XEP Rules XEP could work too
  114. Sam FWIW, this is all part of why I think these two need to advance. We probably can't get them perfect, they may need to change in the future, but they're both already extremely widely implemented so we probably can't change them that much. That sounds like draft to me.
  115. Ge0rG Zash: like Hints?
  116. Zash In my experience you want subtly different rules for MAM, Carbons and CSI, but there's definitely a bunch of overlap.
  117. Zash Oh and cloud notify stuff.
  118. Ge0rG Zash: I'm very much interested in extracting those subtle differences
  119. Zash Could be wrong tho, but I still think they'll probably have to continue evolving in the future.
  120. jonas’ likely, especially when push services evolve the cloud notify stuff will have to evolve
  121. Kev e.g. as long as they’re in <message/>s, you want CSN sent to carbons but not MAM.
  122. jonas’ either way… I doubt that this’s something we can solve in this meeting, I’d propose we move on through the formalities and the discussion can then be had later on?
  123. Zash sgtm
  124. jonas’ (I don’t seem to be getting typing notifications in this channel anymore, so I hope I don’t cut anyone off)
  125. Ge0rG I'm here from yaxim
  126. jonas’ 4a) Decide on Advancement of XEP-0280: Message Carbons URL: https://xmpp.org/extensions/xep-0280.html Abstract: In order to keep all IM clients for a user engaged in a conversation, outbound messages are carbon-copied to all interested resources.
  127. Zash I don't think Dino sends typing notifications to this kind of chat
  128. daniel On list
  129. Zash on list here too
  130. jonas’ on list
  131. Ge0rG I'm also very much interested in more list feedback, especially from server developers
  132. Ge0rG The LC feedback wasn't appropriate to the importance of the XEP, but I don't know what that means.
  133. Ge0rG Maybe it's just working perfectly for everybody.
  134. jonas’ probably the community is worn out after the ten dozen LCs this already had
  135. jonas’ but I haven’t experienced any carbons issue in the past years
  136. Zash probably the case
  137. Kev I think everyone understands that carbons is a necessary evil at the moment.
  138. Kev (Some may disagree on the ‘evil’ part)
  139. Ge0rG It's a hack on top of a hack on top of a bad design from the last millennium
  140. moparisthebest yes but how are we planning to reduce carbons by 2030
  141. Zash 🥁️
  142. jonas’ alright, same procedure as '313 I suppose
  143. jonas’ 5) Pending Votes
  144. jonas’ - dwd on deprecation of '13
  145. dwd Sorry, major incident at work, I need to drop.
  146. jonas’ ok, good luck!
  147. jonas’ moving on then
  148. jonas’ 6) Date of Next
  149. jonas’ +1w wfm
  150. Zash +1w? wfm
  151. daniel +1
  152. Ge0rG +1
  153. jonas’ \o/
  154. jonas’ 7) AOB
  155. jonas’ hands the mic to Ge0rG
  156. Ge0rG Yeah, CVEs in XEPs. This is not strictly a protocol thing, as it doesn't affect the protocol itself but only its implementations, but I think that it goes in a similar direction as DOAP, where we map out which implementations support which XEP
  157. Ge0rG I'm currently working on a first draft of a `<cve/>` XML element for XEPs that works in a similar way as a `<code>` block
  158. jonas’ I think that having references to past CVEs in the Security Considerations of affected XEPs is a good thing to show the severity and also the rationale for specific rules.
  159. jonas’ SGTM
  160. jonas’ no objections with either of my hats
  161. Zash In the XEPs themselves or, like DOAP, merged in during rendering?
  162. jonas’ in the XEPs themselves
  163. jonas’ IMO
  164. Ge0rG first rendered example at https://op-co.de/tmp/xep-0280.html#security
  165. jonas’ having it in the metadata of the document feels wrong because CVEs are about implementations, not about protocols (in most cases anyway… https://xmpp.org/extensions/xep-0223.html#revision-history-v1.1 might be a notable exception) So adding a list of CVEs to a protocol seems incorrect (in general).
  166. Ge0rG What jonas’ said
  167. Ge0rG And having a custom element hopefully gives us enough rope to extract it later on.
  168. jonas’ in addition, for the CVEs which are more like implementation notes / security considerations, embedding the metadata-cve-list at the right place in the document becomes a non-trivial XSL task
  169. jonas’ Ge0rG, that looks great already
  170. Ge0rG jonas’: if you have some CSS magic to add a red warning sign to the left and to the right, I'd be very grateful
  171. Ge0rG XSL magic works as well.
  172. jonas’ we’d need artwork for that, unicode is not good enough as I learnt recently
  173. Ge0rG don't we have some obscure math symbol we can use?
  174. Ge0rG Also what's wrong with ⚠?
  175. jonas’ depends on how it’s used it’s an accessibility issue
  176. jonas’ needs to be looked at in detail anyway
  177. Ge0rG jonas’: you just volunteered? :)
  178. jonas’ Ge0rG, I can fix you up with some CSS in your PR, yes
  179. Ge0rG 👍
  180. jonas’ if and only if it is solvable without :before/:after, because I haven’t found a good solution for those yet
  181. jonas’ any other notes on this topic?
  182. Ge0rG well, I actually wanted to do some more talking about my LC comments on both 313 and 280
  183. Ge0rG but we are also over time and I need to get into a business that closes at 1800CEST
  184. jonas’ yeah, I’m also super hungry
  185. jonas’ any other AOB?
  186. jonas’ (I suggest you bring the general '280/'313/cloud-notify? discussions on-list and/or try to schedule an A/V call with interested participants)
  187. jonas’ assuming no other AOB
  188. jonas’ 8) Ite Meeting est
  189. jonas’ 8) Ite Meeting Est
  190. Ge0rG thanks jonas’
  191. jonas’ thanks everyone!
  192. Zash Thanks jonas’, all.
  193. daniel Thanks all
  194. Ge0rG jonas’: do the LC mails count as "bringing up"?
  195. jonas’ generally, yes
  196. Ge0rG I have a feeling that I should -1 the 0313 as-is, because of lack of business rules. My feeling is that the 0280 rules were a huge step forward, even if they aren't perfect, and that having them in 0313 would be another huge benefit. That and business rules for clients.
  197. Ge0rG I can live without the bind2 stuff
  198. Zash I'm thinking you probably want to make the CVEs count as references, wrt the XML magic.
  199. Ge0rG Zash: my head might explode if I try that.
  200. Ge0rG I'm largely copy&pasting stuff from other places in the xsl
  201. jonas’ Ge0rG, I think you’re not wrong about the rule stuff
  202. Zash Hmm, there was that talk about dusting off https://xmpp.org/extensions/xep-0226.html or something similar
  203. Ge0rG Zash: I think you volunteered to do that
  204. Zash oh no
  205. SouL has joined
  206. pprrks has left
  207. pprrks has joined
  208. B has left
  209. B has joined
  210. B has left
  211. Wojtek has left
  212. Wojtek has joined
  213. B has joined
  214. Tobias has left
  215. Tobias has joined
  216. Guus has joined
  217. B has left
  218. mdosch has left
  219. mdosch has joined
  220. B has joined
  221. Wojtek has left
  222. Wojtek has joined
  223. Wojtek has left
  224. Tobias has left
  225. Syndace has left
  226. Syndace has joined
  227. moparisthebest has left
  228. B has left
  229. moparisthebest has joined
  230. B has joined
  231. B has left
  232. stpeter has left
  233. B has joined
  234. paul has left