XMPP Council - 2022-02-16

FYI for https://github.com/xsf/xeps/pull/1158 I intend to vote +0 and unless everyone else thinks it should go through as-is change it up to not Obsolete it, just remove DNS method (and mention it in security considerations for posterity) and change it to only add urn:xmpp:alt-connections:xbosh, I'd appreciate a indication whether you all think this is the right way forward or not

i literally just now walked into my hotel room and got connected to the internet...

Yay!

1) roll call

o/

/o\

(that shoulder injury looks painful!)

the lady at the check in desk asked me to give a sales pitch for Conversations. that was unexpected and slowed me down...

present

haha awesome

do we have a larma?

Somewhat

daniel: did you arrive with a huge poster?

i did not unfortunatly. but i was registered as a business travel to not pay tourism tax

2) Agenda bashing

none

3) Editors update

jonas’, published the xep4 and 60 changes we voted on last week

and a new proto xep that we are going to vote on later

do we need to add ownership changes for muji to the agenda, larma?

i.e. did you get a reply from the authors in that regard?

i have not seen public emails? did i miss them?

I haven't had time to write a mail to ML yet, which we agreed to do first.

ack, I was confused then. carry on.

4) Items for voting

a) Obsolete XEP-0156 and add warnings https://github.com/xsf/xeps/pull/1158

I can live with that. +1

We are removing DNS but also HTTP Lookup Method, right?

just to be clear. this essentially makes bosh obsolete?

so http lookup is already defined in the RFC

no, HTTPS is delegated to RFC 7395

because you can’t discover bosh any more?

but this removes bosh, so my alternate proposal is remove everything else but adding bosh

ah

hence my +0 vote

I did not realize this removes BOSH, I thought that was also covered by RFC 7395

(see my comment right before the meeting)

in that case, -1, because we should keep BOSH discoverable

I didn't either until it was pointed out

yeah, -1 because of BOSH

i'm on board with getting rid of dns and getting rid of http

cool, I'll rework the PR for next week

but i do think we need to keep bosh

-1

moparisthebest, thank you :)

do you want to vote on this as well larma ?

maybe we can get rid of 0156 if we put BOSH into some other adequate place?

I don't think we need to keep BOSH forever, but probably still need it today, so -1

thank you

wrt BOSH i think it's interesting that w3c eventsource is still around too (even though websocket exist)

but that's a discussion for another day probably

b) Obsolete and update Security Considerations for XEP-0138 and XEP-0229 https://github.com/xsf/xeps/pull/1159

I think I'll remove httppoll too unless people think it's useful..

+1 on this one

+1 on b)

(I would like to point out that writing a MUST NOT in an obsolete document seems kinda pointless :))

I agree with obsoleting, but "this method is deemed insecure and MUST NOT be used" is a normative change and we MUST NOT enforce policy with protocol

ironcially we just deployed compression on a big project last week

I'm torn on this; I get the reasoning, but I also have deployed it on large projects and found it *extremely* beneficial

Ge0rG: if you implement it, you must not use it ;)

lots of insecure things are useful

moparisthebest, I think I would be happier if, instead of changing the normative text, we add a huge security notice to the top of the document and the place where you'd change the normative text instead

otherwise, it seems that the "MUST NOT" thing is, in fact, obsolete.

the rationale behind putting the "MUST NOT" in regard to the *method* specifically is because I expect a new compression method to come along and resurrect the negotiation

right, but at the same time, you're obsoleting that standard, including the MUST NOT

that seems off

-1 because of the MUST NOT

I'm not married to it, happy to change as you all see fit

I'd be okay with just obsoleting and adding a fat red warning in the security considerations

what Ge0rG says.

yeah i think i'm -1 too. either just obsolete it (and put exi or zstd or whatever in a new xep). or just add a security warning

-1 to b: what Ge0rG says :).

*thinks outloud* maybe it would be good to have an "editorial notes" section at the top of the XEP that's non-normative and doesn't require any update to the version because it's not actually part of the xep.

Sam, unrelated to this, because stuff like that should definitely be versioned (thinking attic)

I'll update this one too for next week :)

Nah, it would be versioned in Git and would be something the editor or council or whomever could update. Maybe call it "Editor Notes" and "Council Notes" or something. We don't version every website page in the attic

But anyways, not a discussion fo rhere

Just throwing the idea out while a relevant thing is being discussed.

moparisthebest, thank you very much

c) XEP-0045: Remove some more mentions of GC 1.0 https://github.com/xsf/xeps/pull/1163

on list

it'll probably be fine. just want to double check later

I think that "[citation needed]" is not appropriate in a XEP

also on-list

Same as daniel

on list, also what Ge0rG says, I'll leave an editorial note

d) Obsolete some deferred XEP (0008, 0038, 0051) https://github.com/xsf/xeps/pull/727/

yea I'd be +1 if not for [citation needed]

daniel, can we split that vote?

yes we can

I'd like to vote +1 on obsoleting 0008, but I don't have an immediate opinion on the other two

on-list

right. let me call them seperatly

but I agree we should vote per-XEP

your votes on obsoleting 0008

on list

I'm +1 on all of them

+1

+1 on obsoleting 0008

+1 on obsoleting 0008

(using the silence: I also have an AOB)

yes give me a second. i'm live editing the spreadsheet on a notebook screen :-)

shall I take over?

(for editing, that is)

(well, I just filled in a few blanks)

ok. your votes on obsoleting 0038 now please

on-list

larma's vote has been recorded already

+1 on obsoleting 0038

+1, but I'd like to have a XEP for mapping ASCII smiley to Unicode

i'm on list

Ge0rG, that sounds more like a thing for modernxmpp / client UI

Ge0rG, jabber:x:data

next vote: obsolete 0051

I'm +1 with prejudice on obsoleting 0051 because it needs major security considerations and just has "To follow" yikes.... fyi the very important security considerations are covered by https://datatracker.ietf.org/doc/html/rfc6120#section-4.9.3.19

it's been deferred for over a decade, but is there anybody using it?

+1, I think this is best addressed with <see-other-host/> stream error in RFC 6120, which also talks about the corresponding security considerations.

(which I've actually seen in the wild)

i'm on list for this one too

alright, given <see-other-host> I'm +1 on obsoleting

I sure hope no one is using it, or if they are, I hope they are using it in a secure way... :/

ok thank you

moving on

e) ProtoXEP: MUC Affiliations Versioning https://xmpp.org/extensions/inbox/muc-affiliations-versioning.html

have we ever done attribute namespaces?

last time there was a huge debate about them. but i dont recall the outcome

Yes

pep where?

the outcome is that some people whose XML library can't deal with them don't like them

103? Referenced in the stickers thing

FWIW, I have seen multiple implementations (not just my own) that this will break even though technically I'm using an XML parser with namespace read support

on-list for the protoxep

I'm +1 on this

can't we put a child element into the <x/>?

I'm on-list, my gut reaction is to run from attribute namespaces

I'm not sure why that would be a blocker for experimental anyway

on-list as well

attribute namespaces aside i'm thinking that we might want to think this bigger and version presences/roles as well

pep., I agree, it shouldn't be a blocker for experimental

and not just affiliations?

daniel: fully agree

daniel, there's already two XEPs for presence, doing about the same thing

daniel, for presences there are 311 and 436

it'd be awesome to get a differential membership update mechanism for huge MUCs

but yes personal opinions aside I agree that those aren’t blockers for experimental

i'm +1

on-list

I still need to read it, so I'll stay with on list

ok. thank you everyone

5) Pending votes

a) Georg on 'Proposed XMPP Extension: PubSub Type Filtering'

+1

6) Date of Next

+1w wfm

+1w wfm

+1w wfm

7) AOB

+1w wfm

jonas’, mentioned one but we are out of time

is everyone fine with extending by 10mins?

Yes

we can also move it to next week, it's not urgent

I'm still semi-here, so ok

ok, really quick

ok jonas’ go ahead

the past two years with pandemic and so on have advanced the A/V technology and probably increase most of ours exposure to that.

I was thinking whether we should or want to migrate this meeting to an audio-by-default, video-if-desired, chat-as-fallback format

you can think on that in the week until the next meeting and maybe we can have a discussion then

infrastructure won't be a problem (I have a Jitsi to spare)

I'm very much -1, not only for auditability reasons

jonas’, i was actually considering proposing the same. although maybe on a monthly basis

like every first meeting in a month or something

Try Dino? 😉

I wouldn't be entirely against, but I kinda don't like the idea of using not-standardized XMPP for this and I also don't think everyone wants to use Dino

The minutes would have to be written as the meeting goes on unless it's being recorded for auditability; that seems desirable though. Stuff gets missed when people do them afterwards.

I'd volunteer to write proper online minutes for auditability

(I've been doing that for various work meetings in the past two years and it's not a problem for me)

Didn't want to derail the meeting, but for 'editorial notes', I think they're a fine idea, but I also think there's no reason not to version them - numbers are cheap and we already have an editorial numbering scheme (the last number).

Judging by what minutes looked like in board (at the time) I'd hope that'd be worth it :/

I also prefer text format as a standard, but I'm fine with audio if everyone else wanted it, or on a monthly basis or whatever

ok Ge0rG seems to be a hard no. but thank you for the suggestion. maybe something to think about or reconsider at a later date

I guess that's fine; versioning them as part of the XEP just means we have to bump a 10 year old final xep just because the editor wanted to add the note "by the way, this typo is incorrect in the example, please ignore it" or something

I'd like to have a proper discussion including Ge0rG next week when we are not running out of time :)

ok

Close

thank you everyone

thanks daniel!

Thanks!

Not in council but that'd be a -1 from the floor. Maybe there can be trials to see how that'd go :x

re: Video/Voice/Text - High bandwidth is useful for Council themselves, if it's the only thing they're doing at the time and not e.g. on trains etc., while text is really useful for people following along, or reading up later. Maybe a poll of non-Council to see how many people actually take advantage of being able to read the raw logs would reveal that I'm the only person who does it, and there wouldn't be much value in keeping that if video was better for Council.

FWIW re video calls: I also thought about proposing something like this a few times when I was on the council. Having a face to face chat once a month or more would probably make things go smoother the rest of the time.

two years into the pandemic i figured out that i can hook up my full frame mirror less camera over usb and use it as a webcam (i had always assumed i needed a hdmi->usb capture device). but with gphoto it just works

Also Zash some badxmpp that sends https://datatracker.ietf.org/doc/html/rfc6120#section-4.9.3.19 or 0051 before auth or where the target has a bad certificate would be interesting

moparisthebest, topic for somewhere else, probably jdev@ tho

> I guess that's fine; versioning them as part of the XEP just means we have to bump a 10 year old final xep just because the editor wanted to add the note "by the way, this typo is incorrect in the example, please ignore it" or something That's true, but it's a bump where we already encode in the version number that the change was meaningless :)

Just brought it up re: our vote here :)

Does bumping the version mean council has to weigh in for final XEPs? That seems to defeat the purpose

I used to be strictly against audio and especially video in preference to text chat, but the last 2 years have shown me they can add some value when used periodically

« Kev> [..] how many people actually take advantage of being able to read the raw logs » I also do that often. Many things that get missed in minutes

Sam: editorial changes don't need council, even if versions get bumped I think...

yes if anything we should probably start doing 1 in 4 meetings with A/V or something. see how people like it

(instead of every week)

(and do a Summit, so we remember there are actual humans attached to these nicknames/avatars)

> Sam: editorial changes don't need council, even if versions get bumped I think... This.

Hmm, I thought final couldn't be bumped at all and draft required council.

Anyways, the whole point in my mind is that it's *not* part of the XEP, it could just as easily be a separate wiki page it's just included at the top for convenience, but I don't really care either way.

And, I realise this might be a pointless idea, but I wonder if there are services where people will transcribe video meetings for you, and if the XSF might be willing to pay for such a service for Council meetings if they went video - that way those of us who like to read up would be no worse off than now, and Council could enjoy the extra bandwidth.

There are; I forget what the one I used in the past was called but it cost <a lot> (I forget that too, just that it was expensive)

A/V for crappy links isn't exactly great either fwiw. It'd be the case for me (if I were in council) but how many times have we heard Ge0r.G complain about his link :)

Although that was live transcription actually, so maybe it would be cheaper after the fact

https://cloud.google.com/speech-to-text/pricing first 60 minutes free per month 😀

yay another google service

Seems reasonable

I forget this can be automated now.

How do those do with accents I wonder?

There are some even British accents that are completely incomprehensible to me

The robots are probably better at this than you, they have a larger training set :)

(that's a serious statement, not a joke)

Very possible, I never know if that's the case or whether 100% of their training data were people with California accents

moparisthebest: I think the problem won't be the accents but rather the slang.

translation services are horrible at technical slang

Probably true

Too Many TLAs

I'll see if I can get a demo of a minutes file I created from an A/V meeting