-
moparisthebest
FYI for https://github.com/xsf/xeps/pull/1158 I intend to vote +0 and unless everyone else thinks it should go through as-is change it up to not Obsolete it, just remove DNS method (and mention it in security considerations for posterity) and change it to only add urn:xmpp:alt-connections:xbosh, I'd appreciate a indication whether you all think this is the right way forward or not
-
daniel
i literally just now walked into my hotel room and got connected to the internet...
-
Ge0rG
Yay!
-
daniel
1) roll call
-
moparisthebest
o/
-
Ge0rG
/o\
-
moparisthebest
(that shoulder injury looks painful!)
-
daniel
the lady at the check in desk asked me to give a sales pitch for Conversations. that was unexpected and slowed me down...
-
jonas’
present
-
moparisthebest
haha awesome
-
daniel
do we have a larma?
-
larma
Somewhat
-
Ge0rG
daniel: did you arrive with a huge poster?
-
daniel
i did not unfortunatly. but i was registered as a business travel to not pay tourism tax
-
daniel
2) Agenda bashing
-
daniel
none
-
daniel
3) Editors update
-
daniel
jonas’, published the xep4 and 60 changes we voted on last week
-
daniel
and a new proto xep that we are going to vote on later
-
jonas’
do we need to add ownership changes for muji to the agenda, larma?
-
jonas’
i.e. did you get a reply from the authors in that regard?
-
daniel
i have not seen public emails? did i miss them?
-
larma
I haven't had time to write a mail to ML yet, which we agreed to do first.
-
jonas’
ack, I was confused then. carry on.
-
daniel
4) Items for voting
-
daniel
a) Obsolete XEP-0156 and add warnings https://github.com/xsf/xeps/pull/1158
-
jonas’
I can live with that. +1
-
Ge0rG
We are removing DNS but also HTTP Lookup Method, right?
-
daniel
just to be clear. this essentially makes bosh obsolete?
-
moparisthebest
so http lookup is already defined in the RFC
-
jonas’
no, HTTPS is delegated to RFC 7395
-
daniel
because you can’t discover bosh any more?
-
moparisthebest
but this removes bosh, so my alternate proposal is remove everything else but adding bosh
-
jonas’
ah
-
moparisthebest
hence my +0 vote
-
jonas’
I did not realize this removes BOSH, I thought that was also covered by RFC 7395
-
moparisthebest
(see my comment right before the meeting)
-
jonas’
in that case, -1, because we should keep BOSH discoverable
-
moparisthebest
I didn't either until it was pointed out
-
Ge0rG
yeah, -1 because of BOSH
-
daniel
i'm on board with getting rid of dns and getting rid of http
-
moparisthebest
cool, I'll rework the PR for next week
-
daniel
but i do think we need to keep bosh
-
daniel
-1
-
jonas’
moparisthebest, thank you :)
-
daniel
do you want to vote on this as well larma ?
-
Ge0rG
maybe we can get rid of 0156 if we put BOSH into some other adequate place?
-
larma
I don't think we need to keep BOSH forever, but probably still need it today, so -1
-
daniel
thank you
-
daniel
wrt BOSH i think it's interesting that w3c eventsource is still around too (even though websocket exist)
-
daniel
but that's a discussion for another day probably
-
daniel
b) Obsolete and update Security Considerations for XEP-0138 and XEP-0229 https://github.com/xsf/xeps/pull/1159
-
moparisthebest
I think I'll remove httppoll too unless people think it's useful..
-
moparisthebest
+1 on this one
-
larma
+1 on b)
-
jonas’
(I would like to point out that writing a MUST NOT in an obsolete document seems kinda pointless :))
-
Ge0rG
I agree with obsoleting, but "this method is deemed insecure and MUST NOT be used" is a normative change and we MUST NOT enforce policy with protocol
-
daniel
ironcially we just deployed compression on a big project last week
-
Sam
I'm torn on this; I get the reasoning, but I also have deployed it on large projects and found it *extremely* beneficial
-
larma
Ge0rG: if you implement it, you must not use it ;)
-
moparisthebest
lots of insecure things are useful
-
jonas’
moparisthebest, I think I would be happier if, instead of changing the normative text, we add a huge security notice to the top of the document and the place where you'd change the normative text instead
-
jonas’
otherwise, it seems that the "MUST NOT" thing is, in fact, obsolete.
-
moparisthebest
the rationale behind putting the "MUST NOT" in regard to the *method* specifically is because I expect a new compression method to come along and resurrect the negotiation
-
jonas’
right, but at the same time, you're obsoleting that standard, including the MUST NOT
-
jonas’
that seems off
-
Ge0rG
-1 because of the MUST NOT
-
moparisthebest
I'm not married to it, happy to change as you all see fit
-
Ge0rG
I'd be okay with just obsoleting and adding a fat red warning in the security considerations
-
jonas’
what Ge0rG says.
-
daniel
yeah i think i'm -1 too. either just obsolete it (and put exi or zstd or whatever in a new xep). or just add a security warning
-
jonas’
-1 to b: what Ge0rG says :).
-
Sam
*thinks outloud* maybe it would be good to have an "editorial notes" section at the top of the XEP that's non-normative and doesn't require any update to the version because it's not actually part of the xep.
-
jonas’
Sam, unrelated to this, because stuff like that should definitely be versioned (thinking attic)
-
moparisthebest
I'll update this one too for next week :)
-
Sam
Nah, it would be versioned in Git and would be something the editor or council or whomever could update. Maybe call it "Editor Notes" and "Council Notes" or something. We don't version every website page in the attic
-
Sam
But anyways, not a discussion fo rhere
-
Sam
Just throwing the idea out while a relevant thing is being discussed.
-
jonas’
moparisthebest, thank you very much
-
daniel
c) XEP-0045: Remove some more mentions of GC 1.0 https://github.com/xsf/xeps/pull/1163
-
daniel
on list
-
daniel
it'll probably be fine. just want to double check later
-
Ge0rG
I think that "[citation needed]" is not appropriate in a XEP
-
Ge0rG
also on-list
-
larma
Same as daniel
-
jonas’
on list, also what Ge0rG says, I'll leave an editorial note
-
daniel
d) Obsolete some deferred XEP (0008, 0038, 0051) https://github.com/xsf/xeps/pull/727/
-
moparisthebest
yea I'd be +1 if not for [citation needed]
-
jonas’
daniel, can we split that vote?
-
daniel
yes we can
-
jonas’
I'd like to vote +1 on obsoleting 0008, but I don't have an immediate opinion on the other two
-
Ge0rG
on-list
-
daniel
right. let me call them seperatly
-
Ge0rG
but I agree we should vote per-XEP
-
daniel
your votes on obsoleting 0008
-
daniel
on list
-
larma
I'm +1 on all of them
-
Ge0rG
+1
-
moparisthebest
+1 on obsoleting 0008
-
jonas’
+1 on obsoleting 0008
-
jonas’
(using the silence: I also have an AOB)
-
daniel
yes give me a second. i'm live editing the spreadsheet on a notebook screen :-)
-
jonas’
shall I take over?
-
jonas’
(for editing, that is)
-
jonas’
(well, I just filled in a few blanks)
-
daniel
ok. your votes on obsoleting 0038 now please
-
jonas’
on-list
-
daniel
larma's vote has been recorded already
-
moparisthebest
+1 on obsoleting 0038
-
Ge0rG
+1, but I'd like to have a XEP for mapping ASCII smiley to Unicode
-
daniel
i'm on list
-
jonas’
Ge0rG, that sounds more like a thing for modernxmpp / client UI
-
pep.
Ge0rG, jabber:x:data
-
daniel
next vote: obsolete 0051
-
moparisthebest
I'm +1 with prejudice on obsoleting 0051 because it needs major security considerations and just has "To follow" yikes.... fyi the very important security considerations are covered by https://datatracker.ietf.org/doc/html/rfc6120#section-4.9.3.19
-
Ge0rG
it's been deferred for over a decade, but is there anybody using it?
-
jonas’
+1, I think this is best addressed with <see-other-host/> stream error in RFC 6120, which also talks about the corresponding security considerations.
-
jonas’
(which I've actually seen in the wild)
-
daniel
i'm on list for this one too
-
Ge0rG
alright, given <see-other-host> I'm +1 on obsoleting
-
moparisthebest
I sure hope no one is using it, or if they are, I hope they are using it in a secure way... :/
-
daniel
ok thank you
-
daniel
moving on
-
daniel
e) ProtoXEP: MUC Affiliations Versioning https://xmpp.org/extensions/inbox/muc-affiliations-versioning.html
-
daniel
have we ever done attribute namespaces?
-
daniel
last time there was a huge debate about them. but i dont recall the outcome
-
pep.
Yes
-
daniel
pep where?
-
jonas’
the outcome is that some people whose XML library can't deal with them don't like them
-
pep.
103? Referenced in the stickers thing
-
Sam
FWIW, I have seen multiple implementations (not just my own) that this will break even though technically I'm using an XML parser with namespace read support
-
jonas’
on-list for the protoxep
-
larma
I'm +1 on this
-
Ge0rG
can't we put a child element into the <x/>?
-
moparisthebest
I'm on-list, my gut reaction is to run from attribute namespaces
-
pep.
I'm not sure why that would be a blocker for experimental anyway
-
Ge0rG
on-list as well
-
daniel
attribute namespaces aside i'm thinking that we might want to think this bigger and version presences/roles as well
-
jonas’
pep., I agree, it shouldn't be a blocker for experimental
-
daniel
and not just affiliations?
-
Ge0rG
daniel: fully agree
-
pep.
daniel, there's already two XEPs for presence, doing about the same thing
-
larma
daniel, for presences there are 311 and 436
-
Ge0rG
it'd be awesome to get a differential membership update mechanism for huge MUCs
-
daniel
but yes personal opinions aside I agree that those aren’t blockers for experimental
-
daniel
i'm +1
-
Ge0rG
on-list
-
jonas’
I still need to read it, so I'll stay with on list
-
daniel
ok. thank you everyone
-
daniel
5) Pending votes
-
daniel
a) Georg on 'Proposed XMPP Extension: PubSub Type Filtering'
-
Ge0rG
+1
-
daniel
6) Date of Next
-
daniel
+1w wfm
-
moparisthebest
+1w wfm
-
jonas’
+1w wfm
-
daniel
7) AOB
-
larma
+1w wfm
-
daniel
jonas’, mentioned one but we are out of time
-
daniel
is everyone fine with extending by 10mins?
-
moparisthebest
Yes
-
jonas’
we can also move it to next week, it's not urgent
-
Ge0rG
I'm still semi-here, so ok
-
jonas’
ok, really quick
-
daniel
ok jonas’ go ahead
-
jonas’
the past two years with pandemic and so on have advanced the A/V technology and probably increase most of ours exposure to that.
-
jonas’
I was thinking whether we should or want to migrate this meeting to an audio-by-default, video-if-desired, chat-as-fallback format
-
jonas’
you can think on that in the week until the next meeting and maybe we can have a discussion then
-
jonas’
infrastructure won't be a problem (I have a Jitsi to spare)
-
Ge0rG
I'm very much -1, not only for auditability reasons
-
daniel
jonas’, i was actually considering proposing the same. although maybe on a monthly basis
-
daniel
like every first meeting in a month or something
-
Zash
Try Dino? 😉
-
larma
I wouldn't be entirely against, but I kinda don't like the idea of using not-standardized XMPP for this and I also don't think everyone wants to use Dino
-
Sam
The minutes would have to be written as the meeting goes on unless it's being recorded for auditability; that seems desirable though. Stuff gets missed when people do them afterwards.
-
jonas’
I'd volunteer to write proper online minutes for auditability
-
jonas’
(I've been doing that for various work meetings in the past two years and it's not a problem for me)
-
Kev
Didn't want to derail the meeting, but for 'editorial notes', I think they're a fine idea, but I also think there's no reason not to version them - numbers are cheap and we already have an editorial numbering scheme (the last number).
-
pep.
Judging by what minutes looked like in board (at the time) I'd hope that'd be worth it :/
-
moparisthebest
I also prefer text format as a standard, but I'm fine with audio if everyone else wanted it, or on a monthly basis or whatever
-
daniel
ok Ge0rG seems to be a hard no. but thank you for the suggestion. maybe something to think about or reconsider at a later date
-
Sam
I guess that's fine; versioning them as part of the XEP just means we have to bump a 10 year old final xep just because the editor wanted to add the note "by the way, this typo is incorrect in the example, please ignore it" or something
-
jonas’
I'd like to have a proper discussion including Ge0rG next week when we are not running out of time :)
-
daniel
ok
-
daniel
Close
-
daniel
thank you everyone
-
jonas’
thanks daniel!
-
moparisthebest
Thanks!
-
pep.
Not in council but that'd be a -1 from the floor. Maybe there can be trials to see how that'd go :x
-
Kev
re: Video/Voice/Text - High bandwidth is useful for Council themselves, if it's the only thing they're doing at the time and not e.g. on trains etc., while text is really useful for people following along, or reading up later. Maybe a poll of non-Council to see how many people actually take advantage of being able to read the raw logs would reveal that I'm the only person who does it, and there wouldn't be much value in keeping that if video was better for Council.
-
Sam
FWIW re video calls: I also thought about proposing something like this a few times when I was on the council. Having a face to face chat once a month or more would probably make things go smoother the rest of the time.
-
daniel
two years into the pandemic i figured out that i can hook up my full frame mirror less camera over usb and use it as a webcam (i had always assumed i needed a hdmi->usb capture device). but with gphoto it just works
- jonas’ out
-
moparisthebest
Also Zash some badxmpp that sends https://datatracker.ietf.org/doc/html/rfc6120#section-4.9.3.19 or 0051 before auth or where the target has a bad certificate would be interesting
-
Zash
moparisthebest, topic for somewhere else, probably jdev@ tho
-
Kev
> I guess that's fine; versioning them as part of the XEP just means we have to bump a 10 year old final xep just because the editor wanted to add the note "by the way, this typo is incorrect in the example, please ignore it" or something That's true, but it's a bump where we already encode in the version number that the change was meaningless :)
-
moparisthebest
Just brought it up re: our vote here :)
-
Sam
Does bumping the version mean council has to weigh in for final XEPs? That seems to defeat the purpose
-
moparisthebest
I used to be strictly against audio and especially video in preference to text chat, but the last 2 years have shown me they can add some value when used periodically
-
pep.
« Kev> [..] how many people actually take advantage of being able to read the raw logs » I also do that often. Many things that get missed in minutes
-
moparisthebest
Sam: editorial changes don't need council, even if versions get bumped I think...
-
daniel
yes if anything we should probably start doing 1 in 4 meetings with A/V or something. see how people like it
-
daniel
(instead of every week)
-
Zash
(and do a Summit, so we remember there are actual humans attached to these nicknames/avatars)
-
Kev
> Sam: editorial changes don't need council, even if versions get bumped I think... This.
-
Sam
Hmm, I thought final couldn't be bumped at all and draft required council.
-
Sam
Anyways, the whole point in my mind is that it's *not* part of the XEP, it could just as easily be a separate wiki page it's just included at the top for convenience, but I don't really care either way.
-
Kev
And, I realise this might be a pointless idea, but I wonder if there are services where people will transcribe video meetings for you, and if the XSF might be willing to pay for such a service for Council meetings if they went video - that way those of us who like to read up would be no worse off than now, and Council could enjoy the extra bandwidth.
-
Sam
There are; I forget what the one I used in the past was called but it cost <a lot> (I forget that too, just that it was expensive)
-
pep.
A/V for crappy links isn't exactly great either fwiw. It'd be the case for me (if I were in council) but how many times have we heard Ge0r.G complain about his link :)
-
Sam
Although that was live transcription actually, so maybe it would be cheaper after the fact
-
larma
https://cloud.google.com/speech-to-text/pricing first 60 minutes free per month 😀
-
pep.
yay another google service
-
Sam
Seems reasonable
-
Sam
I forget this can be automated now.
-
moparisthebest
How do those do with accents I wonder?
-
moparisthebest
There are some even British accents that are completely incomprehensible to me
-
Sam
The robots are probably better at this than you, they have a larger training set :)
-
Sam
(that's a serious statement, not a joke)
-
moparisthebest
Very possible, I never know if that's the case or whether 100% of their training data were people with California accents
-
Ge0rG
moparisthebest: I think the problem won't be the accents but rather the slang.
-
Ge0rG
translation services are horrible at technical slang
-
moparisthebest
Probably true
-
pep.
Too Many TLAs
-
jonas’
I'll see if I can get a demo of a minutes file I created from an A/V meeting