dwdYeah, I think any previous have been before the Great XSF Renaming.
Alexhas left
Ashley Wardhas joined
Lancehas joined
Lloydhas joined
Lancehas joined
bearhas left
Lancehas joined
dwdralphm, It's the 15th of December we get a go/no-go for the FOSDEM Lounge, right? Do they normally hit that date or is there sometimes some slippage?
ralphmyes
ralphmno
dwdBedankt.
ralphm:-D
ralphmMaybe I could poke them a bit about it
dwdIt'd be useful to know as soon as, since we can begin planning more concretely, but I'd prefer not to annoy them.
Lloydhas left
Ashley Wardhas left
Lloydhas joined
Ashley Wardhas joined
dwdLloyd, Ashley Ward - Nice that your server broadcasts how it was shutdown.
Lloydhas left
Ashley Wardhas left
Lloydhas joined
Ashley Wardhas joined
Ashley WardIf it does then I assume that's what Prosody does by default!
dwdAshley Ward, Yeah, seems so. Two restarts, eh?
Ashley WardYeah. Lloyds been updating the TSL stuff on it in readiness for the 4th Jan
Ashley WardTSL = TLS
dwdRight, yes. I think mine's about ready now. I've been trying to get otalk.im deployed, but it's not yet working for me.
Ashley WardBe interested to hear how you get on with that.
dwdSLowly.
dwdI'm really not experienced enough with Node and modern webapp stuff to figure out what's broken about it.
Ashley WardHehe. Tell me about it - I've only barely figured out how all this node stuff works. I understand it okay as long as nothing goes too badly wrong!
dwdI spent literally hours downloading extension after extension.
ralphmEdwin Mons did the same for our machine the other day. He experienced issues with both disabling SSL and compression.
Edwin MonsWell, prosody failed to do any TLS if I disabled compression.
ralphmthat counts as 'experiencing issues'
ralphm:-D
Edwin MonsIt does.
Edwin MonsThat might be due to the hackish nature of our setup, though. I had to do a bit of library mapping to get luasec to use the openssl from ports.
Edwin MonsInstead of the system openssl.
Edwin Mons(FreeBSD based)
dwdFreeBSD? But you don't have a beard...
Edwin Monsdwd: in spirit only ;)
Edwin MonsNor does Kurt, for that matter ;)
ralphmdwd: I have a beard
ralphmand we co-admin
Edwin Monsdwd: although I really do need to shave. It's not a full beard yet.
Alexstarted memberbot
Edwin Monshas left
dwdHeh. Lisa Dusseault's applicaiton doesn't mention that she was the one who coined the term "stanza".
Edwin Monshas joined
dwdVoted. :-)
Edwin Monsdwd: fix it for her, it's a wiki after all :P
fippodwd: she also denies coming from IRC ;-)
dwdNobody admits to any involvement there, though, right?
Edwin MonsVoted as well. A shame dwd beat me to it ;)
Alexisn't there a comment function in the Wiki?
dwdDiscussion page, at least - I've added a note there.
Edwin MonsThe talk page. But who looks there.
Alexya
Edwin MonsDiscussion, yes.
dwdBoth the new applicants look good. I also realise I know nearly every reapplicant personally, too.
KevOK, "Yes" isn't a valid response to the memberbot.
KevThat seems a little bit overly restrictive.
dwdGosh. I hadn't actually noticed.
Edwin MonsJust noticed Diana didn't reapply.
KevI also get the feeling Florian's heart wasn't really in this.
Edwin MonsYou'd think with all the time he had to spend on SFO, he'd have had ample time to create a beautiful page there.
dwdThat one might be my fault.
dwd[17:26:45] David Cridland: Just put up a blank page, nobody reads them anyway.
[17:30:00] Florian Jensen: lol
[17:30:02] Florian Jensen: I'll try that
KevIn fact, I'm not convinced that his application is legal.
dwdOh?
KevWe have to provide affiliation information.
dwdThat is actually a good point.
dwdOh. Actually I can just add it into his application; assuming I'm right in thinking he's now working for Uber?
dwdBut no, we should just contact him, actually.
Ashley Wardhas left
Ashley Wardhas joined
Edwin MonsI think editing someone's application is not really the best of ideas...
KevI'm opposed to people editing other people's applications.
dwdEdwin Mons, It doesn't seem quite right, does it?
Edwin Monsdwd: that's one way of putting it.
KevOn the other hand, it's too late to edit applications at this point.
KevDoes Florian get disqualified on a technicality? That would be ... amusing?
dwdSo the only way he could be disqualified would be to argue that his written application is not in such a form as has been adopted by the Board.
dwdI think, anyway. So we'd need to decide on what form actually has been adopted by the Board.
KevWhich is listed on http://wiki.xmpp.org/web/Membership_Applications_Q3_2013, no?
dwdOK, when was that adopted by the Board?
Edwin MonsThe list of required elements is quite clear.
Kevdwd: You tell me, you're on the Board :)
dwdEdwin Mons, As far as I can tell, the Board agreed a few years ago to require a full name, which is *not* listed there. Can't yet find if they require anything else.
dwdI suspect the Board could, and should, issue an edict^W^W^Wadopt a resolution that an application must include full name, email, jid, and employment details. I'm struggling to find if the Board ever has done so in the past, though.
dwdAlso, reading the bylaws, I'm surprised to note that companies can be members too.
SouLhas left
Alexfor reapplliers we never were that strict about this information. I guess because we assume that the info did not change and we got it with the 1st application
dwdRight, something else for the Board to deal with, then.
Alexyes
dwdAlex, You were Chair when that Solarius guy stood without a real name - do you know if the Board "adopted such a form" about member applications then? I thought it did, but I can't find anything.
Edwin MonsI think it did, but the members didn't accept it and voted him down.
dwdOh, so maybe we just didn't vote him in and left it.
Alexit was a long discussion at that time, but I can't remember exactly what the conclusion was. But we accepted his application and at Fosdem verified his idendity when he showed up. That was a strange guy
Edwin MonsI remember Christ had to share a room with him.
dwdI've read through the members@ thread, and also the next Board minutes, and can't find any conclusion. Certainly no Board resolution.
Jefhas joined
Jefhas left
ralphmhas left
Edwin MonsGood thing we have voting-by-proxy, because the meeting is at Sinterklaasavond.
dwdMmmmmm... mini-cookies....
Alexwow 6 voters in the first 60 minutes, looks like we can achieve a good turnout this quarter ;-)
dwdIf we can keep up the momentum...
stpeterhas joined
stpeterhas left
Ashley Wardhas left
Kevhttp://wiki.xmpp.org/web/Membership_Applications_Q3_2013 might need an update.
dwdFor the meeting dates, you mean?
Kevr
Alexupdated
KevMurky buckets.
LloydHas memberbot dropped offline for anyone else?
dwdLloyd, Online for me.
Edwin MonsOnline here.
KevLloyd: Check no-one's been fiddling with your server ;)
dwdAnd responding.
dwdLloyd, Right, could be some dodgy sysadmin breaking things.
Lloyd:P Changes were made last night, gave it a kick earlier for another reason
dwdI quite like Brian Carpenter's note to ietf-disgust saying that the main advantage of all these multistakeholder meeting groups has been to mire all attempts by governments to put international treaties over the internet.
fippoietf-disgust... ;-)
dwdNot, sadly, my gag. I forget who uses that; one of the ADs I think.
dwd*possibly* Adrian Farrell.
Lloydupdate: think it was adium being a pita, using xmpp-ftw to vote intead :)
MattJHeh
stpeterhas joined
jabberjockehas joined
jabberjockehas left
jabberjockehas joined
Simonhas joined
Simonhas left
Alexhas left
Alexhas left
jabberjockehas left
Kev/Now/ memberbot isn't responding for me.
KevI've already voted, but it should still talk to me shouldn't it?
KevAh, there it is. Just lagging a few minutes.
Edwin MonsSame over here.
MattJIt's simulating a real human
MattJor it's actually Alex simulating a bot
Edwin MonsSo you're saying there is no memberbot, just Alex?
dwdOr that Alex is a bot faking being a human faking a bot?
KevOr there's no Alex, only the bot.
Edwin MonsHmm. I'm pretty sure I met someone who claimed to be Alex a few times.
dwdEdwin Mons, Just shows how good that bot is.
Edwin MonsFair point. He/it sure passed the Turing test when I talked to him/it.
Edwin Mons(Alex, not the memberbot)
Lancehas joined
Lloydkev: it was quite slow earlier
dwdLloyd, ALex, or the memberbot?
Lloyd:) memberbot
dwdKev, You're Councilling today, aren't you?
MattJand since membership voting and meetings actually *happen*, it must be stpeter simulating them both
Kevdwd: Yes, 16:10Z
LloydMattJ :D
Kevdwd: Pam?
dwdKev, Just so I could wander into the room and nod politely.
ralphmdwd: like Kev does for Board?
KevI was very good!
Zashhas joined
ralphmKev: one occasion is not a pattern, but can be a good start :-P
KevYou might be overly optimistic if you want a pattern :p
Simonhas joined
bearhas joined
bear5 minutes (or so) to the board meeting
bearcurrent agenda:
- Board Chair election
- FOSDEM preparation update
- IoT Liason update from Peter
- Membership application question from Dave
- Next meeting time
SimonI sent through a couple of things regarding security
dwdSimon had some stuff, didn't he? Or am I confused?
dwdRight. Not too confused.
Alexhas joined
ralphmwaves
stpeterhowdy
bearoh poo
Alexgood
Edwin Monsnods
AlexI missed the last meeting, I huess treasurer and secretary is not yet elected?
Alexhuess==guess
dwdNo, we haven't yet reelected you.
bearhad that in my notes and forgot to add that line
bearhow are we on attendence today - me, dave, ralph, simon
dwdwaves
bearhas someone poked Laura
dwdLaura sent apologies to the list.
bearrealizes he does not have her in his contacts
dwdLloyd, I assume she's still caught in whatever she was called into?
dwdbear, She's not online anyway.
KevBy 'the list' is this members@ or board@?
ralphmyes
stpeterin the past I've encouraged the Board to consider the various "positions" (secretary, treasurer-always-unfilled, and executive director) in January after they've interacted a bit with those currently serving in those roles
Edwin MonsGlad that's cleared….
stpeterperhaps it makes sense to formalize that
dwdKev, I can't remember where she sent her "I might not make it".
ralphmstpeter: I can see the logic in that, yeah
ralphmdwd: on the board list
stpeter(because sometimes we have new Board members and they don't know who all the people are)
dwdstpeter, But not Chair?
bearher missing the meeting note went to the board list
stpeterdwd: the Board selects its own chair and needs to do that straightaway, methinks
bearok, we have quorom, shall we start?
ralphmbear: please
Simon+1
dwdstpeter, Yes, I'm inclined to agree, but it's technically a position just like secretary etc.
stpeterthe Secretary, Treasurer, and Executive Director are appointed or serve at the pleasure of the Board
bearbangs the gavel
stpeterIMHO
stpeteranyway
stpeteroff you go :-)
bearadds the current discussion to the agenda so we can get back to it
bearany items that anyone want to add to the agenda?
bear(I know about the item that I missed from Simon)
bearok, none given
Alexya, the current discussion about election schedules
bearAlex - noted
bearadjusts his pause-o-timer
bearany others?
ralphmnope
bearfirst item: nominations for Board Chair so we can vote on them
KevI think you were going to discuss github for submissions, at some point.
bearyes, but I need to get the git mirror in place before letting the membership know it's a change (well, that's what I was thinking)
bearNominations for Chair - do we have anyone who wants to nominate someone?
Lloyddwd: yeah sorry just caught up, she hasn't arrived back yet so I assume so.
bearnotes that he does not mind continuing in the role
dwdI'm happy to do it, but happy to let you continue if you want.
bearok, Dave has offered what can only be described as a passive aggressive nomination ;)
dwd:-)
ralphmI nominate bear
bearok
bearsimon?
dwdI read bear as nominating himself anyway. :-)
ralphmnods
bearI was leading the charge for passive aggressive nominations
Alexso either fight now, or vote ;-)
bear:)
SimonWhat's Kev's role these days? Would he be eligible for nomination?
Edwin MonsHe's not on the board...
bearkev is a member of the council, not the board
dwdEdwin Mons, The chair need not be on the Board.
Edwin Monsdwd: ah :)
dwdAt least, I see nothing at all in the bylaws that would indicate that.
Alexand voted by board members
Alexor elected
ralphmSimon: did you want to nominate Kev?
dwdThe Board selects its chair, but the chair needn't be a Board member themselves. It's on a par with the other positions the XSF has, like Secretary, Treasurer, etc.
SimonIt would help if we outlined the responsibilites of the chair. What's their role?
bearrunning the meetings
Simon/duties?
Simonk
ralphmSimon: this is outlined in the by laws
dwdThat and, interesting, the Chair has the casting vote in the case of a tie.
bearit's purely administrative - there are some bylaw specific duties that being charted as a org requires
bearin all the time i've been aware of the board, I don't think we've ever had a tie
KevThat's because we try to pick odd numbers for both Board and Council, I think.
Kev(Less important for Council)
bearnods
Lancehas joined
stpeterdwd: the Board has traditionally selected a Chair from among the Board members, but you're right that it's not required by the bylaws
dwdOh, I lie - it's the Executive Director that has the casting vote.
KevThat sounds more familiar.
bearok, the point still remains, does simon wish to nominate someone (or do ralph and dave wish to nominate anyone else)
SimonI nominate Kev.
beark
bearany others?
ralphmnope
beardave?
dwdNo - without anyone else willing to nominate me, I'll withdraw, as well.
bearyou don't have to withdraw IMO
dwdNo, I don't I don't have to. :-)
dwdI know I don't have to, I mean.
ralphmok, so we have two candidates: bear and kev
bearok, so we now have two people, Kev and Bear
bearshall we vote?
ralphmyep
dwdErm, wait.
bearwaits
dwdIt'd be handy to know if Kev accepts the nomination, first.
KevSure, what's the worst that can happen? :)
dwdYou get twice as many minutes to write up?
Kev(I don't like people being on both Board and Council, but I don't think this counts as Chair gets no power)
ralphmKev: that we vote for you and for all the other roles, too?
bearok, Kev has accepted - ready to vote now?
dwdYup.
bearsimon, ralph - ready?
Simonyep
ralphmyeah
bearsound off then please
ralphm+1 for bear
Simon+1 for Kev
bearis going to laugh if this ties
bear+1 for bear
dwdI was wondering about the wisdom of tying it, and therefore letting either Peter pick, or else making Laura do it instead.
beari would say that we send it to laura if it tied
bearbut I would also just remove myself and let kev do it - he has a very capable meeting running style
ralphmdwd: about the minutes, technically it is the Secretary's duty
stpeterI don't think it's appropriate for me to express a preference, given that the Board is the one determining whether I continue to serve as Executive Director with all its many perquisites of power
ralphmstpeter: tough luck, should have written the by laws better :-D
bearany opinion is always appreciated
dwdI'll vote for bear. On balance, I think having Kev as Chair of both Board and Council would probably not be ideal.
bearthe current board "season" has already proved to be very divergent from past ones
ralphmI want to note that I have to leave in a few minutes
KevSafe :)
ralphmdwd: agreed
bearok, I see 1 for Kev and 3 for bear - that is done, i'll continue as Board Chair
ralphmwoot
bearnext agenda item: meeting time - shall we continue with bi weekly for next week and i'll post to the list for anyone to object?
ralphm+1
bears/next week/next meeting/
bearsimon, dave?
dwdI think we agreed on a meeting this time next week anyway.
ralphmindeed
Simon+1 for next week
beark
dwdBut as for ongoing, I'd like to hear from Laura on whether there's likely to be too many clashes for her at this time.
bearmeeting nextg week at the same time slot
bearagreed - we need to put this to the list so she has ample time respond yea/nea
stpeterwhy not weekly? fortnightly can get confusing ("do we have a meeting this week?") -- the meeting can always be short if there's not much to cover, as Council meetings are
ralphmstpeter: I suggested this before, and still agree
Alex+1
bearlooks and wonders why he typed bi above
dwdYes, I agree, weekly is better.
KevI find it works well for Council, even if half the meetings end up being "1. Roll call 2. Date of next"
bearnoted, i'll reinforce that in the email
stpeternods to Kev
bearnext agenda item i'm making FOSDEM report since ralph is time constrained
ralphmdwd had a short chat on this earlier this week
bearis there anything that is board actionable for FOSDEM yet?
ralphmno
dwdNot yet. We're somewhat constrined because we can't really commit until we've heard whether we get the Lounge again.
ralphmwe were talking about doing some kind of t-shirts/hoodies/whatever again
bearhas the wiki page for the next summit been created so we can start to note details and pending decision items?
ralphmyeah, we formally won't know until half december
bearah - ok
ralphmbear: I will do this tomorrow
ralphmeh
bearthanks ralph
stpeterupdates his .plan to find out about travel approvals and reserving space at the Cisco office again
dwdOh, we have quite a large page on SUmmit_15.
ralphmthere is a summit page already, though
ralphmdwd: that's mostly a copy of previous editions
bearyea, it seemed overly detailed
bearok, anything else needed for ralph and FOSDEM?
ralphmbut I think a separate planning page for us would be good
ralphmwith things like the gear we need and stuff
bear+1
bearshall we move on to the next item - IoT Liason report?
ralphmI was happy for the IoT mentioning some stuff for the XMPP UK meetup, and I'd love to have some stuff from them at FOSDEM
stpeterFOSDEM is even earlier than usual this year, so preparation in December will be important
stpeterralphm: yes
ralphmthe location is an ideal venue for things like this
ralphmFOSDEM is hardly earlier
ralphmone day or so
stpetersure
SimonFWIW, I'll be offline most of December and the start of Jan.
stpeterSimon: good for you :-)
Simon:)
ralphmSimon: booh
stpeterok, about liaison relationships...
bearpeter - can you give your IoT liason update?
stpeteras you know, we've received a liaison request from ISO TC 122 (logistics stuff)
stpeterwe need to finalize that
Alex2has joined
stpeterI did send an inquiry to them and they replied, so I will send information about that to the membership
stpeterit was a small issue
Alexhas joined
stpeterbut we need to finalize it
stpeterI'll have time to do that now
stpeterI have also had some preliminary discussions with two other groups
dwdWe were finding out whether the specifications were under NDA or similar, weren't we?
Alexhas left
Alex2has left
Alexhas joined
stpeter not quite NDA
stpeterbut they keep their specs under wraps until finished
dwdRight.
stpeterso if we assign two people (or whatever) to be liaisons, those people couldn't share the documents with, say, any XSF member or even the Council
stpeterworkaround: we could appoint the entire Council to be liaisons, but they might not care about the topics under consideration
bearbut they would not be barred from discussion specific items with council?
ralphmI think at least one should be on the Council
stpeterralphm: good idea
SimonWhat is ISO TC 122? The best I coluld find was the ISO packaging committee
stpeterSimon: logistics
stpeterlorries and such
stpeter"this vehicle did not arrive at its scheduled location on time, has it been hijacked?" that kind of thing
bearfleet monitoring?
stpeterbear: as best I can determine, yes
dwdWe use TLS; we're immune to hijacking, right?
SimonRight. What's the aim of liason - tech help or?
stpeterso let me describe the two other liaison relationships and then I think we can talk in general about our approach
SimonI didn't even need to read the sender of that to know it was a DWD post.
bear:)
stpeterSimon: review their technical specs so that they don't use XMPP in silly ways
beardave - can i watch you try to MiTM a lorrie session?
ralphmthis
SimonSounds very useful and a good way to generate an XEP down the road.
stpeterthe other two are IEC TC 57 (electrical grid stuff) and UPnP Forum
Kevbear: Sorry, with that comment I'm forced to post http://b.oooom.net/1r8t
stpeterIEC TC 57 seems to be interested in using XMPP in ways similar to the OpenADR folks did in the USA, but globally
stpeterI reviewed the OpenADR work informally (no liaison relationship needed) last year
stpeterIEC is more formal
bearkev - that is an epic video IMO (and i'll stop derailing the thread now)
dwdIf they're extending, rather than using existing stuff, do we want them to do so within the XSF and the XEP framework, or don't we care?
stpeterso they'd want something similar to what we do with ISO TC 122
stpeterso far, these have not been extensions but "profiles" that re-use their existing XML payload formats
stpeterthey're just using XMPP as a transport
stpeterat least during the initial phases
SimonWhile on the subject of liason, it would be great to help out the mozilla folk more in their wg-presence list.
stpeterSimon: yes
bearsigned up for wg-presence mailing list last night
stpeterthe other liaison relationship people have been exploring with me is UPnP Forum, which is basing its "UPnP Cloud" technology on XMPP
dwdstpeter, So how does the UPnP stuff work in terms of specification access?
stpeter(BTW, the last two have come about through people within Cisco poking me to help out since I'm the "XMPP Guy")
stpeterdwd: I am not sure yet about that -- the discussions have been quite preliminary and I don't know the details, although I was on a call with some of the UPnP folks recently and they asked me some technical questions about XMPP
stpetersince I work at Cisco and Cisco is a corporate member of these organizations, I haven't needed to sign an NDA or become a formal liaison or anything like that
stpeterbut both IEC and UPnP Forum seemingly would like to also establish a more formal relationship
SimonI'm happy to add my name to a list to help out with liason (inside or outside of any official role). Can sign any NDAs privately too.
dwdThat seems like really good news.
stpeterXMPP is now an old technology and these more formal SDOs are getting interested in using it :-)
stpeterso the question for the Board is, do we want to set some guidelines for establishing liaison relationships with other SDOs?
SimonThat's it I'm leaving - you make me feel old.
dwdstpeter, It'd be useful to steer these guys into working "our" way as much as we can, but it's good that they're inetersted at al.
stpeterwe have 3 in the pipeline now, and might have more in the future
bearI think we need to have a wiki page (or something) that outlines how a group can make contact with us for that
dwdstpeter, Is there anything you need form us at this stage?
stpeterdwd: these organizations are quite formal in how they work, especially ISO/IEC -- they're multistakeholder organizations etc.
stpeterdwd: so I don't think we'll steer them anywhere :-)
stpeterdwd: I think we need direction from the Board about our preferred way of working here
bearat a minimum we can make sure XMPP is not dismissed for bad information or FUD
dwdstpeter, Right, but since we have a formal membership, I was wondering if all members could get access to the specs for liason, etc.
stpetere.g., "at least one Council member"
SouLhas joined
SimonI guess this really depends what they are looking for? Technical help? Design help? Protocol approval?
stpeterdwd: typically these groups seem to want consolidated feedback, so opening up access to all XSF members might be complicated
stpeterdwd: e.g., do we need to take an XSF vote on our review feedback?
dwdstpeter, Yes, we'd want communications to be formalized through a liason.
stpeterSimon: good question
bearthis really sounds like something that the Council needs to be a part of - since that is the group the membership bestows formally the task of ensuring technical accuracy
SimonSo this could be a working-group scenario (probably staffed by fine council members)
dwdstpeter, As far as choice of actual liason goes, the COuncil ought to be selecting the people.
stpeterSimon: in my experience so far, these groups have independently decided they want to use XMPP, but they're experts in other domains so they want someone who knows about XMPP to give them some design help with the XMPP aspects and review their work so that what they produce is consistent with the Tao of XMPP
Kevdwd: I think that's something Board should give blessing to, if that's what we do.
AlexI also think working group, maybe only with elected members from the council or board
stpeterI note that in the IETF, it's the IAB (not the IESG) that appoints liaisons
bearat first we could consider it a board+council working group and if membership expresses a strong desire we can make it another voted group?
KevThese are people representing the XSF, in private. There's clearly relevance to both parties.
dwdstpeter, Right, but the XSF Board isn't the IAB, the XSF Board is the ISOC Board.
stpeterdwd: no one knows what the IAB really is ;-)
stpeterbut anyway, we need to figure this out
dwdstpeter, However grew the biggest beard.
dwdWhoever, even. My typing's gone today.
stpetermy preference is to have only a single liaison or a small number of them
stpeternot the whole Council or the whole membership
bearsingle liason from a small(ish) pool?
dwdOK, so I'll suggest that the Council provides nominations for liasons to the Board on a per-project basis, and the Board ratifies that.
stpeterI'd be fine with the whole Council, actually, but they have enough to do
stpeteranother question is whether liaisons need to be XSF members
stpeterdwd: that approach seems reasonable
bearI want to say yes to that - as liason will represent the XSF
dwdOh, indeed... Yes, I think we do want liasons to be XSF members typically.
stpeterbear: yes, I think so
dwdIt's not clear if we want this to be an unbreakable rule.
stpeterdwd: not clear to me either
bearI don't like unbreakable in general
stpeter:)
bearbecause a person may be needed due to problem space expertise
stpeterwe could consider a liaison team to be a work team per the bylaws
stpeter(btw)
bearin that case we should have both
dwdIf we had, say, two people on the liason team, I'd be happy to mandate that one of them must be XSF.
bearyes
SimonSo let's do this on a case by case basis until we have a repeatable pattern. I'd be happy for the first liason to be made up of a council working group of ~3 people that feel strongly about the topic and can sign up/and sign an NDA to work on the topic.
dwdstpeter, Yeah, that's XSF members only, right?
stpeterdwd: yes
bearpeter - agree that liason should be a work team
dwdbear, That does make it an unbreakable rule that the liasons are XSF members.
KevIs this a particularly productive discussion about a situation that hasn't come up? :)
bearok, following simon's lead: we (the board) will ask the Council to nominate 2+ people to form the initial liason team and then iterate on that as needed
stpeterSimon: that's a good question, I don't know if these groups do have formal NDAs but it's something similar (and that's something the XSF is probably committing to by setting up a liaison relationship although right now I don't recall the details for ISO and I haven't heard about them yet for IEC or UPnP)
stpeterKev: :)
dwdLet's keep XSF members only for now. If something comes up where we can't fulfill that for some reason, we'll tackle it then.
stpeterKev: I was suggesting that we use the work team model because it's already in the bylaws and we don't need to design new process for it
dwdSo, also, yes - use the work team model.
bear+1 to work team model
bearok, do we have any other colour choices for this bike shed?
stpeter:)
dwdbear, So I'd like to move that for any liasons, the COuncil nominates a small team (1-3 typically) to act as liason work team, which the Board ratifies.
stpeterhttp://xmpp.org/about-xmpp/xsf/xsf-bylaws/ Article VIII by the way
stpeterdwd: seems reasonable to me
bearI suggest that we take dave's summary as our actionable item for this
Simon+1
bearralph?
bear(wondering if he is even still here)
dwdGone I think.
dwdBut we're still quorate.
beark
dwd(just)
stpeterdwd: you love the word 'quorate' don't you?
bearKev - what is the best place for the board to ask the council for this - on the mailing list?
stpetermembers@ list I'd think :-)
KevPoke me on the Council list to put it on the agenda, I"d have thought.
stpeterother members might have ideas too
dwdstpeter, You're upbraiding me for linguistics? Pot, kettle, black!
SimonWhat's next on the agenda?
KevAnd sure, copy members@.
bearPeter - can we then get you to post that request for the current liason spot on members@ to the council
bearnotes he is moderated for council@
stpeter" - Membership application question from Dave"
stpeterbear: sure
dwdDefer it until a next meeting.
SouLhas left
Kevbear: Poke me via IM to try and fix that, or Peter.
bearkev - will do
bearok, dave's question is deferred to next
bearthat leaves simon's item about planning for security day
stpeterbear: fixed
bearthank you sir
SimonWe really need a good set of technical documents on how to pass the security day. And we need to start ramping up publicity for it.
dwdSimon, I'd rather defer your publicity questions until Laura is present.
SimonI've tried to have some of these here. http://wiki.xmpp.org/web/Securing_XMPP
Simonpublicity we can do with laura - sure
bearwe can raise the issue now to get started, most of this I think should be on members@ list
SouLhas joined
Simonbut we should think about nudging the different XMPP server groups to publish the bare minimum to pass the tests.
stpeterSimon: yes
SimonI'll start this with a post to jdev
stpeterSimon: great!
Simonand we should also ack the great work that thaijs has been doing on the xmpp.net project.
stpeterSimon: I'm happy to poke people like Matthias and Artur directly, too
Simonthat's the most amazing piece of light shining into the dark corners of insecurity.
bearagreed
SimonWish we had something like that to test XEPs :)
bearthat is something we can discuss with Laura, ways to show focus on members activities
stpeterSimon: actually, the UPnP folks asked me about compliance testing suites but I didn't have much to offer
Simonok then that's my bit - but everyone please keep tweeting and mentioning the upcoming date.
Simon4th Jan :)
stpeterSimon: will do!
bearif anyone wants to see a blog post happen, please do poke me via IM or email and I'll generate one
Simonthe DNSSEC stuff isn't doing any harm with the IAB either :) Dan York loves us.
stpeteryep!
dwdAlso pleasing to see Hannes joining in.
stpeterDan and I plan to write an Internet-Draft about being a "Jabber scribe" (as they call it) during IETF sessions
SimonHannes?
stpeteranother IETF character
dwdTschoffenig.
dwdAuthor of the most Internet Drafts, I seem to recall.
Simonright - so that's my security bit for this week.
stpeterHannes Tschofenig
bearthat is the last agenda item, any agenda bashing for this meeting?
stpeterno AOB here
dwdNone from me.
KevI note we need to think about GSoC at some point. Potentially not now.
bearnoted
Kev(But agenda for next week would be good, please)
stpeterI have a huge presentation to make internally in 15 minutes so I'll ignore this XMPP stuff for a little while
bearthe only board business left to do is to affirm roles
bearsecretary, ED and so on, but I don't mind at all deferring that to another meeting
bearso that the new board folks can acclimate
dwdbear, stpeter suggested doing that in January.
bear+1 to that
bearok, then I am calling this meeting done - any objections?
stpeterno objections here!
bearsimon, dave?
Simondone
dwdClose away.
bearany volunteer for meeting minutes - if not, I will do them tonight
stpetergotta run, bbl
bearand I'll post the meeting announcement with agenda list to members@ tonight also
stpeterhas left
bearok, meeting is done
bearminutes and agenda will be sent to members@ by me tonight
bearthanks all for a most epic meeting
dwdlooks at the time.
dwdYup. Epic. :-)
bearyea, seriously not a Kev quality meeting today ;)
KevFour times as good as a Council meeting? :)
bear:)
bearboard meeting notice sent to members@
bearmore details to follow, switching of to $dayjob now
bears/of/over/
Simonhas joined
Ashley Wardhas joined
Simonhas left
KevMy understanding is that all that's going to happen on 4th January is that people will need to have some sort of cert in place, is that right?
Kev(That is - no-one's going to be requiring TAs and valid certs)
fippokev: that is my understanding as well. require TLS, but don't check certs
fipporeminds me that technically we should have a spec for starttls+dialback by then
fippopokes dwd
KevGood, it'd be a shame to have to replace my five-year-old cert. I've gotten attached to it :D
fippothat's actually one of the questions we need to work out for that
Lancei'll be sad to see fippo have to replace his cert too :p
fippoI'd say that for starttls+dialback only non-trusted or self-signed are egibly
fippobut no certs that have expired or where the hostname doesn't match
KevBecause a self-signed cert that's expired is less trustworthy than a selfsigned that hasn't?
fippono. because expired certs like mine should break
fipposo i am forced to update it
fippoand more important, so i notice something is wrong
KevAnd ADH is better or worse than an expired self-signed cert? :)
fippoit talks about a certificate in alot of places though.
KevIt's not immediately clear to me that anonymous+dialback is any worse than untrusted+dialback
KevIs it?
fippoi think they're the same as far as starttls+dialback is concerned
fippountrusted+dialback has some advantages for d-w-d
Ashley Wardhas left
Ashley Wardhas joined
KevAnd pinning.
KevInterestingly, though, -PLUS+ADH would still be better for clients that any other mech+a trusted cert, I think?
KevWell, depends what you consider the attack to be, I guess.
MattJWith -PLUS I don't think it matters whether you use ADH or any kind of cert
KevIt does if you think the password might be compromised elsewhere.
Lloydhas left
bearhey - can I suggest you guys talk about this over in jdev?
KevThe XSF isn't an appropriate venue? :)
bearit is - was just tyring to raise the awareness higher and jdev has more lurkers
Ashley Wardhas left
Ashley Wardhas joined
SouLhas left
SouLhas joined
Ashley Wardhas left
Ashley Wardhas joined
Jefhas joined
Jefhas left
Ashley Wardhas left
Simonhas joined
Simonhas left
Simonhas joined
SouLhas left
SouLhas joined
stpeterhas joined
Simonhas joined
SouLhas left
Simonhas left
Simonhas joined
SouLhas joined
SouLhas left
SouLhas joined
Jefhas joined
MattJSimon, the "Securing XMPP" is making me uneasy
MattJ^ +page
Simonwhat's up?
MattJIt's just looking so complex...
SimonI know.
MattJwhen the correct answer for Prosody users is really just... make sure you're running the latest versions of everything
MattJI can't speak for other implementations
MattJDANE is complicated and would need a whole tutorial by itself, it's not production-ready yet IMHO
SimonAgreed. Let's cut it out.
MattJWe need better docs, but I don't think it belongs in a high-level page such as this
MattJI need to work with Zash and other folk who have it deployed already to document it
Zashmod_s2s_auth_dnssec_srv isn't DANE
MattJMore testers and we can iron out the implementation and setup procedure
SimonPresumably on 4th Jan ops will need to add c2s_require_encryption = true
s2s_require_encryption = true
?
MattJZash, there was a mod_dane or something though?
ZashMattJ: No
MattJSimon, yes, that makes sense - I'm happy with that being on that page
MattJBut cipher strings and such... I'd rather users just leave that stuff to us, unless they really know what they are doing
SimonAlso Prosody seems to treat client and s2s connections the same.
SimonSo we should just have a general section.
ZashTreat how?
SimonI mean with keys and ciphers.
MattJYes, it does (though in trunk you can separate them - most people don't need/want this)
SimonBut yeah - it's late now, but I'd like to restructure the page more as a "for things to work on 4th Jan, you need to add the following to different servers" page.
SimonPromise to look at this in the morning.
MattJI can help with that perhaps, I think most of the information is there now
MattJIt just needs restructuring and simplification
MattJboiling down to the essentials
SimonI suggest we structure it by Server, not c2s and s2s as teh page is done now.
MattJAgreed
Simonthen we have just the commands for each server.
MattJI think that will help a lot
Simonyep
stpeter+1
stpeterthat all sounds good
MattJOh, and that reminds me I have some stats to post to jdev
stpeterstats++
SimonBTW, I ran into a bit of an issue with Prosody. I'd sort of assumed that I didn't need to install an intermediate certificate from my ca. Found out the hard way.
stpeteryeah, intermediate certs are a pain
Simonit might be nice to be more explicit about this in the docs.
MattJA certificate issues by an intermediate CA is rarely usable on a server without the ICA's cert somewhere
MattJYes, I'll fix that :)
MattJ*issued by
SimonXMPP.net is great for testing these things though :)
stpeteryeah for sure, Thijs rocks
MattJ+1
bear+1
fippoabout 1000 times as much as my 2007 openssl s_client patches ;-)
stpeterwe should give Thijs an award of some kind at the next Summit :-)
fippofree spare ribs?
stpeterI still have on my desk the "Jimmie" award I earned in 2000 :-)
SouLhas left
bear:)
stpeter"Best Performance by a Deity" :-)
Simon+1 on awards.
stpeterI need to take a picture of that
ralphmhas joined
SouLhas joined
MattJSimon, I've updated the docs on ICAs and simplified the wording now
Simonexcellent :)
SimonI'm re-layingout the wiki page now.
Simonto the chagrin of "come to bed now Simon"
Simonwhat is wrong with me.
MattJ:)
Simonok - slightly better formatted now.
Simonhttp://wiki.xmpp.org/web/Securing_XMPP
SimonPerhaps we add "optional" to the gmail.com exclusion
ZashAnd that's also not going to work
MattJYeeah, we have a small issue there
Zashs2s_insecure_domains isn't exceptions to the encryption requirement
SimonI'll let you guys look after the prosody config :)
MattJI can hack this into mod_manifesto though perhaps :)
stpetercan we do even unauthenticated encryption with gmail? even anon-DH would be better than nothing
MattJstpeter, nope
MattJThey have no TLS whatsoever
stpeterSimon: thanks for the updates, time to go to bed!
stpetersigh
SouLstpeter: +1
SouLgnight
stpeterthey're encrypting stuff between their data centers like made, but don't care about user communications?
stpeters/made/mad/
MattJand Prosody's s2s_require_encryption has no exclusion list
SimonThat could be a bit killer. Certainly for me I'm not goting to get a bunch of folk off gmail for a while.
SouLhas left
stpeterSimon: yeah I know :(
stpeterSimon: worry about that tomorrow, ok? ;-)
Simondeal
Simonnight all
stpeter:)
MattJ'night :)
SouLhas joined
Zashhas left
bearI see gmail folks moving on this only after we can show serious peer pressure that they are the *last* one to be insecure
stpeteryes
MattJCall me cynical, but I doubt it somehow
stpeterperhaps they'd rather turn off federation entirely
bearyea
MattJI think federation is hanging by a thread (or maybe a piece of string) - their reaction to the peer pressure could be that someone there realises this is their last insecure service
MattJand then decides it's best turned off
stpeterright
stpetereveryone move to Hangouts and be done with that pesky interoperability stuff
MattJ:)
bearsit in your silo and be happy already
stpeterheh
SimonMatt - what is happening with your sign-up service?
Alexhas left
stpeterSimon: go to bed already!
MattJSimon, you were getting some sleep
MattJand... I'm hoping to get to it at the weekend
stpeterSimon: I'm going to kick you out!
Lancesomeone just kick him from the room already :p
MattJIt's currently a weekend-only project (I'd like to remove myself as the bottleneck ASAP though... get it up on github or something)
psahas joined
MattJpsa means business
bearLOL
beardoes prosody (or other xmpp servers) allow UDP connections?
psahmph
bearand ... I see Matt answering
psahmph, I can't figure out how to kick people in Adium :P
MattJbear, XMPP over lossy transports will be... unpleasant ;)
psa/help
psahmph
bearugh - it won't let a mod kick a mod
psano, it's a UI or PEBKAC issue
bearI just tried it using swift
psaI can't figure out how to kick anyone
bearOccupant role change failed: Not allowed
bearthat's the error I got
psadamn MUC protections!
psasecurity be damned!
MattJbear, XEP-0045 says you have to demote first :)
psastupid specs
psaevil corporations defined this garbage!
psaheh
Lancealright guys, lets make a new room and all move there
MattJI'm sure half the people on standards@ would agree with you
psahas left
MattJand the other half won't
stpeterwell, Simon got the message :P
bear:)
bearMattJ - yea,udp seems overkill, maybe they are solving/asking the wrong question
MattJIf they really want presence over UDP... SIP? :)
Simonhas joined
Edwin Monshas joined
ralphmstpeter: maybe not
stpeterralphm: we just don't know, do we? if the right people read your + posts, things will all turn out well ;-)
Simonhas left
ralphmstpeter: hmm. I think the technical people mostly did, but have no say
stpeterralphm: likely
bearwhich post?
stpeterthat's how big companies often work (i.e., evil corporations)
ralphmI like how hangouts recently addes things like moods, in-call and device status. http://m.iclarified.com/entry/index.php?enid=35592
ralphmadds
ralphmbear: the ones rectifying google back in May
bearah - ok, thought maybe I broke my reading list again
XSF Discussion - 2013-11-20