-
jonasw
Holger, I have a hard time following the argument. What’s wrong with having a http_upload_hmac_secret: "…" option in the cluster configuration shared by all nodes?
-
jonasw
just like web services have a CSRF secret or something. I don’t see any difference. unless you want to have different quotas per-user
-
Holger
jonasw: Nothing wrong with it.
-
jonasw
so that would do the trick as hmac(cluster_wide_key, jid) for dirnames?
-
Holger
Yes sure.
-
Holger
There's no "argument" besides it solves an issue I didn't try to solve.
-
Holger
If your goal is anonymous file sharing, HTTP upload is the wrong tool I think.
-
Holger
That said, I'd be fine with adding such an option as soon as there's any demand outside this room 🙂
-
jonasw
hah
-
MattJ
Guus, ralphm: you guys both still up for the board meeting later?
-
Guus
MattJ: I am available.
-
Ge0rG
Finally a vote to abolish Pidgin?!
-
MattJ
I'm suddenly ill, I can't attend :P
-
MattJ
Avian flu, probably
-
moparisthebest
daniel, SamWhited look google thinks self destructing emails is a good idea too https://www.theverge.com/2018/4/13/17233504/gmail-design-confidential-mode-feature ...
-
ralphm
set the topic to
XSF Board Meeting | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings
-
ralphm
T-7min
- ralphm bangs gavel
-
ralphm
0. Welcome and Agenda
-
ralphm
Who do we have?
-
Guus
hi
-
Guus
Nyco and Martin apologized, MattJ probably responds after this ping.
-
MattJ
Hey
-
Guus
see? 🙂
-
jonasw
as it has been foretold.
-
Ge0rG
impressive :)
-
MattJ
:)
-
ralphm
wow
-
ralphm
Any new things not in Trello?
-
Ge0rG
The Pidgin vote.
-
Guus
Is that a board issue?
-
ralphm
I don't know what that means. Ge0rG is this a serious topic?
-
MattJ
I think Board are being asked to resolve a difference of opinion, in summary
-
Ge0rG
ralphm: semi-serious, it's about https://github.com/xsf/xmpp.org/pull/425 and whether we want Pidgin on the list of XSF-approved XMPP clients
-
ralphm
I'll add it to the agenda
-
ralphm
1. Minute taker
-
ralphm
Who?
-
Guus
(not me, this time)
-
Guus
(also. did I forget to do it last time?)
-
jonasw
(can’t promise anything (like, not leaving in the middle of the meeting for an hour or two), so won’t volunteer)
-
ralphm
We're done at 14:00 UTC
-
jonasw
(I’m aware. that doesn’t change it unfortunately :()
-
ralphm
I'm going ahead hoping somebody does this, even retroactively
-
MattJ
I'll do it
-
ralphm
2. Topics for decisions
-
ralphm
Well, I guess we have the PidGin item
-
ralphm
Can somebody give a summary?
-
jonasw
ralphm, somebody tried to renew the listing for pidgin on the client list, and some people raised voice against it being listed there.
-
jonasw
for compatibility reasons
-
ralphm
I don't think this list has ever been a Board topic before
-
jonasw
it has.
-
Ge0rG
the intention of the new software listing rules was to rule out unmaintained software and software where the developers don't care about the listing. There is a very implicit requirement of project members submitting the item.
-
jonasw
I’m pretty sure that it was discussed by board when the renewal-policy was introduced.
-
Ge0rG
It was indeed. Roughly a year ago.
-
ralphm
I mean we didn't make decisions on the content of the list
-
MattJ
It was a definite shift in the purpose of the list though
-
Ge0rG
I don't know if #425 was created by a Pidgin project member, and technically there _was_ a new Pidgin release, so it's not unmaintained. But everybody agrees that it's a horrible XMPP client and maybe even that it's damaging XMPP's reputation
-
MattJ
What we had before was an extremely long directory of every XMPP (and Jabber) software ever written
-
MattJ
and we agreed to introduce changes to ensure the list is more current, by requiring projects to re-list periodically
-
Guus
Without enforcing a ruling, perhaps board can offer an opinion?
-
Guus
would that suffice?
-
ralphm
Who maintains the list?
-
Kev
From the peanut gallery, I think if this is a Pidgin person asking for it to be listed, it should be listed, otherwise not.
-
jonasw
whoever has power over the merge button, taht’s at least guus and me.
-
Guus
whoever has commit rights.
-
Guus
I'm not sure if we have a defined WT for website maintenance.
-
Ge0rG
Kev: formally, you are right. But IMVHO this is also a subjective issue of whether we want to serve our community well.
-
Kev
I agree, but I think we either have to curate the list, or not curate the list, not having uncurated except for one excluded project.
-
Guus
Answering the peanut gallery: I'd not be opposed listing software even if it was asking to be listed by end-users, instead of developers.
-
Guus
I would, however, not oppose a semi-objective "compatibility" rating for each of our listings - if it's not to detailed.
-
Ge0rG
Kev: as it is right now, this list looks like the officially endorsed clients™, and I'm not sure we really want to endorse every client that applies for the list.
-
MattJ
Ge0rG, I share your opinion that Pidgin's current situation is not helping us, but I don't think we've actually made that decision to make the lists "only software recommended by the XSF"
-
Ge0rG
On the other hand we don't have a proper way to objectively describe client quality
-
MattJ
and that's a difficult subject that has never been solved in the years we've been discussing it
-
Ge0rG
MattJ: I'm talking about the impression to new users, not about our internal bureaucracy.
-
Ge0rG
I'm well aware that my counter-point of the PR (probably) not originating from a Pidgin developer is just a fig-leaf excuse to not have it listed.
-
Guus
I think it is useful for people to know that Pidgin can do XMPP (even if its implementation is crappy, at best).
-
Kev
I think the best objective measure we have at the moment is "Has the project itself asked to be listed".
-
Ge0rG
Guus: people who already use Pidgin are probably aware of that. Do you want people who are learning about XMPP to end up with Pidgin, though?
-
Kev
If the project itself doesn't care to list itself as an XMPP client, that suggests to me that it's better off not listed.
-
Ge0rG
Kev: I think (hope) this is uncontroversial.
-
Ge0rG
OTOH, Guus disagreed earlier today.
-
Kev
Ge0rG: Guus was disagreeing :)
-
ralphm
I have to agree that what Kev said is the only objective thing we have
-
Ge0rG
short of verifying the Compliance Suite 2018 compatibility.
-
Ge0rG
But if we enforce that, we will end up with a _very_ _short_ list.
-
ralphm
And I might not like Pidgin, but that's subjective. If you want objective, you need to say: all listings have to comply with something, like the Compliance Suite. I don't think we did that before.
-
MattJ
Ok, so I think we need to make a decision on "project members only" or "anyone"
-
Kev
We did, FWIW.
-
MattJ
Kev, in the past you mean?
-
Kev
At the Summit where this policy was created.
-
Kev
And it was Project Members Only.
-
ralphm
Is darkpsy3934 a project member?
-
Ge0rG
in that case we should make it more explicit in the README.
-
Guus
I don't recall (not saying it's not true), but I certainly do not enforce that.
-
MattJ
Kev, defining project members is tricky for FOSS
-
Guus
(as I don't know how to enforce that)
-
MattJ
commit access? maintains the documentation? Non-coding community manager?
-
Ge0rG
MattJ: it's tricky, but something like "does regular contributions and can influence (the other) developers" would be a good start.
-
Ge0rG
MattJ: once we get a hold on somebody who cares and can do that, we can shame them into implementing the most basic interop things. Like the 8-years-pending Carbons support.
-
MattJ
I think we need to separate the Pidgin situation from this :)
-
MattJ
If we're not setting a baseline technical requirement, Pidgin qualifies
-
Ge0rG
MattJ: that was just a figurative example.
-
MattJ
and I assume they have at least 1 active team member, who will ultimately ask us to list the project
-
Guus
I think we'd best not add any complexity to that adding-things-to-the-list thing.
-
ralphm
MattJ: I agree
-
MattJ
So the question is simply what our requirements are in general
-
ralphm
I understand Ge0rG's concern, and probably agree that I'd like Pidgin to do better, but I don't see enough reason to reject this request.
-
Dave Cridland
Well. 1) Are there any requirements on the software listed. 2) Are there any requirements on the person listing.
-
Ge0rG
ralphm: Pidgin has failed to do better for a very long time now.
-
ralphm
I'd prefer having a list of clients that at least one person cares about, over an overengineered process.
-
Guus
ralphm, that's the gist of what I'm thinking too.
-
ralphm
AFAIK the only requirement is 'somebody asks for inclusion at least once a year'
-
Ge0rG
ralphm: having a software listed on that page is (to an outsider) equivalent to us, the XMPP organization, endorsing its usage.
-
Dave Cridland
ralphm, Could I submit bash?
-
Ge0rG
Dave Cridland: ITYM openssl s_client
-
Dave Cridland
ralphm, Could Donald Trump submit the White House Website?
-
ralphm
yes
-
Guus
Dave, you could submit it, but I (as someone who has the ability to merge the request) would reject it
-
Dave Cridland
Guus, On what grounds?
-
Ge0rG
Guus: on what grounds?
-
Guus
on my semi-objective opinion that it's not an XMPP client or server.
-
Dave Cridland
Guus, Because you're telling me now there's a line. I'd like to know what that line is.
-
Ge0rG
Guus: it fulfills the technical requirements.
-
ralphm
Dave Cridland: please suggest an alternative
-
Guus
Dave: I've previously not accepted PRs for projects that were silos.
-
Guus
(xmpp based silos, but silos)
-
Ge0rG
ralphm: "a project member submitting the project to indicate that they care about XMPP"
-
Guus
there's a degree of subjectivity in there - and I'm fine with that.
-
Dave Cridland
ralphm, I'm trying to find what the current policy is, before suggesting a new policy that differs.
-
ralphm
TBH, an XMPP client is something that implements XMPP IM
-
Guus
as a point of order: I can't overrun this meeting. We should conclude this, or resume next week.
-
ralphm
We have no objective requirements on UI
-
Ge0rG
ralphm: so a text window where you enter XML qualifies?
-
ralphm
Dave Cridland: I think the current policy is: somebody can submit an XMPP Client (whatever that means) once a year, and it would be included.
-
MattJ
I think this discussion isn't very useful right now
-
MattJ
Pidgin is no doubt an XMPP client
-
Kev
If the criterion is "Person with website commit access gets to choose whether it's listed or not", then we should say that. I don't think it's a good policy, but at least we'd be stating it, and it's different from what we've stated before.
-
ralphm
Ge0rG: I want to note that compliance suites also have no such requirements
-
Dave Cridland
Kev, +1
-
Ge0rG
> To achieve this, the XSF Board has decided that all implementations have to reapply once per year, to ensure that they are still actively maintained and that the listed info is accurate.
-
Ge0rG
This is from my mail to jdev@, Thu, 23 Mar 2017
-
ralphm
I think all of this work is best effort and there is no completely definitive answer. Some person is going to accept or reject and then maybe somebody else has opinions later
-
Kev
ralphm: Then just go with my suggestion above.
-
MattJ
I propose that we currently vote on whether to accept this PR. If someone objects, state why so we can resolve it for next time
-
Kev
It is clear. Not good, I think, but clear.
-
Guus
Kev, where 'website' is our website, not the project applying, you mean?
-
Kev
Yes.
-
ralphm
MattJ: but I don't want to have to vote on this every time.
-
Kev
If we're being arbitrary about it, it is best to be explicit that we're arbitrary about it.
-
MattJ
Agreed, neither do I - but what we decide ultimately sets a precedent and we can document it
-
Kev
Rather than pretending we have one rule, and acting on another.
-
Guus
Kev: I don't agree that it's needed to be explicit about that (don't mind to much either)
-
Kev
I'm vanishing now anyway.
-
ralphm
In that case, I move we accept this request to add Pidgin on the grounds that it is an implementation and somebody wants it added for another year
-
Guus
I think we're somewhat overcomplicating a proces that has worked pretty well so far
-
Guus
it's jsut this Pidgin thing that now acts up, which is understandable.
-
Guus
ralphm: +1
-
Guus
also, I need to be going. Can stick aournd for a couple more minutes at best.
-
MattJ
I'm -1, because I think we should limit submissions to people affiliated with the project to ensure accuracy of the submitted data
-
MattJ
and it's not clear that this person is affiliated in any way, other than as a user
-
Guus
mattj, the person merging assures accuracy.
-
Guus
(at least, I check if the name / website exists, and that's pretty much it)
-
MattJ
If all the data is trivially verifiable, then I'd be fine with that
-
Guus
"all the data" is just the name and link to the project site
-
Ge0rG
I still think that this is a huge disservice to our community.
-
MattJ
Ok, then I'm +1
-
Guus
Ge0rG, I hear you, but I disagree.
-
Holger
FWIW, I would think Compliance Suite compatibility would be a good criterion. The resulting list will be short because there isn't many good clients, but I don't see how it helps the end user to make it longer by filling it up with not so good clients.
-
Ge0rG
Holger: it could end up with Conversations as the only client.
-
Guus
Ralphm, can we conclude the meeting please? 🙂
-
MattJ
I think as a separate task, we should add a field for latest supported complaince suite
-
ralphm
yes
-
MattJ
But that's for another day
-
Holger
Ge0rG: I'm not sure that's true. If it is, so be it.
-
ralphm
3. AOB
-
Guus
MattJ: some form of conformance should be added, yes. Not sure if it needs to be compliance suite or not.
-
Ge0rG
Guus: it's the most logical one.
-
ralphm
nothing today
-
ralphm
4. Date of Next
-
ralphm
+1W
-
Guus
(no aob for me)
-
Guus
+1w wfm
-
MattJ
wfm++
-
ralphm
5. Close
-
ralphm
Thanks all
- ralphm bangs gavel
-
MattJ
Thanks ralphm
-
Guus
thank you, and goodbye
-
Ge0rG
Thanks everyone.
-
Holger
Maybe the Compliance Suite or the referenced XEPs need fixing if nobody is able to implement it.
-
Holger
Ge0rG: But doesn't Gajim also meet it? And maybe even ChatSecure these days?
-
Holger
Maybe also JSXC and/or Movim ...
-
moparisthebest
I would also like to see License listed there
-
ralphm
set the topic to
XSF Discussion | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings
-
Ge0rG
moparisthebest: how is that relevant?
-
Holger
I'd like to see programming language :-)
-
moparisthebest
Ge0rG, so you can quickly rule out crap you can't use :)
-
Ge0rG
I'd like to see a commit graph of the last 365 days.
-
Ge0rG
moparisthebest: crap and license are completely orthogonal
-
moparisthebest
the last entry for example uses some custom license which makes it worthless
-
moparisthebest
'you can look, but not touch'
-
Ge0rG
moparisthebest: people who care about software licenses are typically sufficiently competent to obtain that information on their own.
-
moparisthebest
well sure, you can search each individual website for such info, but it's time consuming and annoying
-
Holger
moparisthebest: How much time have you spent searching XMPP client web sites for licensing ingo?
-
Holger
info even
-
moparisthebest
I think if authors have to submit the info, it'd be a good chance for them to put the license
-
Ge0rG
moparisthebest: the alternative is this: https://en.wikipedia.org/wiki/Comparison_of_instant_messaging_clients
-
moparisthebest
Holger, wasted a few minutes on the last one :)
-
Ge0rG
moparisthebest: it would be good to have it in the JSON, but not in the rendering.
-
Ge0rG
moparisthebest: "a few minutes" is not a valid reason.
-
moparisthebest
oh well that'd be fine with me too Ge0rG , just as long as it existed in an easy to find/standard way I think that'd be excellent
-
Holger
Of course now you made me curious about the Zom license.
-
Ge0rG
moparisthebest: make a PR to extend the JSON format.
-
Ge0rG
moparisthebest: also add an icon field while you are at it ;)
-
Holger
And programming language!!
-
MattJ
I'd much rather move to the model we've discussed many times, where projects host this info themselves in some standard format
-
MattJ
But guess what, it always comes down to a JSON vs. XML debate :)
-
moparisthebest
maybe a compromise could be made on YAML or TOML or something :P
-
moparisthebest
that way *no one* is happy
-
MattJ
Link Mauve posted some concrete proposals to the list a while back
-
Holger
But then there's a nice project that fails to do this ...
-
Ge0rG
Holger: yaxim doesn't have XEP-0368 (failing Core Client), avatars/vcard (failing IM Core Client), and push (failing Mobile Advanced Client).
-
MattJ
and they don't get listed, poor them. They're probably not a nice project :)
-
Holger
Ge0rG: Then that's either a good reason not to list it or there's something wrong with the Suite.
-
Ge0rG
Holger: or both.
-
Holger
Yes :-)
-
Ge0rG
Holger: of these I consider only MAM as mission-critical. But I wasn't able to convince the XEP author.
-
Ge0rG
wait, MAM isn't even part of my list because it's Advanced IM
-
Holger
0368 seems totally optional to me. For the others I dunno.
-
Ge0rG
Holger: I have the highly controversial opinion that ensuring reliable message delivery is the most important task of an XMPP based IM solution.
-
moparisthebest
it looks like it says TLS is required, and that you could get it by implementing either 368 or STARTTLS
-
Holger
But I have no idea what the purpose of a Compliance Suite might be if it doesn't even work as a criterion for recommendable XMPP software.
-
moparisthebest
unless I read it wrong?
-
Ge0rG
moparisthebest: by that logic one could implement RFC 7622 instead of 6120 and be compliant.
-
moparisthebest
that is how it's worded isn't it?
-
moparisthebest
the feature is 'TLS' and under Providers it lists: RFC 7590 [4], SRV records for XMPP over TLS (XEP-0368) [5] [6]
-
Ge0rG
moparisthebest: there is no explicit wording on that at all.
-
moparisthebest
https://xmpp.org/extensions/xep-0387.html#core
-
Ge0rG
moparisthebest: I think the XSF is looking for a volunteer to make next year's Compliance Suite.
-
moparisthebest
A feature is considered supported if all comma separated feature providers listed in the "Providers" column are implemented (unless otherwise noted).
-
moparisthebest
ah I missed that, so looks like 368 is required
-
moparisthebest
Ge0rG, hehe if I wrote it it'd be pretty simple "Do you implement everything Conversations does? If so, compliant, if not, you suck."
-
moparisthebest
just joking :)
-
MattJ
...or are you?
-
MattJ
(thinking of the aesgcm discussion)
-
Ge0rG
moparisthebest: yes, that's the Conversations Protocol Compliance Suite.
-
jonasw
FWIW: https://github.com/xsf/xmpp.org/pull/425#issuecomment-382759398
-
jonasw
(and, as it was foretold, I was dragged away from board meeting mid-meeting)
-
Ge0rG
jonasw: apparently, all present board members voted to approve that PR.
-
jonasw
Ge0rG, my understanding was under the condition of that we can verify project membership.
-
Ge0rG
jonasw: I think this is not what was voted in the end.
-
jonasw
but I might0ve misread
-
MattJ
I guess I should write up the minutes now :)
-
jonasw
right
-
jonasw
I misread
-
jonasw
fixing
-
jonasw
done
- Ge0rG starts typing resignation letter.
-
jonasw
mine? darn, I just made an incorrect comment. no need to write my resignation for me :<
-
Dave Cridland
Ge0rG, What are you resigning from?
-
Ge0rG
jonasw: no, it's not a termination letter.
-
jonasw
Ge0rG, I know. you could still write that letter, lay it in front of me, say "sign it" and hold a gun next to my head though :)
-
Ge0rG
Dave Cridland: I haven't decided yet. I'm just feeling a strong wave of resignation.
-
Holger
TBH I'm not sure this list is all that important anyway, these days :-) It's probably way more important to have a good ranking in app store search results.
-
Ge0rG
Holger: I'm sure desktop users will share your view.
-
Holger
There are no desktop users.
-
Ge0rG
The cake is a lie?
-
jonasw
Ge0rG, you are aware that all major desktop platforms have appstores by now?
- Holger was going to link the Windows App store :-)
-
jonasw
look at Ubuntu (and derivates) (and I’m not sure even that counts in as major), look at Mac OS, look at Windows.
-
Ge0rG
the scary thing is, I just opened the Windows store and it greeted me with my name.
-
Ge0rG
jonasw: I thought the Windows store was Win10 only?
-
jonasw
Ge0rG, is there any other windows in use anymore?
-
Ge0rG
I've heard Win7 is still a thing.
-
Maranda
It's called Microsoft Store now. GET IT RIGHT.
-
Holger
So what's the policy regarding that web site list now? I've re-read the backlog and don't get it.
-
Ge0rG
Maranda: tell me about Android Market.
-
Maranda
Ge0rG, :P
-
Ge0rG
Holger: anything that is deemed an xmpp client by the editors is good to go.
-
Ge0rG
apparently, it needs to support rfc6120 to pass.
-
jonasw
yeah, anything which can make an appearance which convinces the merger that it’s an XMPP software thing is good.✎ -
jonasw
yeah, anything which can make an appearance which convinces the merger that it’s an XMPP software thing is good enough. ✏
-
Holger
So like before?
- Ge0rG considers writing a shell script that opens PRs for each of aioxmpp/examples/*.py
-
Holger
A complete list of all existing XMPP software?
-
jonasw
Holger, except that people need to go through the effort of renewing
-
Ge0rG
Holger: a list of all xmpp software somebody submits once a year
-
Holger
Ah.
-
jonasw
Ge0rG, oh yes, I can’t wait for Roster List TUI 1.0 to appear there!
-
jonasw
to be fair, the adhoc_browser example could actually be useful.
-
Ge0rG
jonasw: I'm much more excited about quickstart_serve_software_version.py!
-
Holger
I would rule out that you end up with a useful list that way :-) But whatever.
-
Ge0rG
Holger: it's as good as any arbitrary list!
-
jonasw
Holger, the idea was that we can tighten the constraints once we have the renewal thing
-
Ge0rG
I mean, at least we've averted the listing of /bin/bash!
-
jonasw
reminds me to build the xmpp client in sed
-
Ge0rG
I still think that the initial rule of "submitted by a developer" that was created by last year's board is much better. But what do I know.
-
jonasw
at least a simple echo bot should be doable
-
jonasw
and then I’m gonna release that as GPLv3 XMPP "library" for sed :>
-
Ge0rG
jonasw: it needs a home page and a shiny name.
-
jonasw
Ge0rG, github repository is fine
-
jonasw
aioxmpp doesn’ have a fancy homepage either
-
Ge0rG
jonasw: make it a proper client. With a Jabber™ trademark license.
-
jonasw
EBUSY
-
jonasw
with that other proper client and helllota different stuff
-
Maranda
https://upload.lightwitch.org/share/dafff9ca-2651-4a31-a578-d95d6781877f/KFE5mlBPTTqdf9IdE9Yzow.gif
-
pep.
> jonasw> reminds me to build the xmpp client in sed wat?
-
jonasw
pep., sed is turing complete after all.
-
jonasw
the only issue might be the line-orientedness maybe, but a pipe with xml2 as suggested by Zash might fix that
-
pep.
I see. It makes a lot more sense now, I would definitely approve this
-
jonasw
I sense sarcasm.
-
Maranda
A mere sensation ignore it
-
Zash
xev | sed | nc | xml2 | sed | xdotool
-
jonasw
Zash, oh my god.
-
jonasw
oh my god.
-
Zash
praise golb
-
MattJ
https://github.com/uuner/sedtris
-
jonasw
dear glob, and lead us not into temptation, but deliver us from evil. *signs cross*
-
intosi
Reminds me of when a colleague aeons back decided that it was easier to write a partial XML parser in AWK than to use a library and create a binary program.
-
Maranda
Huhu
-
jonasw
oh my god.
-
jonasw
I’m playing tetris in a sed interpreter.
-
jonasw
and it’s colourful
-
Maranda
I wonder if there's a sed pinball version
-
pep.
jonasw, I did as well!
-
jonasw
pep., except that I’m 100% serious :)
-
jonasw
i really want to do an echo-bot in sed
-
jonasw
just becasue it should be possible and to keep my brain from becoming too normal
-
pep.
hmm