XSF Discussion - 2018-05-07

  1. edhelas

    hello everyone

  2. edhelas

    I've implemented xep-0153 this weekend, quite simple, I was wondering what is the recommended XEP for handling avatars (with xep-0084) ?

  3. jonasw

    XEP-0084 is preferred, but XEP-0153 required for backward compatibility and MUCs

  4. edhelas


  5. daniel

    Publish your own with pep, provide read access for vCard avatars and let your server do the conversion

  6. lovetox

    daniel, what do you mean with "provide read access"

  7. lovetox

    how would i do this from a client

  8. jonasw

    lovetox, if you don’t find an avatar in PEP, try vcard transparently

  9. lovetox

    ah, only read support, i get it

  10. lovetox

    i do it the other way around, read/write vcard, only read for 0084 (for servers that dont support conversion

  11. daniel

    I mean technically you don't _try_ because both are pushed to you. Either via pep or via hash in vCard

  12. daniel

    So you pretty much know ahead

  13. daniel

    But yes

  14. jonasw

    I don’t think we rely on pep notifications to work

  15. jonasw

    we use it to build a local cache, but when asked for an avatar && we haven’t seen a pep notification, we’ll still try

  16. daniel

    I wouldn't consider it good practice to fire 300 avatar request on launch

  17. daniel

    I rather rely on pep

  18. daniel

    Which is kinda working OK most of the time

  19. lovetox

    displaying a avatar is not so critical that i would start requesting it

  20. lovetox

    different story with a omemo key for example 🙂

  21. jonasw

    daniel, avatars aren’t requested until in-view, so there’s some time for pep to fill the gaps

  22. pep.

    When is the next gdpr event again. If it was today I'm sorry I'm sick in bed. I don't know about tomorrow..

  23. jonasw

    pep.: next is tomorrow, 12:30 CEST

  24. SaltyBones

    gdpr event?

  25. MattJ

    *GDPR Party

  26. MattJ

    General Data Protection Rave

  27. MattJ

    SaltyBones, there have been a series of meetings discussing the impact of GDPR on XMPP operators

  28. Zash

    Groovy Drunken Party Rave

  29. SaltyBones

    oh cool

  30. SaltyBones

    that's a great idea I hope the results are documented somewhere? :D

  31. MattJ

    They are

  32. MattJ


  33. SaltyBones


  34. moparisthebest

    so that page says "The GDPR is applicable to anyone offering services from EU, or to EU citizens, paid or non-paid and to anyone explicitly targeting EU inhabitants. "

  35. moparisthebest

    which directly contradicts https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_en

  36. moparisthebest

    which says "Provided your company doesn't specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR."

  37. moparisthebest


  38. moparisthebest

    cc pep. jonasw winfried ^

  39. Holger

    The first link on https://xmpp.org/about/xsf/jabber-trademark/whats-required.html ("actual license language") is dead, FWIW.

  40. Zash


  41. Zash guesses https://xmpp.org/about/xsf/jabber-trademark/trademark-license-agreement.html

  42. moparisthebest

    but as far as anyone knows right now, there is no actual document from cisco granting that, at least last time I talked to peter he said he would look for it

  43. Holger

    moparisthebest: So the last sentence on https://xmpp.org/about/xsf/jabber-trademark/background is wrong?

  44. Neustradamus

    A lot of links are dead since the XMPP.org server crash

  45. Zash

    Wasn't there a giant issue collecting them all?

  46. moparisthebest

    Holger, so if you read it, it was a trial agreement for 12 months, at which time they would make another agreement

  47. moparisthebest

    that other agreement either 1) never happened or 2) no one knows where it is

  48. moparisthebest

    peter said he would look for it, I haven't followed up

  49. moparisthebest

    oh right, and after the 12 months JINC was supposed to transfer the trademark to the JSF, which obviously never happened, right?

  50. Holger

    moparisthebest: Can't find any of this in https://xmpp.org/docs/Trademark_License_Agreement.pdf but whatever.

  51. moparisthebest

    Holger, https://xmpp.org/docs/Trademark_Enforcement_Agreement.pdf section 3. Term and Termination

  52. Holger

    So the Enforcement Agreement supersedes the License Agreement?

  53. moparisthebest

    it came after?

  54. Holger

    It's not about a different topic (using the trademark vs. administering it)?

  55. moparisthebest

    I'm not a lawyer, it's just clear https://xmpp.org/docs/Trademark_Enforcement_Agreement.pdf is no longer in effect right?

  56. Holger

    Maybe, but I thought you were saying nothing is in effect.

  57. moparisthebest

    I don't know, it all seems very questionable though

  58. moparisthebest

    I'd kind of wager no one currently at cisco knows anything about it

  59. Holger

    Legal stuff always feels fragile to me.

  60. Zash

    It is

  61. Zash

    It's code that runs on PEOPLE

  62. moparisthebest

    I feel like the XSF should probably look into it and answer these questions before handing out any more sublicenses or recommending using the term

  63. moparisthebest

    is there an official way to pester the board about this? :)

  64. Zash

    Haxxor the Trello?

  65. moparisthebest

    hmm seems easier to just crash the next board meeting

  66. moparisthebest

    if I happen to be lurking at the same time

  67. moparisthebest

    Holger, it says it 'conteplates the grant to the JSF by JINC of a perpetual royalty-free license to use the jabber trademark'

  68. moparisthebest

    and it's no longer in effect

  69. moparisthebest

    seems to me unless there is another agreement the JSF lost that license after a year?

  70. moparisthebest

    again who knows, I'm a programmer, meh

  71. moparisthebest

    OH wait I think I get it

  72. moparisthebest

    https://xmpp.org/docs/Trademark_License_Agreement.pdf allows the JSF to *use* the trademark, it explicitly says it is NOT allowed to sublicense it

  73. moparisthebest

    then https://xmpp.org/docs/Trademark_Enforcement_Agreement.pdf allows sublicensing for a trial period of 12 months

  74. moparisthebest

    is that right?

  75. Ge0rG

    moparisthebest: IIRC that trial is automatically converted into a full license after the year

  76. moparisthebest

    Ge0rG, where does it say that?

  77. moparisthebest

    Upon termination of this Agreement other than in connection with the transfer of the ownership of the mark to the JSF, JINC shall again become soley responsible for administration of the mark.

  78. moparisthebest

    that's section 3 of https://xmpp.org/docs/Trademark_Enforcement_Agreement.pdf

  79. moparisthebest

    so I think we can all agree the ownership did not transfer right?

  80. Ge0rG

    moparisthebest: I've read through all of these documents last year, and I wanted to make the sub license process easier. I failed on stpeter

  81. moparisthebest

    which I think means that agreement is no longer in effect

  82. Ge0rG

    moparisthebest: but my reading is that the xsf is actually legally allowed to sublicense

  83. moparisthebest

    as I read it, XSF has no right at all to sub license, after May 2nd, 2004

  84. moparisthebest

    where Ge0rG ? not saying you are wrong, just that I don't see that part

  85. Ge0rG

    moparisthebest: stpeter will know

  86. moparisthebest

    we talked about it in here, he said he'd look for the next agreement

  87. moparisthebest

    but in the meantime, handing out sublicenses based on "we think someone has the contract in a filing cabinet" is pretty shaky

  88. Ge0rG

    moparisthebest: that's a Board topic. I tried it multiple times and failed, but with different questions

  89. winfried

    moparisthebest: old question, three ways you can be subject to the GDPR: 1) you are EU based 2) you target EU citizens 3) you collect on a large scale (millions) data on EU citizens

  90. Zash

    Ge0rG for board?!

  91. moparisthebest

    winfried, so the xmpp wiki is wrong, you aren't subject if you provide services to EU citizens as long as you aren't specifically targetting them?

  92. moparisthebest

    that would be good to correct, as then it wouldn't affect basically any xmpp servers outside EU

  93. moparisthebest

    Ge0rG, I agree with you re: board topic, maybe an email to members@ would get it on their radar? idk

  94. winfried

    moparisthebest: if you aren't targeting them and AND you don't collect on a large scale data on them, then it wouldn't affect you. Thanks for pointing out the issue with the wiki!

  95. moparisthebest

    that's great news for small friends+family xmpp servers

  96. SamWhited

    If it's a small friends+family server it doesn't matter anyways unless you think your friends or family are likely to file a complaint about your handling of their data.

  97. moparisthebest

    well I've given random xmpp devs accounts to test stuff

  98. moparisthebest

    I don't really want to even consider GDPR there, turns out I don't have to, which is good

  99. SamWhited

    You probably don't either way unless you're worried that they'll ask you to delete your data, you'll say no, and then they'll report you.

  100. winfried

    SamWhited: personal use is not subject to the GDPR, and the GDPR is *way* more relaxed to small scale data processing. If your name is Google, Facebook or Palantir, you should worry.

  101. SamWhited

    Right, but not if you're hosting a server for friends and family and a few random devs.

  102. winfried

    SamWhited: exactly

  103. Ge0rG

    SamWhited: family and friends are exempt, unless you take money