ralphmdwd asked us to discuss Compliance Suites, so there might be some Council members around to join for that item.
dwdAll things are possible.
GuusYou can summon MattJ by mentioning him...
dwdGe0rG and Link Mauve?
dwdGuus, You have to say MattJ three times in front of a mirror, I think.
GuusMy name has a similar, but different effect: the mirror breaks.
ralphmMirror, mirror, who's the luast of all?
dwdis on minutes, by the way.
Sevedwd, thank you very much
ralphm1. Appointment of officers
ralphmAlex has agreed to serve for another year as Secretary. I motion we reconfirm Alex Gnauck as our Secretary.
Ge0rGis there for purposes of the Compliance Suite
Guus(you're here for many purposes, Ge0rG )
ralphmPeter has agreed to serve for another year as Treasurer. I motion we reconfirm Peter Saint-André as our Treasurer.
ralphmSince we already have 3 votes, I'll say Yay again.
GuusThank you, Alex and Peter, for putting in the effort once again. Appreciated!
ralphmMissing votes to follow
ralphmOn our Executive Director, Peter mentioned he didn't have time last week, but could this week. I haven't picked up on that, yet.
Guus(do we need the missing votes to confirm them? We have quorum, don't we?)
ralphmGuus: we don't but I think it is nice if we have votes from all Directors.
ralphmAnd chiming in with Guus thanking Peter and Alex.
ralphm2. Compliance Suites
MattJSorry, here now
Guus(wow, sloooow mirror!)
ralphmHi MattJ, feel free to put in your votes.
ralphmMeanwhile, dwd: go!
MattJ+1 to Alex for Secretary, +1 to Peter for Teasurer
dwdOh, sorry - Ge0rG would be best to lead here.
nycoI'll have to leave at 16:00
Ge0rGWe had a discussion in Council regarding what form Compliance Suites should take, but I'm not even sure what we wanted to escalate to Board
dwdTThe thing to escalate was in terms of using them as a marketing tool, perhaps filtering the software the XSF lists, etc.
Ge0rGAh, so compliant software. Yeah.
GuusI don't think council needs board to approve naming?
nycoplease define "marketing tool"
GuusI don't think council needs board to approve naming (of XEPs)?
nycoagree with that, naming can be left to the Council
Ge0rGWe had a discussion about badges some years ago. So that compliant software can be marked as such with nifty labels
ralphmGuus: some, most are Council's business
Ge0rGI think the current technical form of CS is appropriate, if we can have a prominent link on the top of the XEP list
dwdnyco, Well, that's it, isn't it? The Council merely noted that we don'tt do much as an organisation with the compliance suites - what marketing could we do with them?
nycobadges can be cool, very visual, understandable in one eye shot, impactful
I like that idea
ralphmBadges comes up every time Compliance Suites are discussed
jonas’wants to enqueue himself for the Any Other Business section of the board meeting
ralphmThe problem is that someone needs to check, right?
Ge0rGnyco: that opens the question of whether badges will be issued by XSF after some formal/automatic verification, or if everybody can just assign them on their own
Ge0rGand what kind of abuse management mechanism we have then
MattJThis same conversation :)
MattJThere is no way we can verify who complies and who doesn't, so either the badges are free for everyone or we shouldn't have them
jonas’just like with trademarks, spot an infringement and sue them?
nycoyep, qualification, certification, etc.
jonas’(of course, we can’t do that because manpower)
MattJI'd be totally fine with prominent links to the compliance suites, and treating them purely as guidance for developers
ralphmI don't feel like being in the business of certifying
Ge0rG"business" is a rather correct analogy, I fear
dwdSure, but we can also let people self-certify and pull this from them if they are clearly taking the piss.
Ge0rGSo what can we do, short of a certification business, to promote XMPP 2019?
nycoI like this: https://www.coreinfrastructure.org/programs/badge-program/
ralphmIf someone claims their software complies with the suite, and they don't, well, let the intarntubes' scorn be on them.
nycoit's declarative, but promote good/best practices
MattJdwd, "clearly" is still subjective, unfortunately
GuusI think we, as the XSF should pace ourselves a bit here.
dwdPerhaps. But given that if people don't even claim a free thing, then that's a valuable signal in itself...
GuusI'd not object to run some sort of compliance checker in our domain, akin to what we do with xmpp.net (of which the state is itself somehwat unclear)
Ge0rGxmpp.net is broken, not unclear ;)
jonas’although at the moment the only thing broken is the DNSSEC verification
jonas’which means that SRV records are not honoured for 99% of services
ralphmAnd also not an XSF effort
GuusGe0rG part of the reason why it remains broken is that we don't know who's responsible, I thik.
jonas’MattJ did a lot of good work on it.
Ge0rGGuus: I think it's because the intersection of people who have the knowledge, the time and the power to fix is is empty.
MattJI have some time, I've put some work into it, fixed some stuff, but it still needs a little bit more - I'll get to it soon (but probably not before next week)
KevIsn't it mostly that it's abandoned upstream?
nycoso the intersection of people who have the knowledge, the time and the power to do badges is empty as well?
ralphmI'd be ok with someone designing an official badge, and letting people use that when they feel like they should show it.
MattJKev, I've forked the repo and am fixing stuff, so happy to be the new upstream
ralphmI'd have to be convinced to have compliance testing itself be an XSF activity
nycolet's ask lead devs: if they were badges, would you use them?
KevI doubt it.
Ge0rGralphm: it would probably make sense to have badges according to the compliance suite blocks, i.e. "core|advanced" "web|im|mobile" "client|server"
GuusRalph, I think that making the tools to do the checking available, could be an XSF activity
Ge0rGralphm: it would probably make sense to have badges according to the compliance suite blocks, i.e. "core|advanced" "web|im|mobile" "client|server" *2019*
dwdMy advice to the Board would be: Make the badges, and if they're useless, drop them.
MattJGuus, no, the checking is next to impossible I'm afraid
GuusBut I'm not in favor of us doing the checking / publishing it, etc, other than to the extend what xmpp.net does for anyone that uses the tool.
Ge0rGI'd use badges, except my client doesn't qualify because I don't consider Avatars a must-have.
ralphmGuus: I think that building such tools is ambitious project
MattJI stick to "impossible" :)
Ge0rGlarge parts of CS can't be usefully tested automatically.
Guusralphm , I"m not saying 'build it'
GuusI'm suggesting: host one, if someone builds it.
ralphmMattJ: I'm a positive guy :-D
Ge0rGBut it would be awesome to have a client/server test suite that I could run my code against.
nycowe can "test"/"validate" appetite for badges, with only a small prototype
MattJcompliance.conversations.im is a good example. It's a great tool, but anyone could easily pass 100% by cheating
ralphmGuus: oh, I mistook 'making' for 'building', then.
dwdnyco, Right. You don't even need a checker. Maybe people won't take the piss.
ralphmLet's do this, as dwd also mentioned, ask if someone would like to design such badges.
Ge0rGI'd say developers should be allowed to use the badge on their own, with a way for users to complain and the XSF to revoke badges.
SeveI'm not sure about this. Badges should be something you can trust. And nobody is going to endorse those, from what I understand.
Guusbut, to address dwd's suggestion: I don't see anything wrong with linking a set of badges to the compliance suite xeps
nycomaybe we should not start with the design, which is costly
ralphmThen, if we have such a person, they can work with Council regarding what they should include.
MattJnyco, it may be possible to find someone willing to donate time
ralphmnyco: we've already have had the Suites themselves. I don't see people putting the text around their clients, so a badge is then what we can do. If we don't start with design, what then?
nycofor example, instead instead of an automated testing system, we can start with a crowdsourced testing system
Ge0rGyeah, we shouldn't start out with tasking a commercial designer, rather ask for volunteers
ralphmnyco: while I am not against that idea, I don't think it should be an XSF activity.
ralphmAnd I didn't mention paying for a design.
nyco"costly" does not forcefully mean "money", can mean time, effort, delay...
dwdis now in another meeting, and will catch up with Minutes later...
MattJIf we don't have anyone in the community, there are people I'd be happy to reach out to
ralphmSo far I've seen two +1 (me and MattJ) and one +0 (Guus).
ralphmWhat do we do?
Guusfor what: create a batch?
Ge0rGI think the Board should decide whether such implementation badges should be hosted on xmpp.org or if they can be hosted by the respective implementations.
ralphmGe0rG: I'd be ok with hosting it themselves, and adding to our lists when they do
Ge0rGAnd then whether Badges are assigned explicitly by the XSF, or whether implementations can claim a badge and we have a way to retract that.
Guusralphm, "adding to our lists" <-- what do you mean, exactly, with that?
ralphmGe0rG: I am not in favor of assigning them explicitly
MattJI'd like them to still be within the control of the XSF, and enforce some basic constraints on their use... like linking them to a specific place
Ge0rGSomething like: "Developers are allowed to display the respective badge if they are in good belief that their implementation complies with the respective part of CS. This can be disputed by users, upon which the XSF may retract this right from a developer"
nycoif Compliances Suites are a responsibility/duty of the XSF, I see badges as the same
ralphmMattJ: like we had with Jabber Powered?
Ge0rGThe list that contains Pidgin as an endorsed XMPP client.
GuusI'm not in favor of adding badges to our lists of software. I am +1 of having badges created that can be used freely by others.
ralphmI like that
Ge0rGGuus: "freely" is too free for me, personally.
GuusGe0rG we won't be able to enforce anything anyway
nycoI'm gone, sorry
ralphmGuus: my idea was that a project wants to, when they register their software, we could include a way to say if they want to carry the badge in their entry. It wouldn't be an endorsement.
Ge0rGGuus: we will be if badges are only shown on the XSF pages ;)
Guusbadges can very easily be copied.
Ge0rGUsing a trademark on the badges will allow control over how they may be used.
ralphmGuus: we would if the XSF retains the rights on the badge and have a policy.
Ge0rGWe don't need hundreds of pages of legalese for that.
Ge0rGBut e.g. the Bluetooth logo is managed in that way.
Guusralphm I'm pretty sure that people we don't want to use the badge, won't care about our policy.
GuusThey'd simply use it in their software / download page, whatever.
KevI think the XSF being in a position to revoke would be a painful thing for us.
KevWe /know/ that people tend to ... exaggerate compliance with things.
Ge0rGKev: what's your alternative suggestion?
ralphmGuus: let scorn be on them
Ge0rGGuus: having the legal right to enforce doesn't mean making use of that right.
jonas’don’t you lose trademark rights if you don’t enforce them?
Guusralphm exactly - which is why I'm fine with _having badges_ to be used by others. I'm against us assigning specific badges to specific projects though (on our site)
KevIt does unless you want it to be useless.
SeveI don't see the point of the badges if we cannot make people trust the badges.
KevIf you want badges (and I'm not convinced they're adding any value at all, but whatever), I think the best you can hope for is the same as claiming compliance at the moment. It's a claim.
Ge0rGI see the point, but there are really only three options here:
1. explicitly white-list badge-bearers (can be still worked around)
2. have a policy for self-assessment and retraction
3. allow everyone to claim everything and ignore violations
SeveUnless the badges are just for guidance and we don't endorse it officially