ZashHm, memberbot doesn't tell me what I'm voting for
Andrew Nenakhovhas left
ZashHuh, xhtmlim bug?
ralphmWorked fine for me (Conversations).
ZashNot a client issue it seems
Andrew Nenakhovhas joined
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
efrithas joined
tahas joined
ZashIt's sending <b> and <i>. Those aren't allowed per https://xmpp.org/extensions/xep-0071.html#def-text
jonas’that should only lead to them not having any effect
jonas’I think?
jonas’unsupported tags should be replaced with their content
ralphmYes
ZashI can't do that.
ralphmHuh?
ralphmThat's the most basic of HTML handling
jonas’although I’d argue that disallowed tags ≠ unsupported tags and disallowed tags should be dropped altogether. however, I’d go with replace with content even for disallowed.✎
ralphmIgnore what you don't know
ralphmRight
ZashNo, I'm saying that my sanitizing code can't do that.
jonas’although one could argue that disallowed tags ≠ unsupported tags and disallowed tags should be dropped altogether. however, I’d go with replace with content even for disallowed. ✏
ZashIt's not possible to replace tags with text.
ZashIt must replace tags with tags or nothing.
ralphmSo you found two bugs
ZashNow, the real question is: Where does the plain text <body> go?
jonas’Zash, it’s even worse, you need to be able to replace tags with mixed content
jonas’if you get sent <p>something <b>foo<i>bar</i>baz</b> something</p>, the result should be <p>something foobarbaz something</p> (assuming p is allowed)
ralphmIf a client supports XHTML-IM, it will ignore the body
ZashBut there was no <body>
Zashor a message at all
ZashI only received the "Approve (yes/no)" messages and I don't see where the others went
ralphmI'd check out the bot and try out. I'd be surprised if it didn't send body
ZashLookl like Link Mauve already noticed this and https://github.com/linkmauve/memberbot/commit/4f539b8571c48f84129c284517f6bb692352247e
ralphmAlso note the body
ZashSure, but I didn't receive those at all for some reason
marchas joined
ZashSo either my firewall ate them or my XHTML-IM filter ate them
ralphmdwd asked us to discuss Compliance Suites, so there might be some Council members around to join for that item.
SeveHello :)
dwdAll things are possible.
ralphmMattJ?
GuusYou can summon MattJ by mentioning him...
dwdGe0rG and Link Mauve?
Guusnormally
Zashhas left
dwdGuus, You have to say MattJ three times in front of a mirror, I think.
GuusMy name has a similar, but different effect: the mirror breaks.
vanitasvitaehas joined
ralphmMirror, mirror, who's the luast of all?
dwdis on minutes, by the way.
Guusthanks
Sevedwd, thank you very much
ralphm1. Appointment of officers
ralphmAlex has agreed to serve for another year as Secretary. I motion we reconfirm Alex Gnauck as our Secretary.
Ge0rGis there for purposes of the Compliance Suite
Guus+1
Guus(you're here for many purposes, Ge0rG )
Seve+1
nyco+1
ralphmYay!
ralphmPeter has agreed to serve for another year as Treasurer. I motion we reconfirm Peter Saint-André as our Treasurer.
Guus+1
vanitasvitaehas left
vanitasvitaehas joined
Seve+1
ralphmnyco?
ralphmSince we already have 3 votes, I'll say Yay again.
GuusThank you, Alex and Peter, for putting in the effort once again. Appreciated!
ralphmMissing votes to follow
ralphmOn our Executive Director, Peter mentioned he didn't have time last week, but could this week. I haven't picked up on that, yet.
nyco+1
ralphm(thanks nyco)
Guus(do we need the missing votes to confirm them? We have quorum, don't we?)
nycosorry
ralphmGuus: we don't but I think it is nice if we have votes from all Directors.
SeveI agree
ralphmAnd chiming in with Guus thanking Peter and Alex.
Seveas well
ralphm2. Compliance Suites
MattJHey
nycoho
MattJSorry, here now
Guus(wow, sloooow mirror!)
ralphmHi MattJ, feel free to put in your votes.
ralphmMeanwhile, dwd: go!
MattJ+1 to Alex for Secretary, +1 to Peter for Teasurer
ralphmdwd?
dwdOh, sorry - Ge0rG would be best to lead here.
nycoI'll have to leave at 16:00
Ge0rGWe had a discussion in Council regarding what form Compliance Suites should take, but I'm not even sure what we wanted to escalate to Board
nyconaming?
dwdTThe thing to escalate was in terms of using them as a marketing tool, perhaps filtering the software the XSF lists, etc.
nyco"XMPP 2019"?
Ge0rGAh, so compliant software. Yeah.
GuusI don't think council needs board to approve naming?✎
nycoplease define "marketing tool"
GuusI don't think council needs board to approve naming (of XEPs)? ✏
nycoagree with that, naming can be left to the Council
Ge0rGWe had a discussion about badges some years ago. So that compliant software can be marked as such with nifty labels
ralphmGuus: some, most are Council's business
Ge0rGI think the current technical form of CS is appropriate, if we can have a prominent link on the top of the XEP list
dwdnyco, Well, that's it, isn't it? The Council merely noted that we don'tt do much as an organisation with the compliance suites - what marketing could we do with them?
nycobadges can be cool, very visual, understandable in one eye shot, impactful
I like that idea
ralphmBadges comes up every time Compliance Suites are discussed
jonas’wants to enqueue himself for the Any Other Business section of the board meeting
ralphmThe problem is that someone needs to check, right?
Ge0rGnyco: that opens the question of whether badges will be issued by XSF after some formal/automatic verification, or if everybody can just assign them on their own
Ge0rGand what kind of abuse management mechanism we have then
MattJThis same conversation :)
MattJThere is no way we can verify who complies and who doesn't, so either the badges are free for everyone or we shouldn't have them
jonas’just like with trademarks, spot an infringement and sue them?
nycoyep, qualification, certification, etc.
jonas’(of course, we can’t do that because manpower)
MattJI'd be totally fine with prominent links to the compliance suites, and treating them purely as guidance for developers
ralphmI don't feel like being in the business of certifying
Ge0rG"business" is a rather correct analogy, I fear
dwdSure, but we can also let people self-certify and pull this from them if they are clearly taking the piss.
Ge0rGSo what can we do, short of a certification business, to promote XMPP 2019?
nycoI like this: https://www.coreinfrastructure.org/programs/badge-program/
ralphmIf someone claims their software complies with the suite, and they don't, well, let the intarntubes' scorn be on them.
nycoit's declarative, but promote good/best practices
MattJdwd, "clearly" is still subjective, unfortunately
GuusI think we, as the XSF should pace ourselves a bit here.
nyco"intarntubes" 😉
dwdPerhaps. But given that if people don't even claim a free thing, then that's a valuable signal in itself...
lnjhas joined
GuusI'd not object to run some sort of compliance checker in our domain, akin to what we do with xmpp.net (of which the state is itself somehwat unclear)
Ge0rGxmpp.net is broken, not unclear ;)
jonas’although at the moment the only thing broken is the DNSSEC verification
jonas’which means that SRV records are not honoured for 99% of services
ralphmAnd also not an XSF effort
GuusGe0rG part of the reason why it remains broken is that we don't know who's responsible, I thik.
jonas’MattJ did a lot of good work on it.
blablahas joined
Ge0rGGuus: I think it's because the intersection of people who have the knowledge, the time and the power to fix is is empty.
MattJI have some time, I've put some work into it, fixed some stuff, but it still needs a little bit more - I'll get to it soon (but probably not before next week)
KevIsn't it mostly that it's abandoned upstream?
nycoso the intersection of people who have the knowledge, the time and the power to do badges is empty as well?
ralphmI'd be ok with someone designing an official badge, and letting people use that when they feel like they should show it.
MattJKev, I've forked the repo and am fixing stuff, so happy to be the new upstream
ralphmI'd have to be convinced to have compliance testing itself be an XSF activity
MattJralphm, +1
nycolet's ask lead devs: if they were badges, would you use them?
MattJYes, probably
KevI doubt it.
Ge0rGralphm: it would probably make sense to have badges according to the compliance suite blocks, i.e. "core|advanced" "web|im|mobile" "client|server"✎
GuusRalph, I think that making the tools to do the checking available, could be an XSF activity
ralphmGe0rG: sure
Ge0rGralphm: it would probably make sense to have badges according to the compliance suite blocks, i.e. "core|advanced" "web|im|mobile" "client|server" *2019* ✏
dwdMy advice to the Board would be: Make the badges, and if they're useless, drop them.
MattJGuus, no, the checking is next to impossible I'm afraid
GuusBut I'm not in favor of us doing the checking / publishing it, etc, other than to the extend what xmpp.net does for anyone that uses the tool.
Ge0rGI'd use badges, except my client doesn't qualify because I don't consider Avatars a must-have.
ralphmGuus: I think that building such tools is ambitious project
ralphman
MattJI stick to "impossible" :)
Ge0rGlarge parts of CS can't be usefully tested automatically.
Guusralphm , I"m not saying 'build it'
GuusI'm suggesting: host one, if someone builds it.
ralphmMattJ: I'm a positive guy :-D
Ge0rGBut it would be awesome to have a client/server test suite that I could run my code against.
nycowe can "test"/"validate" appetite for badges, with only a small prototype
MattJcompliance.conversations.im is a good example. It's a great tool, but anyone could easily pass 100% by cheating
ralphmGuus: oh, I mistook 'making' for 'building', then.
dwdnyco, Right. You don't even need a checker. Maybe people won't take the piss.
genofirehas left
ralphmLet's do this, as dwd also mentioned, ask if someone would like to design such badges.
MattJ+1
Ge0rGI'd say developers should be allowed to use the badge on their own, with a way for users to complain and the XSF to revoke badges.
SeveI'm not sure about this. Badges should be something you can trust. And nobody is going to endorse those, from what I understand.
Guusbut, to address dwd's suggestion: I don't see anything wrong with linking a set of badges to the compliance suite xeps
nycomaybe we should not start with the design, which is costly
ralphmThen, if we have such a person, they can work with Council regarding what they should include.
MattJnyco, it may be possible to find someone willing to donate time
ralphmnyco: we've already have had the Suites themselves. I don't see people putting the text around their clients, so a badge is then what we can do. If we don't start with design, what then?
nycofor example, instead instead of an automated testing system, we can start with a crowdsourced testing system
Ge0rGyeah, we shouldn't start out with tasking a commercial designer, rather ask for volunteers
ralphmnyco: while I am not against that idea, I don't think it should be an XSF activity.
ralphmAnd I didn't mention paying for a design.
nyco16:01
nyco"costly" does not forcefully mean "money", can mean time, effort, delay...
lorddavidiiihas left
dwdis now in another meeting, and will catch up with Minutes later...
MattJIf we don't have anyone in the community, there are people I'd be happy to reach out to
ralphmSo far I've seen two +1 (me and MattJ) and one +0 (Guus).
ralphmWhat do we do?
Guusfor what: create a batch?
Ge0rGI think the Board should decide whether such implementation badges should be hosted on xmpp.org or if they can be hosted by the respective implementations.
ralphmGe0rG: I'd be ok with hosting it themselves, and adding to our lists when they do
Ge0rGAnd then whether Badges are assigned explicitly by the XSF, or whether implementations can claim a badge and we have a way to retract that.
Guusralphm, "adding to our lists" <-- what do you mean, exactly, with that?
ralphmGe0rG: I am not in favor of assigning them explicitly
MattJI'd like them to still be within the control of the XSF, and enforce some basic constraints on their use... like linking them to a specific place
ralphmGuus: https://xmpp.org/software/
Ge0rGSomething like: "Developers are allowed to display the respective badge if they are in good belief that their implementation complies with the respective part of CS. This can be disputed by users, upon which the XSF may retract this right from a developer"
nycoif Compliances Suites are a responsibility/duty of the XSF, I see badges as the same
ralphmMattJ: like we had with Jabber Powered?
MattJYes
Ge0rGThe list that contains Pidgin as an endorsed XMPP client.
MattJYes
GuusI'm not in favor of adding badges to our lists of software. I am +1 of having badges created that can be used freely by others.
ralphmI like that
Ge0rGGuus: "freely" is too free for me, personally.
GuusGe0rG we won't be able to enforce anything anyway
nycoI'm gone, sorry
GuusThanks nyco
ralphmGuus: my idea was that a project wants to, when they register their software, we could include a way to say if they want to carry the badge in their entry. It wouldn't be an endorsement.
Ge0rGGuus: we will be if badges are only shown on the XSF pages ;)
lorddavidiiihas joined
Guusbadges can very easily be copied.
Ge0rGUsing a trademark on the badges will allow control over how they may be used.
ralphmGuus: we would if the XSF retains the rights on the badge and have a policy.
Ge0rGWe don't need hundreds of pages of legalese for that.
Ge0rGBut e.g. the Bluetooth logo is managed in that way.
Guusralphm I'm pretty sure that people we don't want to use the badge, won't care about our policy.
GuusThey'd simply use it in their software / download page, whatever.
KevI think the XSF being in a position to revoke would be a painful thing for us.
nycohas left
KevWe /know/ that people tend to ... exaggerate compliance with things.
Ge0rGKev: what's your alternative suggestion?
ralphmGuus: let scorn be on them
Ge0rGGuus: having the legal right to enforce doesn't mean making use of that right.
jonas’don’t you lose trademark rights if you don’t enforce them?
Guusralphm exactly - which is why I'm fine with _having badges_ to be used by others. I'm against us assigning specific badges to specific projects though (on our site)
KevIt does unless you want it to be useless.
SeveI don't see the point of the badges if we cannot make people trust the badges.
KevIf you want badges (and I'm not convinced they're adding any value at all, but whatever), I think the best you can hope for is the same as claiming compliance at the moment. It's a claim.
Ge0rGI see the point, but there are really only three options here:
1. explicitly white-list badge-bearers (can be still worked around)
2. have a policy for self-assessment and retraction
3. allow everyone to claim everything and ignore violations
SeveUnless the badges are just for guidance and we don't endorse it officially
KevBut it's not clear to me what problem the badges are solving, either.
rionhas left
Guusif someone wants to fly a banner, claiming compliancy with a certain XEP, I'd be OK for us to provide a uniform design to that. I want to prevent us from listing things as 'compliant' though.
ralphmI suggest everybody here has a look at that, think about whether we want something like it for badges and continue this discussion next week.
ralphmGuus: I can see that
KevGuus: Which is exactly the state at the moment with saying you support CS2018, I think.
Guusbefore we hammer off - @jonas' had an AOB.
GuusKev, exactly, but with a fancy colorful badge.
Guus(which might add a uniform way of recognizing things, at best)
jonas’is this intended to have Approving Body Council? https://xmpp.org/extensions/xep-0381.html
jonas’it doesn’t make sense to me, but maybe that’s just me
ralphm3. AOB
Ge0rG> and will not alter the official Logo in any way, including its size
🤔
ralphmGe0rG: we can modify all the terms, it just something we did before, and might be a good start for the rest of the discussion
Guus@jonas' at first glance, I think you're right. Council does not approve SIGs.✎
Guusjonas' at first glance, I think you're right. Council does not approve SIGs. ✏
ralphmjonas’: agreed, Board should be the approving body
jonas’suggestion: I change the approving body to board and re-issue the LC
ralphmGiven this has been in the queue for two years, I'm not sure if it still makes sense
Ge0rGralphm: I really like it
ralphmjonas’: ok
jonas’the LC might be a good way to figure it out -- and to move it to rejected if not needed.
ralphmindeed
Guusjonas’ : agreed.
ralphmAnd whether its authors still want it
ralphmAnything else?
ralphm4. Date of Next
!xsf_martinhas joined
ralphm+1W
ralphm5. Close
ralphmThanks all!
Guusdo we need a formal third +1 for Jonas' question?
ralphmbangs gavel
Alexhas joined
ralphmGuus: I don't think so. Clearly a typo
jjrhhas left
SeveThank you very much everybody :)
ralphmAnd we just missed it on our radar. Also nobody asked about it.
GuusI don't think it works that way, even if it's a typo, but, fine. 🙂
ralphmGuus: well, Council cannot approve SIGs
ralphmso...
Guusthat's true
ralphmSo the logical conclusion is that we are the approving body
ralphmIt just popped up on the radar because Council has been listing all the open LCs
jonas’s/Council/Editor/, but yeah
ralphmI stand corrected
jonas’need to re-issue them for this term
ralphmaye
Kevhas left
GuusMattJ : thanks for taking over the upstream stuff for xmpp.net - would you mind putting it all in one place?
Guusmeaning: clone everything, even if you didn't modify it yet, in one account under either github or bitbucket (or whatever)?
Kevhas left
GuusIt's somewhat confusing (to me) to figure out what part of the software lives where, and who's maintaining it. I'd love to have one account where this all is listed.
Kevhas left
GuusI'd not be against creating an xmpp.net github repo, just for this, outside of XSF control.
Guus(my board hat was off, there)
jjrhhas left
GuusAlso, feel free to add me to any such org.
Ge0rGI've heard there is an org called JabberSPAM now.
Ge0rGOh, I think that org would actually need an XSF seal of approval.
jjrhhas left
jonas’JabberSPAM?
jonas’certainly for TM use
GuusWe'll get you the T-Shirt, Ge0rG
Guuswhen its approved, obviously.
ralphmGe0rG: can you send an email to Board about this?