It's sending <b> and <i>. Those aren't allowed per https://xmpp.org/extensions/xep-0071.html#def-text
jonas’
that should only lead to them not having any effect
jonas’
I think?
jonas’
unsupported tags should be replaced with their content
ralphm
Yes
Zash
I can't do that.
ralphm
Huh?
ralphm
That's the most basic of HTML handling
jonas’
although I’d argue that disallowed tags ≠ unsupported tags and disallowed tags should be dropped altogether. however, I’d go with replace with content even for disallowed.✎
ralphm
Ignore what you don't know
ralphm
Right
Zash
No, I'm saying that my sanitizing code can't do that.
jonas’
although one could argue that disallowed tags ≠ unsupported tags and disallowed tags should be dropped altogether. however, I’d go with replace with content even for disallowed. ✏
Zash
It's not possible to replace tags with text.
Zash
It must replace tags with tags or nothing.
ralphm
So you found two bugs
Zash
Now, the real question is: Where does the plain text <body> go?
jonas’
Zash, it’s even worse, you need to be able to replace tags with mixed content
jonas’
if you get sent <p>something <b>foo<i>bar</i>baz</b> something</p>, the result should be <p>something foobarbaz something</p> (assuming p is allowed)
ralphm
If a client supports XHTML-IM, it will ignore the body
Zash
But there was no <body>
Zash
or a message at all
Zash
I only received the "Approve (yes/no)" messages and I don't see where the others went
ralphm
I'd check out the bot and try out. I'd be surprised if it didn't send body
Zash
Lookl like Link Mauve already noticed this and https://github.com/linkmauve/memberbot/commit/4f539b8571c48f84129c284517f6bb692352247e
ralphm
Also note the body
Zash
Sure, but I didn't receive those at all for some reason
marchas joined
Zash
So either my firewall ate them or my XHTML-IM filter ate them
dwd asked us to discuss Compliance Suites, so there might be some Council members around to join for that item.
Seve
Hello :)
dwd
All things are possible.
ralphm
MattJ?
Guus
You can summon MattJ by mentioning him...
dwd
Ge0rG and Link Mauve?
Guus
normally
Zashhas left
dwd
Guus, You have to say MattJ three times in front of a mirror, I think.
Guus
My name has a similar, but different effect: the mirror breaks.
vanitasvitaehas joined
ralphm
Mirror, mirror, who's the luast of all?
dwdis on minutes, by the way.
Guus
thanks
Seve
dwd, thank you very much
ralphm
1. Appointment of officers
ralphm
Alex has agreed to serve for another year as Secretary. I motion we reconfirm Alex Gnauck as our Secretary.
Ge0rGis there for purposes of the Compliance Suite
Guus
+1
Guus
(you're here for many purposes, Ge0rG )
Seve
+1
nyco
+1
ralphm
Yay!
ralphm
Peter has agreed to serve for another year as Treasurer. I motion we reconfirm Peter Saint-André as our Treasurer.
Guus
+1
vanitasvitaehas left
vanitasvitaehas joined
Seve
+1
ralphm
nyco?
ralphm
Since we already have 3 votes, I'll say Yay again.
Guus
Thank you, Alex and Peter, for putting in the effort once again. Appreciated!
ralphm
Missing votes to follow
ralphm
On our Executive Director, Peter mentioned he didn't have time last week, but could this week. I haven't picked up on that, yet.
nyco
+1
ralphm
(thanks nyco)
Guus
(do we need the missing votes to confirm them? We have quorum, don't we?)
nyco
sorry
ralphm
Guus: we don't but I think it is nice if we have votes from all Directors.
Seve
I agree
ralphm
And chiming in with Guus thanking Peter and Alex.
Seveas well
ralphm
2. Compliance Suites
MattJ
Hey
nyco
ho
MattJ
Sorry, here now
Guus
(wow, sloooow mirror!)
ralphm
Hi MattJ, feel free to put in your votes.
ralphm
Meanwhile, dwd: go!
MattJ
+1 to Alex for Secretary, +1 to Peter for Teasurer
ralphm
dwd?
dwd
Oh, sorry - Ge0rG would be best to lead here.
nyco
I'll have to leave at 16:00
Ge0rG
We had a discussion in Council regarding what form Compliance Suites should take, but I'm not even sure what we wanted to escalate to Board
nyco
naming?
dwd
TThe thing to escalate was in terms of using them as a marketing tool, perhaps filtering the software the XSF lists, etc.
nyco
"XMPP 2019"?
Ge0rG
Ah, so compliant software. Yeah.
Guus
I don't think council needs board to approve naming?✎
nyco
please define "marketing tool"
Guus
I don't think council needs board to approve naming (of XEPs)? ✏
nyco
agree with that, naming can be left to the Council
Ge0rG
We had a discussion about badges some years ago. So that compliant software can be marked as such with nifty labels
ralphm
Guus: some, most are Council's business
Ge0rG
I think the current technical form of CS is appropriate, if we can have a prominent link on the top of the XEP list
dwd
nyco, Well, that's it, isn't it? The Council merely noted that we don'tt do much as an organisation with the compliance suites - what marketing could we do with them?
nyco
badges can be cool, very visual, understandable in one eye shot, impactful
I like that idea
ralphm
Badges comes up every time Compliance Suites are discussed
jonas’wants to enqueue himself for the Any Other Business section of the board meeting
ralphm
The problem is that someone needs to check, right?
Ge0rG
nyco: that opens the question of whether badges will be issued by XSF after some formal/automatic verification, or if everybody can just assign them on their own
Ge0rG
and what kind of abuse management mechanism we have then
MattJ
This same conversation :)
MattJ
There is no way we can verify who complies and who doesn't, so either the badges are free for everyone or we shouldn't have them
jonas’
just like with trademarks, spot an infringement and sue them?
nyco
yep, qualification, certification, etc.
jonas’
(of course, we can’t do that because manpower)
MattJ
I'd be totally fine with prominent links to the compliance suites, and treating them purely as guidance for developers
ralphm
I don't feel like being in the business of certifying
Ge0rG
"business" is a rather correct analogy, I fear
dwd
Sure, but we can also let people self-certify and pull this from them if they are clearly taking the piss.
Ge0rG
So what can we do, short of a certification business, to promote XMPP 2019?
nyco
I like this: https://www.coreinfrastructure.org/programs/badge-program/
ralphm
If someone claims their software complies with the suite, and they don't, well, let the intarntubes' scorn be on them.
nyco
it's declarative, but promote good/best practices
MattJ
dwd, "clearly" is still subjective, unfortunately
Guus
I think we, as the XSF should pace ourselves a bit here.
nyco
"intarntubes" 😉
dwd
Perhaps. But given that if people don't even claim a free thing, then that's a valuable signal in itself...
lnjhas joined
Guus
I'd not object to run some sort of compliance checker in our domain, akin to what we do with xmpp.net (of which the state is itself somehwat unclear)
Ge0rG
xmpp.net is broken, not unclear ;)
jonas’
although at the moment the only thing broken is the DNSSEC verification
jonas’
which means that SRV records are not honoured for 99% of services
ralphm
And also not an XSF effort
Guus
Ge0rG part of the reason why it remains broken is that we don't know who's responsible, I thik.
jonas’
MattJ did a lot of good work on it.
blablahas joined
Ge0rG
Guus: I think it's because the intersection of people who have the knowledge, the time and the power to fix is is empty.
MattJ
I have some time, I've put some work into it, fixed some stuff, but it still needs a little bit more - I'll get to it soon (but probably not before next week)
Kev
Isn't it mostly that it's abandoned upstream?
nyco
so the intersection of people who have the knowledge, the time and the power to do badges is empty as well?
ralphm
I'd be ok with someone designing an official badge, and letting people use that when they feel like they should show it.
MattJ
Kev, I've forked the repo and am fixing stuff, so happy to be the new upstream
ralphm
I'd have to be convinced to have compliance testing itself be an XSF activity
MattJ
ralphm, +1
nyco
let's ask lead devs: if they were badges, would you use them?
MattJ
Yes, probably
Kev
I doubt it.
Ge0rG
ralphm: it would probably make sense to have badges according to the compliance suite blocks, i.e. "core|advanced" "web|im|mobile" "client|server"✎
Guus
Ralph, I think that making the tools to do the checking available, could be an XSF activity
ralphm
Ge0rG: sure
Ge0rG
ralphm: it would probably make sense to have badges according to the compliance suite blocks, i.e. "core|advanced" "web|im|mobile" "client|server" *2019* ✏
dwd
My advice to the Board would be: Make the badges, and if they're useless, drop them.
MattJ
Guus, no, the checking is next to impossible I'm afraid
Guus
But I'm not in favor of us doing the checking / publishing it, etc, other than to the extend what xmpp.net does for anyone that uses the tool.
Ge0rG
I'd use badges, except my client doesn't qualify because I don't consider Avatars a must-have.
ralphm
Guus: I think that building such tools is ambitious project
ralphm
an
MattJ
I stick to "impossible" :)
Ge0rG
large parts of CS can't be usefully tested automatically.
Guus
ralphm , I"m not saying 'build it'
Guus
I'm suggesting: host one, if someone builds it.
ralphm
MattJ: I'm a positive guy :-D
Ge0rG
But it would be awesome to have a client/server test suite that I could run my code against.
nyco
we can "test"/"validate" appetite for badges, with only a small prototype
MattJ
compliance.conversations.im is a good example. It's a great tool, but anyone could easily pass 100% by cheating
ralphm
Guus: oh, I mistook 'making' for 'building', then.
dwd
nyco, Right. You don't even need a checker. Maybe people won't take the piss.
genofirehas left
ralphm
Let's do this, as dwd also mentioned, ask if someone would like to design such badges.
MattJ
+1
Ge0rG
I'd say developers should be allowed to use the badge on their own, with a way for users to complain and the XSF to revoke badges.
Seve
I'm not sure about this. Badges should be something you can trust. And nobody is going to endorse those, from what I understand.
Guus
but, to address dwd's suggestion: I don't see anything wrong with linking a set of badges to the compliance suite xeps
nyco
maybe we should not start with the design, which is costly
ralphm
Then, if we have such a person, they can work with Council regarding what they should include.
MattJ
nyco, it may be possible to find someone willing to donate time
ralphm
nyco: we've already have had the Suites themselves. I don't see people putting the text around their clients, so a badge is then what we can do. If we don't start with design, what then?
nyco
for example, instead instead of an automated testing system, we can start with a crowdsourced testing system
Ge0rG
yeah, we shouldn't start out with tasking a commercial designer, rather ask for volunteers
ralphm
nyco: while I am not against that idea, I don't think it should be an XSF activity.
ralphm
And I didn't mention paying for a design.
nyco
16:01
nyco
"costly" does not forcefully mean "money", can mean time, effort, delay...
lorddavidiiihas left
dwdis now in another meeting, and will catch up with Minutes later...
MattJ
If we don't have anyone in the community, there are people I'd be happy to reach out to
ralphm
So far I've seen two +1 (me and MattJ) and one +0 (Guus).
ralphm
What do we do?
Guus
for what: create a batch?
Ge0rG
I think the Board should decide whether such implementation badges should be hosted on xmpp.org or if they can be hosted by the respective implementations.
ralphm
Ge0rG: I'd be ok with hosting it themselves, and adding to our lists when they do
Ge0rG
And then whether Badges are assigned explicitly by the XSF, or whether implementations can claim a badge and we have a way to retract that.
Guus
ralphm, "adding to our lists" <-- what do you mean, exactly, with that?
ralphm
Ge0rG: I am not in favor of assigning them explicitly
MattJ
I'd like them to still be within the control of the XSF, and enforce some basic constraints on their use... like linking them to a specific place
ralphm
Guus: https://xmpp.org/software/
Ge0rG
Something like: "Developers are allowed to display the respective badge if they are in good belief that their implementation complies with the respective part of CS. This can be disputed by users, upon which the XSF may retract this right from a developer"
nyco
if Compliances Suites are a responsibility/duty of the XSF, I see badges as the same
ralphm
MattJ: like we had with Jabber Powered?
MattJ
Yes
Ge0rG
The list that contains Pidgin as an endorsed XMPP client.
MattJ
Yes
Guus
I'm not in favor of adding badges to our lists of software. I am +1 of having badges created that can be used freely by others.
ralphm
I like that
Ge0rG
Guus: "freely" is too free for me, personally.
Guus
Ge0rG we won't be able to enforce anything anyway
nyco
I'm gone, sorry
Guus
Thanks nyco
ralphm
Guus: my idea was that a project wants to, when they register their software, we could include a way to say if they want to carry the badge in their entry. It wouldn't be an endorsement.
Ge0rG
Guus: we will be if badges are only shown on the XSF pages ;)
lorddavidiiihas joined
Guus
badges can very easily be copied.
Ge0rG
Using a trademark on the badges will allow control over how they may be used.
ralphm
Guus: we would if the XSF retains the rights on the badge and have a policy.
Ge0rG
We don't need hundreds of pages of legalese for that.
Ge0rG
But e.g. the Bluetooth logo is managed in that way.
Guus
ralphm I'm pretty sure that people we don't want to use the badge, won't care about our policy.
Guus
They'd simply use it in their software / download page, whatever.
Kev
I think the XSF being in a position to revoke would be a painful thing for us.
nycohas left
Kev
We /know/ that people tend to ... exaggerate compliance with things.
Ge0rG
Kev: what's your alternative suggestion?
ralphm
Guus: let scorn be on them
Ge0rG
Guus: having the legal right to enforce doesn't mean making use of that right.
jonas’
don’t you lose trademark rights if you don’t enforce them?
Guus
ralphm exactly - which is why I'm fine with _having badges_ to be used by others. I'm against us assigning specific badges to specific projects though (on our site)
Kev
It does unless you want it to be useless.
Seve
I don't see the point of the badges if we cannot make people trust the badges.
Kev
If you want badges (and I'm not convinced they're adding any value at all, but whatever), I think the best you can hope for is the same as claiming compliance at the moment. It's a claim.
Ge0rG
I see the point, but there are really only three options here:
1. explicitly white-list badge-bearers (can be still worked around)
2. have a policy for self-assessment and retraction
3. allow everyone to claim everything and ignore violations
Seve
Unless the badges are just for guidance and we don't endorse it officially
But it's not clear to me what problem the badges are solving, either.
rionhas left
Guus
if someone wants to fly a banner, claiming compliancy with a certain XEP, I'd be OK for us to provide a uniform design to that. I want to prevent us from listing things as 'compliant' though.
ralphm
I suggest everybody here has a look at that, think about whether we want something like it for badges and continue this discussion next week.
ralphm
Guus: I can see that
Kev
Guus: Which is exactly the state at the moment with saying you support CS2018, I think.
Guus
before we hammer off - @jonas' had an AOB.
Guus
Kev, exactly, but with a fancy colorful badge.
Guus
(which might add a uniform way of recognizing things, at best)
jonas’
is this intended to have Approving Body Council? https://xmpp.org/extensions/xep-0381.html
jonas’
it doesn’t make sense to me, but maybe that’s just me
ralphm
3. AOB
Ge0rG
> and will not alter the official Logo in any way, including its size
🤔
ralphm
Ge0rG: we can modify all the terms, it just something we did before, and might be a good start for the rest of the discussion
Guus
@jonas' at first glance, I think you're right. Council does not approve SIGs.✎
Guus
jonas' at first glance, I think you're right. Council does not approve SIGs. ✏
ralphm
jonas’: agreed, Board should be the approving body
jonas’
suggestion: I change the approving body to board and re-issue the LC
ralphm
Given this has been in the queue for two years, I'm not sure if it still makes sense
Ge0rG
ralphm: I really like it
ralphm
jonas’: ok
jonas’
the LC might be a good way to figure it out -- and to move it to rejected if not needed.
ralphm
indeed
Guus
jonas’ : agreed.
ralphm
And whether its authors still want it
ralphm
Anything else?
ralphm
4. Date of Next
!xsf_martinhas joined
ralphm
+1W
ralphm
5. Close
ralphm
Thanks all!
Guus
do we need a formal third +1 for Jonas' question?
ralphmbangs gavel
Alexhas joined
ralphm
Guus: I don't think so. Clearly a typo
jjrhhas left
Seve
Thank you very much everybody :)
ralphm
And we just missed it on our radar. Also nobody asked about it.
I don't think it works that way, even if it's a typo, but, fine. 🙂
ralphm
Guus: well, Council cannot approve SIGs
ralphm
so...
Guus
that's true
ralphm
So the logical conclusion is that we are the approving body
ralphm
It just popped up on the radar because Council has been listing all the open LCs
jonas’
s/Council/Editor/, but yeah
ralphm
I stand corrected
jonas’
need to re-issue them for this term
ralphm
aye
Kevhas left
Guus
MattJ : thanks for taking over the upstream stuff for xmpp.net - would you mind putting it all in one place?
Guus
meaning: clone everything, even if you didn't modify it yet, in one account under either github or bitbucket (or whatever)?
Kevhas left
Guus
It's somewhat confusing (to me) to figure out what part of the software lives where, and who's maintaining it. I'd love to have one account where this all is listed.
Kevhas left
Guus
I'd not be against creating an xmpp.net github repo, just for this, outside of XSF control.
Guus
(my board hat was off, there)
jjrhhas left
Guus
Also, feel free to add me to any such org.
Ge0rG
I've heard there is an org called JabberSPAM now.
Ge0rG
Oh, I think that org would actually need an XSF seal of approval.