XSF Discussion - 2019-06-21

What do you send to your user's client when blocking a JID?

goffi: nice idea on list with the "Social" Compliance Suite category. Could you make a PR with the suggested XEPs against 0412 on my repository fork?

Ge0rG: I'll try, but I'm overwhelmed, so I can guanranty when. Please ping me if I haven't done it in a couple of days.

goffi: I don't know about the involved XEPs. Do you still need XHTML-IM? I fear I'll just forget about the whole thing in a week or two.

Amt you can't just open issues on the XSF repository because the editors don't like that

And I fear you can't open issues on my fork, which would've been a good reminder

XEP-0412 is draft, so I guess we can't modify it anymore, it should be next year suite

I'll open a ticket on my bug tracker as a reminder

As I somehow ended up as the shepherd of Compliance Suite, I'm the one responsible for forking it into a new proto XEP, unless Council decides on a new way to do things

goffi: but if you provide the delta against 0412, I'll move it over to the new one.

Ge0rG: alright, I've made a ticket to our tracker as a reminder (https://bugs.goffi.org/bugs/view/307), so I wont forget. I'll do that when I find some time :)

goffi: 👍

https://github.com/xsf/xmpp.org/pull/577 Somebody to review/merge this plz? :)

who manages the dresden meetup? Maybe it can be added here: https://xmpp.org/community/events.html ✏

pep.: I could do it

Thanks

pep., done https://github.com/xsf/xmpp.org/pull/579

j.r, can you remove your second change

I just fixed it

small atomic commits :)

pep., I did a second change?

https://github.com/xsf/xmpp.org/pull/579/files

rebase on master

Yeah my fork seems to be a bit outdated

Ok will delete the PR and do it again

No need to delete

push force on your branch, that will update the PR

(or just push, if there's no need to force)

pep., yeah I remebered this way to do after delete xD

But here we go: https://github.com/xsf/xmpp.org/pull/580

Thanks

Guus, ^, one more! :)

> Guus, ^, one more! :) What?

I don't have merge powers

Oh ok ✏

I'm organising a sprint in Lyon, we'll fix the dates end of the week: https://wiki.xmpp.org/web/Sprints/2019_July_Lyon, poke me if you interested

I had a really interesting remark by a user, he wanted to make the password policy more strict in Movim, I was wondering if we could no do that on a XMPP level. For example create a small XEP to ask the clients to at least set passwords that have 8 characters minimum + letters/numbers…

it's simply a guideline and server wise the user can still set a "1234" password, but at least most of our users will set something a bit stronger

You can have a server policy for sure, that's an implementation detail

that's also something that changes constantly

and XMPP/SASL has password schemes where the server doesn't know the password right?

can't enforce length or complexity requirements if you don't know it

lastly that 'letters + numbers' is outdated, current best practice is simply length I'm pretty sure? "pass phrases" instead of "passwords" ?

Correct horse battery staple

edhelas: simple policy can be easily mapped to a small XEP (number of letters, number of digits, etc). If you want arbitrary rules, you are into Turing Complete language territory...

"good password policy" is already defined by plenty of people though, NIST, PCI standards etc etc

moparisthebest: then it can be implemented directly in all clients. Problem solved

"number of letters, number of digits, ..", I so wish services would stop doing that, and also restricting password length to 30, or 20, or 8, because.. as if they didn't use password hashes, that's scary