XSF Discussion - 2019-11-12


  1. pep.

    Can somebody from board add an item in the trello board (doesn't seem like I'm able to?) "Who is webteam. How to get in"

  2. Ge0rG

    what's webteam?

  3. pep.

    I heard rumours of a team handling xsf/xmpp.org. That's what I'm told when I want to push things there, unless jonas or guus merge my stuff because they have rights for $reasons

  4. Zash

    Not the same as commteam?

  5. Zash

    So many teams

  6. pep.

    Apparently not, otherwise nyco would have rights to push and he didn't, for the last newsletter

  7. jonas’

    I’m also in no team except editor and for some reason I got +w on the repo

  8. jonas’

    it might’ve been an instance of "at the right place at the right time"

  9. Seve

    I don't think there's a strict rule about this, right now. Don't you have access as well, pep.?

  10. nyco

    pep. https://trello.com/c/PqY2mHjl/372-who-is-webteam-how-to-get-in

  11. pep.

    nyco, thanks

  12. pep.

    Seve, I don't. I don't especially want them, I just want to clarify the situation, know who I can ask etc.

  13. ralphm

    There are several GitHub teams associated with the xmpp.org repo, including one called 'Web' and one called 'XMPP Comms Team'. nyco is in the latter and should have write access with that.

  14. ralphm

    If not, you can take this up with iteam (e.g. Kev), and I don't think has to be discussed in a Board meeting.

  15. ralphm

    pep.: ^

  16. Kev

    But not e.g. Kev, please. e.g. MattJ :)

  17. MattJ

    wfm

  18. pep.

    "how to get in" doesn't have to be discussed in a board meeting?

  19. MattJ

    I think some clarification is possibly needed, that doesn't necessarily mean a board meeting is needed

  20. ralphm

    not really, everyone in comms should have access

  21. pep.

    So comms is the "web" team?

  22. ralphm

    and if not, MattJ can set you up.

  23. pep.

    (that is, the one with access to xsf/xmpp.org?)

  24. ralphm

    There are additional people in the "web" team, which are not necessarily in the comms team.

  25. pep.

    Why?

  26. pep.

    And who. I can't see it from here

  27. ralphm

    Because e.g. Guus might want to write on the website as a Board member.

  28. pep.

    Fair enough, but this is not explained anywhere

  29. pep.

    That's what I'm asking for

  30. ralphm

    https://github.com/orgs/xsf/teams should have an overview, but I don't know who can see that.

  31. pep.

    I only see board and editors

  32. MattJ

    The teams are marked as "secret" for some reason

  33. ralphm

    Out for lunch now, sorry

  34. MattJ

    There may be a good reason for that, Github's auth/permissions can be frustrating, but I don't know

  35. Guus

    There really hasn't been any process to add people to the GitHub webteam, other than be invited by existing members. To the best of my knowledge, there is no intentional overlap with XSF workteams and the GitHub webteam.

  36. pep.

    MattJ, If possible, I'd ask for this to be changed to public

  37. MattJ

    I can't say I didn't see that coming :)

  38. Kev

    I'm trying to remember if I know what the reason is.

  39. Guus

    If anything, the github webteam can probably be clean up.

  40. MattJ

    I can imagine one possible explanation being that people don't necessarily want team associations showing up on their Github profiles

  41. pep.

    This makes the whole thing very opaque though

  42. Guus

    Maybe clean up, ask the remaining team for concerns, and make (not) public based on their feedback?

  43. pep.

    Nobody knows who can push

  44. pep.

    Or why they got commit rights in the first place

  45. Kev

    pep.: I think a clear list of who is (apart from iteam) allowed to push content to the website would be sensible.

  46. pep.

    sure

  47. Kev

    I don't think that making the github teams public is necessarily the way to do that.

  48. pep.

    It's the best way to keep both lists in sync

  49. pep.

    But ok

  50. Kev

    I also think that it doesn't matter, to some extent, as long as PRs are getting reviewed often enough. When contributing to most projects one doesn't try to find out who has commit access, they just send in PRs.

  51. Guus

    Having commteam members gain privileges to do reviewing of the public website does make sense to me.

  52. pep.

    We have work teams though, I didn't get editor rights until I got in there, and I wouldn't have expected to get them if I hadn't been accepted in the team

  53. Kev

    Guus: They have, no?

  54. Guus

    the way how XEPs are managed is a lot more structured than how our public website is.

  55. Kev

    As far as I can see, commteam has write access to both xmpp.org and xsf-tools.

  56. pep.

    I'm happy wherever the responsability of commiting to xsf/xmpp.org falls to, I just want it to be explicit (and it isn't atm)

  57. Guus

    Kev oh - that very well could be the case. I didn't check.

  58. Kev

    As far as I can see, iteam (although not expecting to use it for content) and commteam having write access to the website is sensible.

  59. Guus

    upon inspection: I don't think that commteam has access

  60. Guus

    I can't see everything

  61. Kev

    I think giving access beyond that should be a question for Board, because I don't think we should be giving out the ability to speak on behalf of the XSF (which is what the website is) arbitrarily.

  62. MattJ

    Strange, I see the same as Kev and ralphm - commteam has write access to the repo

  63. Guus

    but I don't htink that nyco has access, for example, nor has seve.

  64. Guus

    Oh, then I'm missing stuff

  65. Kev

    Permission level: Write Can read, clone, and push to this repository. Can also manage issues and pull requests.

  66. Guus

    which is entirely possible

  67. Kev

    Guus is not a member of the commteam, incidentally.

  68. Kev

    That's JC, Nyco, Seve and Winifried.

  69. Guus

    nope

  70. Guus

    nope i'm not.

  71. Guus

    Don't let me confuse people - you guys are in a better position to see what's what than me.

  72. Kev goes back to work stuffs.

  73. MattJ

    My proposal would be to drop the 'web' team, and stick to actual well-defined teams

  74. pep.

    MattJ, +1

  75. MattJ

    and add any other teams that it makes sense to have access

  76. MattJ

    such as iteam, maybe board

  77. Kev

    MattJ: I think I'd propose to have an explicit web team, same as our other teams.

  78. Guus

    I don't care much either way.

  79. MattJ

    Congrats, write the charter, etc. :)

  80. pep.

    I actually don't care either way

  81. Guus

    I'll follow Kev's good example and go do works stuff now.

  82. pep.

    (either)

  83. Kev

    But I CBA to do anything about it, and it mostly depends whether people on webteam and not on comms would want to do things.

  84. Kev &

  85. MattJ

    I don't see why we would trust someone to manage our website and not trust them to do other public-facing stuff on behalf of the XSF

  86. MattJ

    i.e. why anyone who works on the website shouldn't be part of commteam

  87. MattJ

    or another team with reasonable grounds for access

  88. Zash

    Sounds reasonable.

  89. ralphm

    Yup

  90. ralphm

    FWIW, the reason that the "Web" team exists is an historical artifact, from when there was no comms team and the website was overhauled.

  91. ralphm

    I agree it would be useful to just map the XSFs formal Work Teams, Council, and Board, as GitHub Teams as the basis for access.

  92. ralphm

    I also don't see why they'd need to be secret, as team membership is already made public on our website.

  93. Neustradamus

    Problem? https://xmpp.org/

  94. ralphm

    Neustradamus: works for me, but while you are here, please give me admin access to the LinkedIn org for the XSF.

  95. Guus

    https://xmpp.org/ works for me

  96. Zash

    Vauge question?

  97. ralphm

    Neustradamus: I think I've asked often enough by now.

  98. Neustradamus

    I have a blank page for https://xmpp.org/

  99. Guus

    > I have a blank page for https://xmpp.org/ I suspect that this is a problem local to you. It works fine for others, including me. I've even tried an incognito tab.

  100. Neustradamus

    Cache problem, sorry

  101. ralphm

    Neustradamus: did you see my message?

  102. Neustradamus

    It is possible to update the logo? - https://twitter.com/xmpp - https://wiki.xmpp.org/images/xmpp.png - https://xmpp.org/theme/images/xmpp-logo.svg and other too (regenerate from the last .SVG) - Memberbot - Other places

  103. ralphm

    Neustradamus: Is is possible to respond to my request for LinkedIn Org admin?

  104. ralphm

    Neustradamus: Is it possible to respond to my request for LinkedIn Org admin?

  105. Guus

    Neustradamus I can't fix 'other places' if I don't know where those are. 🙂

  106. Guus

    Hmm, I don't think I'm an admin of the XMPP team on Twitter (which I think means that I can't change the avatar there)

  107. Guus

    Please keep talking here, Neustradamus, and not in private. I know where the last updated version of the logo is.

  108. Guus

    But without access, I can't change it on the systems that it needs to be changed on.

  109. ralphm

    Guus: I don't think that Tweetdeck allows profile changes like that, you'd have to log into Twitter with the account credentials directly.

  110. Guus

    ralphm which is another reason why I can't do that. I don't have the account credentials.

  111. ralphm

    Guus: Kev does. Twitter is not designed for multiple people managing a single account, oddly enough.

  112. Neustradamus

    Guus: - https://github.com/xsf and repositories

  113. ralphm

    Neustradamus: a response to my message, please?

  114. Kev

    I'm not paying attention here, but if you need something please mail ralphm / Guus and I'll try to sort.

  115. ralphm

    Kev: ok, thanks!

  116. Guus

    The logo on https://github.com/xsf seems OK to me?

  117. Guus

    I don't think that individual repositories can have logos.

  118. Guus

    (I've emailed Kev with the Twitter request)

  119. ralphm

    You can add a logo that'll show up when a repo is mentioned by URL on social media (like Twitter, Slack), but we don't have that right now, and I don't think that's important either.

  120. wurstsalat

    Guus, is this the current one? I looked for one recently for gajim's website https://commons.wikimedia.org/wiki/File:XMPP_logo.svg

  121. Guus

    That seems to be correct, yes. I'm always using the one that's on the top-left corner of https://xmpp.org

  122. Guus

    https://xmpp.org/theme/images/xmpp-logo.svg

  123. Guus

    which is easy to remember: https://xmpp.org/theme/images/xmpp-logo.svg

  124. Neustradamus

    Guus: there was a little change after the previous, it was not the exactly same at right and left: https://commons.wikimedia.org/wiki/File:XMPP_logo.svg

  125. Guus

    Oh, Converse doesn't like me injecting links

  126. ralphm

    Guus: looks fine here

  127. Guus

    github logo replaced

  128. Guus

    Can someone do it on LinkedIn?

  129. Neustradamus

    From XMPP.org: https://i.ibb.co/vcqmc8b/xmpp-logo-xsf-test.png From Commons: https://i.ibb.co/Zgsjk3T/XMPP-logo-xsf-test.png

  130. Neustradamus

    Guus: Do you the difference? :)

  131. Guus

    Please provide a PR to fix the logo on xmpp.org.

  132. pep.

    ralphm: you have to adopt the Neustradamus technique to get him to reply to you

  133. ralphm

    Neustradamus: Guus makes a good point. If you'd stop ignoring me, I'd also be able to help him.

  134. pep.

    ralphm: fwiw once your rights are sorted out, I'd prefer this to get to whatever team it is appropriate rather than individuals

  135. ralphm

    pep.: naturally

  136. ralphm

    For every service that supports this.

  137. ralphm

    (unlike Twitter, ugh)

  138. intosi

    Neustradamus: please respond to ralphm's request.

  139. !XSF_Martin

    pep.: > ralphm: you have to adopt the Neustradamus technique to get him to reply to you What's that? You have to do a special dance?

  140. intosi

    while (true) { askSameQuestion(); sleep(random()%3600); /* this is where a sentinel would be implemented */ }

  141. Guus

    Neustradamus do you have a PNG version of the correct logo?

  142. moparisthebest

    you can generate one given the SVG, with inkscape on the command line at least

  143. Guus

    Yeah, which is going to get me in trouble because I missed pixel. I'd rather have it from him, to avoid any confusion.

  144. Ge0rG

    Wikipedia also lists https://www.livejournal.com/support/faq/270.html as an XMPP deployment

  145. Maranda

    Link Mauve, would there be a case in which eme can be used with messages using multiple encryption formats?

  146. Link Mauve

    Hmm, hopefully not, but I could see a made up case where you’d have full stanza encryption around (flagged with EME) and inside another kind of encryption, also flagged with EME.

  147. Link Mauve

    But those are two different “message” containers.

  148. Link Mauve

    Do you have another possible usecase?

  149. Maranda

    Link Mauve, I was just thinking that someone could really just encrypt one message using both openpgp and omemo for example

  150. Link Mauve

    Hmm, no, because they both can only encrypt the body.

  151. Maranda

    That would mean multiple eme elements would be needed I think? The schema doesn't limit instances either

  152. Link Mauve

    OTR-encrypted in OMEMO or OpenPGP might be a thing though, although I expect no one sane would ever do that.

  153. Link Mauve

    Can we limit instances of a payload in a message, in the schema?

  154. Ge0rG

    Link Mauve: yes we can. But should we?

  155. Ge0rG

    What's wrong with having a body encrypted both ways? Besides of having the possibility to sneak in two different messages, and that the resulting security is the worst of both.

  156. Maranda

    Link Mauve, I meant that one message stanza can contain both one omemo element and one openpgp element for example, to encrypt/sign whatever the same message content for something supporting one or the other

  157. Ge0rG

    The OpenPGP encrypted payload body would read: "I sent you an OMEMO encrypted message but your client doesn’t seem to support that. Find more information on https://conversations.im/omemo"

  158. Link Mauve

    Ge0rG, let’s rot13 encrypt twice with two EME tags for additional security!

  159. Maranda

    Ge0rG, that's not what I meant either.

  160. Link Mauve

    Maranda, sounds like an amazing can of worms.

  161. Ge0rG

    Link Mauve: according to XEP-0419?

  162. Link Mauve

    Ge0rG, yes.

  163. Maranda

    Ge0rG, I meant encrypted using xep-0374 not the legacy format

  164. Ge0rG

    Maranda: did you mean something different than what I wrote in my last non-sarcastic message?

  165. Maranda

    which has its own element and doesn't use <body />

  166. Maranda

    iiuc

  167. Maranda

    so one message in that case could be encrypted using... both?

  168. Ge0rG

    Maranda: you could put an <openpgp> element alongside an OMEMO <encrypted> element, and those might even contain ciphertexts of the same plaintext body

  169. Maranda

    Ge0rG, whatever.. I'm just trying to understand if that's a possibility I should take in account or not for MAM if that wasn't clear and if 2 eme elements can be appended to a stanza to advertise both encryptions

  170. flow

    Unless I hear a very convincing use-case for using multiple encryption mechanisms within the same stanza, I would probably recommend to not consider it. How many e-mail clients are capable of creating mails with OpenPGP and S/MIME parts?

  171. Ge0rG

    Maranda: 0380 does not forbid multiple <encryption> elements

  172. Ge0rG

    Maranda: other than that, you should retain all message elements in MAM

  173. Ge0rG

    _maybe_ with the exception of well-known noise elements, like chat states

  174. Maranda

    Ge0rG, for now it's very convenient to do otherwise... regarding retaining all elements.

  175. Maranda

    but I'm reviewing that code right now so.

  176. Ge0rG

    Maranda: I know that path. It leads into major pain later on.

  177. Maranda

    sorted