Beyond what's been added to Trello, any other topics to discuss?
pep.
Not from me
ralphm
1. Minute taker
pep.
Not me this time
Guus
Sorry, I"m here!
Guus
I can do the minutes
pep.
thanks
Guus
No additional agenda items for me
ralphm
2. Member opinion
ralphm
pep.?
pep.
yep
ralphm
Flow is asking in the context of "adopt-a-character". He would like to poll members and is thinking about using https://civs.cs.cornell.edu/. This requires email addresses though to be able to limit to one vote per person.
He asks if he can get members' email addresses."
pep.
Flow was asking how to perform member opinion votes. He'd like to use https://civs.cs.cornell.edu/ (condorcet voting service) but that requires members' emails
ralphm
I don't think we can do this.
pep.
Which, the xsf having no privacy policy..
pep.
I am personally keen on trying out this voting method, but I'm not exactly fond of giving away members' emails, yes
jonas’
can we implement concordet in memberbot?
pep.
"not today"
pep.
But eventually that'd be ideal
jonas’
well we can’t give away email addresses today either ;)
ralphm
Doesn't mean we can in fact just give out member's e-mail addresses. Even without a policy, I'm pretty sure it violates, among others, the GDPR.
jonas’
can we have memberbot collect votes and put the votes in an existing concordet tool?
jonas’
without passing on PII
ralphm
I think Alex can rig up memberbot, but I'm unsure what you still need concordet for afterwards
pep.
ralphm, if we had a privacy policy saying we use third-partyXX to do voting and they require email addresses for this specific reason (which is a very valid reason tbh), we wouldn't be violating GDPR
Guus
I feel strongly about not giving out members email addresses to a third, unless they choose to supplied it themselves (like we do with the dinner signup form).✎
Guus
I feel strongly about not giving out members email addresses to a third party, unless they choose to supplied it themselves (like we do with the dinner signup form). ✏
jonas’
ralphm, concordet is a voting scheme beyond a simple majority vote
pep.
Guus, well there we use google forms, it's not really better :P While I'm free to not answer that form, it's a requirement for me to go to the dinner✎
pep.
Guus, well there we use google forms, it's not really better :P While I'm free not to answer that form, it's a requirement for me to go to the dinner ✏
ralphm
pep., regarding dinner, nobody's raised issues around that before. If they had, we'd have accomodated.
Guus
at the very least, it's not the XSF supplying the mail addresses.
pep.
I've asked multiple times not to use gforms yes, ralphm
Guus
(and what he said)
Guus
let's not get into that right now.
pep.
Sure
Guus
but focus on the voting stuff.
Guus
is it feasible to create / adapt a bot for this?
nycohas left
pep.
It surely is
Guus
also: do we _need_ a fully fault tolerant / highly secure voting mechanism for something that's basically an advice on picking a pretty picture?
nycohas joined
Guus
maybe we're overengineering this?
pep.
Guus, that's beyond the point
pep.
It's mostly to try out the method
MattJ
Feels like scope creep to me :)
pep.
Some of us would like to change our voting system within the XSF and that's a perfect way to test it
jonas’
I’m with pep that trying a voting method for a non-critical vote is better than trying it first in a membership/council/board vote ;)
Guus
Oh, I'm perfectly happy for using it as a testbed.
MattJ
But this is indeed a low-priority issue as far as I'm concerned, so if it gets stuck behind a memberbot rewrite I'm not going to complain too much
nycohas left
pep.
Ok so, "stuck being a bot rewrite" is our answer?
nycohas joined
pep.
At least we can clearly answer "no" to giving away members' emails
Guus
but, the issue at hand: will XSF give out its members email addresses.
Guus
exactly.
Guus
Might be good to not require the bot rewrite for the membership advice to happen.✎
pep.
Either we adapt a bot, or we setup a voting service on our infra
Guus
Might be good to not require the bot rewrite for the membership advice (on the adopt-a-character thingy) to happen. ✏
pep.rolls eyes
pep.
I guess that's this sorted anyway.
ralphm
3. member.json
ralphm
Is this about https://xmpp.org/about/xsf/members.html?\✎
ralphm
Is this about https://xmpp.org/about/xsf/members.html? ✏
pep.
yes
rionhas left
ralphm
Then you should raise this with Alex.
Guus
if not correct, provide PR? It seems to be maintained pretty regularly - but there's always a chance of an error slipping through.
ralphm
Indeed
pep.
Ah I have an AOB from Flow regarding members.json (just remembered)
ralphm
pep., different from this?
pep.
yes
ralphm
If you want, we can do it here?
pep.
Ah ok, I was waiting for AOBs. Sure
pep.
Privacy concerns, fullname stays in git even after being removed.
pep.
I am personally not sure what to do about this or if it's a concern at all. GDPR-related
pep.
And other privacy laws
jonas’
hm, I’d say the fullname stays in mailing list archives, too, as well as wiki. Of course, those can be redacted, while redacting the git would be ... painful
pep.
yeah
ralphm
I don't really know if we can or should do something about this.
pep.
In the meantime, maybe we could have a privacy policy though to be aplicit about this✎
pep.
In the meantime, maybe we could have a privacy policy though to be explicit about this ✏
I agree we should have one. It might be good to have some legal advice before we publish one, though.
pep.
I don't think I am the right person to do this tbh. Someday(tm) can surely list things that the XSF does re privacy, but then shouldn't we need legal advice
pep.
Yes :)
ralphm
Anyone have access to someone?
pep.
Not off-hand. I can poke around but I don't expect much
bearhas joined
ralphm
Ok.
Guus
Winfried maybe?
ralphm
Guus: good call
Guus
isn't that up his alley?
Guus
unsure if he's available for this, but we can ask/
ralphm
4. Commitments
pep.
Somebody(tm)* (why "someday"..)
pep.
Guus, can you ask? Should I ask
Guus
could you?
ralphm
I've sent out the e-mails, have gotten one response, who would revisit in a few months.
pep.
Guus, k
Guus
tx
rionhas joined
pep.
re comms person, I'd like to clarify some bits
ralphm
I haven't heard back about my contact for communications.
ralphm
ok
pep.
Ok I was kinda feeling blocked about this. I got strong hints that we didn't want to bother with contracting as long as it wasn't "necessary". And at the same time you announced you might have someone. So I wasn't entirely sure what to do
pep.
I also haven't heard back from anyone, so I'll try to do another round of poking to different people.
ralphm
same
adiaholic_has left
ralphm
As for not wanting to bother, setting up a contracting relationship is not my expertise, so I am not sure what would be involved. If someone were to offer services in kind as a form of sponsorship, that would indeed make things a bunch easier.
ralphm
So it is not that I don't /want/ to.
pep.
I think that's a "skill" that we should acquire one way or another, as it will come in handy. It can also "just" be contracting a party that does contracting for us.
MattJ
My contact would likely want to freelance
pep.
contact in? comms?
MattJ
Yeah
pep.
cool :)
MattJ
Someone I used to work who does marketing/comms is currently looking for more work
pep.
Do you think you can put me in contact? or maybe you're happy to handle it?
MattJ
It would be great if someone else were able, I'm a little overloaded right now
MattJ
But I can definitely put you in contact
pep.
thanks
ralphm
Cool.
ralphm
pep., and I agree that we should figure that out, but unsure how to start, and if us being incorporated in Delaware affects how this works.
MattJ
I don't see why, I've done plenty of contracting for Delaware companies
Guus
maybe talk to Peter?
pep.
ralphm, I wasn't planning to talk about it until next week, but I've been poking SPI (https://spi-inc.org) and I see ways we could benefit from it
Guus
didn't the XSF hire laywers before?
Guus
should be a comparable process to hiring someone else.
pep.
https://spi-inc.org/projects/services/
Guus
(I'm referring to Peter as I think he initiated that, back then)
ralphm
Guus: I asked Peter a while ago, but we haven't before.
Guus
ah, ok.
ralphm
I think the lawyers either worked for Jabber, Inc. or were kind enough to consult without a formal relationship.
Guus
k
ralphm
But that doesn't mean that Peter might not have some good direction.
ralphm
So good idea to ask him.
pep.
nobody re SPI?
Guus
setting up a relationship with SPI would be something worth considering - but it'd take figuring out what that entails.
Seve
> nobody re SPI?
I'm just reading it, didn't know them before
ralphm
I can't open that website, it requires TLS <1.2
Guus
I currently don't have a clue what kind of responsibilities that adds to our plate, and what we'd get in return.
ralphm
(i.e. Firefox complains)
Guus
(we're 15 minutes over time)
pep.
ralphm, they propose services for projects incl. "Accepting donations and holding funds", "Holding substantial assets", "Holding intangible assets", "Signing Contracts", "Legal assistance", "Technical services"
pep.
ralphm, yeah it complains here as well.
wurstsalathas left
wurstsalathas joined
ralphm
Ah, good to know.
ralphm
Guus: good point, let's continue next week.
ralphm
5. AOB
pep.
none
ralphm
6. Date of Next
ralphm
+1W
ralphm
7. Close
ralphm
Thanks all!
ralphmbangs gavel
pep.
Thanks
MattJ
Thanks
Seve
Thank you guys
bearhas left
Guus
Thanks
lovetoxhas joined
pep_
.
pep_has left
jonas’
duplipep
pep.
:)
pep.
Testing that @id thing
stpeterhas joined
stpeterhas left
pep.
Thanks Guus for the minutes
pep_has joined
pep_has left
lovetoxhas left
larmahas left
larmahas joined
Sevehas left
Sevehas joined
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
ajhas joined
Jeybehas left
Jeybehas joined
bearhas joined
flow
regarding mail addresses, voting and memberbot: there is potentially the option that we feed memberbot with the N voting URLs for our N members and then every member can draw an URL via memberbot
sonnyhas left
sonnyhas joined
flow
and regarding members.json: in germany you have to delete member/client data after a member/client leaves the society/club/company. so having members.json under VCS without explicitly pruning is a data protection violation
flow
i would expect the same to be true for most of the EU
jonas’scratches head
flow
my suggestion would be to move members.json outside the git onto a special folder and consider pruning the git
jonas’
now I wonder if that applies to a thing incorporated in delaware
jonas’
question is, where would that folder be hosted?
sonnyhas left
sonnyhas joined
jonas’
we don’t have non-revisioned storage which can be accessed by non-admins
flow
on our infrastrucutre?
flow
probably, but that shouldn't be an issue
jonas’
the wiki has revisions, all git has revisions. and I don’t know of any other systems where we could give individuals outside iteam +w
jonas’
it currently *is* an issue
flow
yes, currently
pep.
pruning that from git is gonna be fun
jonas’
which brings me back to the question: "where would that folder be hosted?"
jonas’
and "on our infrastructure" is not a satisfactory answer to t hat
jonas’
kitchen, for real now
flow
if I only knew why it isn't an satisfactory answer, then I would be glad to make it one
lovetoxhas joined
pep.
I guess because of "I don’t know of any other systems where we could give individuals outside iteam +w"
pep.
There could be an upload folder thingy created for the secretary to update
flow
is it impossible to get the xsf secretary an account?
jonas’
flow, then you still need to make the file available to the build process. and, no, I’m not happy with passing around even restricted shell accounts as long as we don’t even have a central user account management on the servers.
LNJhas left
sonnyhas left
sonnyhas joined
jonas’
flow, so, SSH is out of the question for now, and then the question is: what service would host that folder, who would maintain that service, and how would we handle access control for people with +w to that folder as well as the build process which needs +r
LNJhas joined
adiaholic_has joined
jonas’
sorry, much of this was obvious from my perspective, but I can see how it might not be for everyone
sonnyhas left
sonnyhas joined
flow
as much as I really like a central user management, i think I wouldn't block on that
flow
and i do not see an issue giving the xsf secretary an account allowing ssh
pep.
What about.. storing encrypted members.json in git instead :x
flow
same issue wrt build process i'd guess
pdurbinhas joined
pep.
hmm not so much different indeed.
Jeybehas left
Jeybehas joined
goffihas joined
bearhas left
Jeybehas left
Jeybehas joined
LNJhas left
LNJhas joined
alameyohas left
alameyohas joined
ajhas left
pdurbinhas left
Jeybehas left
Jeybehas joined
bearhas joined
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
goffihas left
Zashhas left
Jeybehas left
Jeybehas joined
Nekithas left
Wojtekhas joined
vanitasvitaehas left
vanitasvitaehas joined
Zashhas joined
Yagizahas joined
Yagizahas left
edhelashas left
edhelashas joined
Sevehas left
Sevehas joined
Jeybehas left
Jeybehas joined
draulahas joined
mukt2has joined
Yagizahas joined
Yagizahas left
draulahas left
Yagizahas joined
mukt2has left
Yagizahas left
Yagizahas joined
Yagizahas left
ajhas joined
Jeybehas left
Jeybehas joined
pdurbinhas joined
Jeybehas left
Jeybehas joined
pdurbinhas left
ajhas left
Steve Killehas left
debaclehas joined
Steve Killehas joined
Yagizahas joined
Jeybehas left
Jeybehas joined
afrogeekhas joined
afrogeekhas left
alexishas left
Yagizahas left
Jeybehas left
Jeybehas joined
goffihas joined
mukt2has joined
Jeybehas left
Jeybehas joined
mukt2has left
Jeybehas left
Jeybehas joined
werdanhas joined
Jeybehas left
Jeybehas joined
sonnyhas left
sonnyhas joined
werdanhas left
Jeybehas left
Jeybehas joined
j.rhas left
debaclehas left
Nekithas joined
debaclehas joined
j.rhas joined
j.rhas left
werdanhas joined
j.rhas joined
flow
xep50 § 3.5.1 "Responders SHOULD consider any <x type='cancel'/> to be <x type='submit'/>."
what does is that supposed to mean? I appears that xep50 does not use form type 'cancel' anywhere (at least i could not find it)