XSF Discussion - 2021-04-28


  1. moparisthebest

    jonas’, re: https://github.com/dino/dino/issues/1041 maybe that XEP should have something along those lines in the Implementation Notes ?

  2. Ge0rG

    So I was cleaning up my xep0280 branches and found a commit from 2019 that wasn't mered into mainline :(

  3. Ge0rG

    I _think_ it was related to the 2019 LC

  4. lovetox

    moparisthebest, the XEP says it quite strongly

  5. lovetox

    Therefore, a recipient SHOULD NOT rely on delayed delivery notations to provide a completely accurate representation of the delivery path or timing of a stanza it has received.

  6. lovetox

    i dont know what more can be done here, next step would be to draw developers examples on how a client can visualize it to users

  7. lovetox

    i dont think a XEP is the right place for something like that

  8. moparisthebest

    I feel like it might mention something along those lines though

  9. moparisthebest

    "consider how to convey this to users in a proper way" or something

  10. lovetox

    i have the opinion if you do anything other than simply display the delayed timestamp to the user, but otherwise ignoring it, you go down a rabbithole

  11. moparisthebest

    that kind of this should likely be in XEPs no ?

  12. moparisthebest

    "if you put this in the user's history in the correct place, rather than showing it as a new message, they'll likely never see it" ?

  13. moparisthebest

    that's pretty darn close to a security consideration

  14. lovetox

    i just feel that reduces XEPs to things that GUI chat clients implement

  15. lovetox

    but as i understand it this is only one use case for xmpp

  16. lovetox

    my opinion is, this stuff should get a place somewhere else

  17. Ge0rG

    moparisthebest: security considerations is the section that's ignored by the most readers

  18. moparisthebest

    Ge0rG, the only thing ignored *more* than security considerations are the things not written down in the first place :)

  19. Ge0rG

    moparisthebest: blasphemy! Our protocols are very well documented and don't rely on tribal knowledge

  20. mathieui

    Ge0rG, what if you shove all the examples in the security considerations and make the CVE block pop-up when they try to copypaste from them?

  21. Ge0rG

    Pop-under or what the latest trends are? Hijack the DOM and additional text into the clipboard