-
moparisthebest
jonas’, re: https://github.com/dino/dino/issues/1041 maybe that XEP should have something along those lines in the Implementation Notes ?
-
Ge0rG
So I was cleaning up my xep0280 branches and found a commit from 2019 that wasn't mered into mainline :(
-
Ge0rG
I _think_ it was related to the 2019 LC
-
lovetox
moparisthebest, the XEP says it quite strongly
-
lovetox
Therefore, a recipient SHOULD NOT rely on delayed delivery notations to provide a completely accurate representation of the delivery path or timing of a stanza it has received.
-
lovetox
i dont know what more can be done here, next step would be to draw developers examples on how a client can visualize it to users
-
lovetox
i dont think a XEP is the right place for something like that
-
moparisthebest
I feel like it might mention something along those lines though
-
moparisthebest
"consider how to convey this to users in a proper way" or something
-
lovetox
i have the opinion if you do anything other than simply display the delayed timestamp to the user, but otherwise ignoring it, you go down a rabbithole
-
moparisthebest
that kind of this should likely be in XEPs no ?
-
moparisthebest
"if you put this in the user's history in the correct place, rather than showing it as a new message, they'll likely never see it" ?
-
moparisthebest
that's pretty darn close to a security consideration
-
lovetox
i just feel that reduces XEPs to things that GUI chat clients implement
-
lovetox
but as i understand it this is only one use case for xmpp
-
lovetox
my opinion is, this stuff should get a place somewhere else
-
Ge0rG
moparisthebest: security considerations is the section that's ignored by the most readers
-
moparisthebest
Ge0rG, the only thing ignored *more* than security considerations are the things not written down in the first place :)
-
Ge0rG
moparisthebest: blasphemy! Our protocols are very well documented and don't rely on tribal knowledge
-
mathieui
Ge0rG, what if you shove all the examples in the security considerations and make the CVE block pop-up when they try to copypaste from them?
-
Ge0rG
Pop-under or what the latest trends are? Hijack the DOM and additional text into the clipboard