XSF Discussion - 2021-06-10

https://alpaca-attack.com/ can anyone twist this into an attack against browsers using XMPP servers?

wow they compromised FTP, what a surprise xD

oh man i cannot take this attack srsly hahaha

> https://alpaca-attack.com/ can anyone twist this into an attack against browsers using XMPP servers? Is the question equivalent to "Can xmpp server be tricked into echoing random JavaScript code someone sends to them" ?

Menel, I think so

and the answer may surprise you

given that many XMPP servers nowadays have open (but authenticated) HTTP upload :) ✏

imagine a service which has both xmpp and email (let’s call it fancybox.org). It has webmail on webmail.fancybox.org and http upload on share.fancybox.org, both using a *.fancybox.org certificate :)

Isn't one requirement that the fqdn must be equal?

Wildcard certificates are a thing.

Ah, that's bad then 😗

memberbot is still online until our meeting later today. When you have not voted yet then you can still do so in out current voting period. Thanks.

thanks for the reminder, done

Does https://archive.cabforum.org/pipermail/validation/2021-April/001651.html mean things might be moving wrt SRV certificates?

Hi. Now, is running my own server worse than Briar?

> mdosch wrote: > No idea, maybe tox or briar?

I assume we're actually going to have a board meeting today? Serious question, not snark

I know it is often hard to keep the weekly meetings going, we all tend to get busy

arc: > memberbot is still online until our meeting later today Sounds like there will be one.

And the draft coc is being discussed on email, too

That's the member meeting, not the board meeting.

arc, I'm certainly able to attend.

Me too

And Ralph is here because he just sent the email

here as in cyberspace?

As in meeting time.

Or xmpp virtual space?

I think we are all here

0. Welcome

Hi all!

o/

What items do you bring?

I have CoC

I think that is really itch but is a really big topic

A status check on the Open Collective stuff would be good

s/itch/it

Nothing beyond the draft Code of COnduct for me.

ok

1. Minute taker

I think MattJ is up

2. CoC

Dave made a draft and sent it to board. Jonas and I made some comments, and Dave some edits. I think we should move to submit to the XEP queue.

Also thanks Dave

I hope you'll have seen the drafts I've sent to the Board list. I'd like to get this into the community as a XEP as early as possible, but I'd like to be assured that we all think this is at least the right starting point first.

It also looked fine to me but I have not had a chance to really think about it too much

arc: is it good enough as a starting point to publich as experimental XEP to work on in public?

publish

I'm partway through it, so I don't have any feedback at this point - but I'm unlikely to object to pushing it to the queue if others have read it and believe its ready

Yeah as I said I think it's good

I’ve not seen it, but I’d just say that because it’s (I assume) contentious, it might be good to ensure Board are reasonably happy it’s a good direction, and not just publishing it (thereby creating potentially a lot of heat) if it’s likely to change direction significantly.

I'm just also taking classes on becoming a foster parent and that has been a really big drain on my free time

Kev: agreed, and that's why Dave posted it to the Board ML first.

arc: ACK. No worries

Kev, Putting any Code of Conduct into place is contentious, but it'll be in Experimental first for community feedback of course, before having a Last Call and moving to Active when we believe it's ready.

dwd: Yes. But if one of Board were to raise issues in public that could have been addressed previously, that would probably be suboptimal.

I’d even suggest running it by Council quietly.

council<->board liaison has seen the draft at least ✏

(and extensively commented and approved in general)

jonas’: I know, but it’s not clear to me that you speak for all of Council in this ;)

I certainly don’t, as not all of council has seen the draft

It’s also possible I overestimate how contentious it’ll be, and everyone everywhere will just agree it’s sensible :)

Kev, I think Board members commenting on it in public is OK, as long as we agree it's a good start point.

^

Kev, I think the most contentious part is having it at all.

It is relatively clear that a lot of thoughts was put into this, thank you for that!

my cents on this: - I don’t think that diametral disagreement with the document as written is going to happen in any reasonable way - The more of the discussion around the draft happens in public the better – I feel putting a complete document in front of the community looks like trying to put things in place without discussion.

Yeah, I'd rather get it open, given that several people who have read it are okay with this

I’ve made my point, I’m happy you’ve considered it :)

With that, I make my initial suggestion a motion.

+1

I agree with that.

+1

ralphm, I'm +1

MattJ for completeness?

+1

Motion carries. dwd: make it so, please.

jonas’, In that case, you want to grab it off the Board list, or would you prefer a PR?

dwd, if the latest .xml from the list is ok, I’ll just do it directly.

jonas’, Please, and thanks.

yay

2. Update on Open Collective

dwd, on it

Ge0rG?

I think the status is "waiting on Peter", but just want to check if there's anything else needed

cc Sam

I'm not sure what I'm supposed to do here?

sorry, brain misfire

but hi!

One of us, one of us 😆

Okay, well, we can proceed on list

Are there any projects waiting on thisô

I am going to give coc.xml a number right away because it was submitted by board, if that makes sense?

it doesn’t seem sensible to have it go through ProtoXEP

jonas’: I believe it’s appropriate to publish.

jonas’, Arguably our vote does approve it.

yes, that was my line of thought

jonas’, What number does it get?

458

sorry, I was away a bit

3. AOB

Not from me

None here

Just to note my change of employer, and I'm committing my now free Fridays to doing a bit of XSF and FLOSS work.

\o/

Yay!

wooho

4. Date of Next

+1W

5. Close

Thanks all!

Thanks Ralph

Or "semi retirement" as my wife keeps calling it.

haha

By that definition I'm retired

Lol

In 2021 does that even mean anything anymore?

dwd, https://xmpp.org/extensions/xep-0458.html

(and others)

You should get some chickens. They're a great start to a midlife semi retirement. Both a source of laughter and sweetness. Like earlier this week.. https://youtu.be/lwzZ6wpH_5A

jonas’ - I’m upset the Editor didn’t fix typos on the way through ;D

Kev, the editor has no time or energy to fix typos in any XEP at this point :)

"Patches welcome" ?

Are they really typos or just exercising linguistic evolution? 😊

arc: Yes.

Are there typos?

"we wish the maximize the applicability” s/the/to/ presumably.

arc, nice chicken, when is the barbecue?

They are pets. And generally you do not eat egg laying hens

dwd: Can I suggest “write a XEP” becomes “have a XEP published”?

I'm joking

To avoid potential confusion over whether people need the XSF’s permission to have non-standardised extensions from less familiar people.

Yeah, though it's also submit a XEP.

‘submit a document for publication as a XEP’?

Oh, I see, that section.

‘submit a XEP proposal'

Something along those lines.

I think the intent’s right, I’m just quibbling about verbiage.

"this guiding principle allows the XSF to partially or completely exclude anyone from any activity, for any reason” - I think that’s not *quite* true, because I don’t believe the XSF can prevent members from exercising their bylaws rights.

Ah, that's an interesting point. We could block a member from the member's mailing list, I suppose, but not from voting or attending the meeting.

But it could for non-members, so for members 'partially' applies.

ralphm: I’m not sure that members can be even partially excluded from voting.

And the XSF, as a body, can remove members of course, though it'd be fun trying.

hah

dwd: Yes, although not when taken with the accompanying claim that it’s the Board that gets to choose.

Anyway. I’ve read the whole thing. The intent seems good throughout. Thanks to Dave and whoever else has had input getting it there.

Lots of input from Board and elsewhere. Hopefully it reads OK.

I’d like to see the ‘write a XEP’ line tweaked, and I think the line about exclusion should be changed somehow. But I think that’s less quibbling than I expected.

he guys, its meeting time again. Let me get ready and start in 3 minutes

🥁️

okaay

here is our Agenda for today: https://wiki.xmpp.org/web/Meeting-Minutes-2021-06-10

1) Call for Quorum

as you can see 35 members voted via memberbot. So we have a quorum already and a good amount of voters this time

🗳

2) Items Subject to a Vote

new and retruning members, you can see al applicants here: https://wiki.xmpp.org/web/Membership_Applications_Q2_2021

3) Opportunity for XSF Members to Vote in the Meeting

anyone here in the meeting who has not boted yet and wants to do so now?

Doesn’t sound like it.

look like I can shutdown memberbot then and start working on the results

4) Announcement of Voting Results

when you reload the page at: https://wiki.xmpp.org/web/Meeting-Minutes-2021-06-10#Announcement_of_Voting_Results you can see the results

all applicants and reappliers are acceped. Congrats to everyone

5) Any Other Business?

None from me.

Nor me.

6) Formal Adjournment

seconded

I motion that we adjourn

;)

Hi

Thanks Alex.

As always.

thanks everyone

Thanks Alex!

Thanks Alex!

Welcome wurstsalat 😃

congrats wurstsalat :)

thanks alex and welcome wurstsalat :)

I am busy at the moment rewriting the research proposal with XMPP parts.

🎉️

Welcome!

When are you going to vote next time?

They're quarterly meetings, so in 3 months

Not bad, I have 3 months

Alex, are there stats on the voting rate?

emus: no, only the results in the minutes on the Wiki

Thats not being evaluated usually? Well, one could do it themselves of course