XSF Discussion - 2021-06-10

  11. moparisthebest https://alpaca-attack.com/ can anyone twist this into an attack against browsers using XMPP servers?
  130. qrpnxz wow they compromised FTP, what a surprise xD
  132. qrpnxz oh man i cannot take this attack srsly hahaha
  139. Menel > https://alpaca-attack.com/ can anyone twist this into an attack against browsers using XMPP servers? Is the question equivalent to "Can xmpp server be tricked into echoing random JavaScript code someone sends to them" ?
  141. jonas’ Menel, I think so
  142. jonas’ and the answer may surprise you
  143. jonas’ given that many XMPP servers nowadays have open HTTP upload :)
  144. jonas’ given that many XMPP servers nowadays have open (but authenticated) HTTP upload :)
  145. jonas’ imagine a service which has both xmpp and email (let’s call it fancybox.org). It has webmail on webmail.fancybox.org and http upload on share.fancybox.org, both using a *.fancybox.org certificate :)
  207. marc Isn't one requirement that the fqdn must be equal?
  209. adiaholic has joined
  210. emus has joined
  212. Zash Wildcard certificates are a thing.
  214. marc Ah, that's bad then 😗
  Alex memberbot is still online until our meeting later today. When you have not voted yet then you can still do so in out current voting period. Thanks.
  jonas' thanks for the reminder, done
  255. Zash Does https://archive.cabforum.org/pipermail/validation/2021-April/001651.html mean things might be moving wrt SRV certificates?
  şişio Hi. Now, is running my own server worse than Briar?
  şişio > mdosch wrote:
> No idea, maybe tox or briar?
  arc I assume we're actually going to have a board meeting today? Serious question, not snark
  arc I know it is often hard to keep the weekly meetings going, we all tend to get busy
  mdosch arc: > memberbot is still online until our meeting later today
Sounds like there will be one.
  Zash That's the member meeting, not the board meeting.
  dwd arc, I'm certainly able to attend.
  MattJ Me too
  arc And Ralph is here because he just sent the email
  ralphm here as in cyberspace?
  dwd As in meeting time.
  arc Or xmpp virtual space?
  arc I think we are all here
  ralphm bangs gavel
  ralphm 0. Welcome
  ralphm Hi all!
  MattJ o/
  ralphm What items do you bring?
  ralphm I have CoC
  arc I think that is really itch but is a really big topic
  MattJ A status check on the Open Collective stuff would be good
  arc s/itch/it
  dwd Nothing beyond the draft Code of COnduct for me.
  ralphm ok
  ralphm 1. Minute taker
  ralphm I think MattJ is up
  ralphm 2. CoC
  ralphm Dave made a draft and sent it to board. Jonas and I made some comments, and Dave some edits. I think we should move to submit to the XEP queue.
  ralphm Also thanks Dave
  dwd I hope you'll have seen the drafts I've sent to the Board list. I'd like to get this into the community as a XEP as early as possible, but I'd like to be assured that we all think this is at least the right starting point first.
  arc It also looked fine to me but I have not had a chance to really think about it too much
  ralphm arc: is it good enough as a starting point to publich as experimental XEP to work on in public?
  ralphm publish
  MattJ I'm partway through it, so I don't have any feedback at this point - but I'm unlikely to object to pushing it to the queue if others have read it and believe its ready
  530. mathijs has left
  arc Yeah as I said I think it's good
  Kev I've not seen it, but I'd just say that because it's (I assume) contentious, it might be good to ensure Board are reasonably happy it's a good direction, and not just publishing it (thereby creating potentially a lot of heat) if it's likely to change direction significantly.
  arc I'm just also taking classes on becoming a foster parent and that has been a really big drain on my free time
  ralphm Kev: agreed, and that's why Dave posted it to the Board ML first.
  ralphm arc: ACK. No worries
  dwd Kev, Putting any Code of Conduct into place is contentious, but it'll be in Experimental first for community feedback of course, before having a Last Call and moving to Active when we believe it's ready.
  Kev dwd: Yes. But if one of Board were to raise issues in public that could have been addressed previously, that would probably be suboptimal.
  Kev I'd even suggest running it by Council quietly.
  jonas' council liaison has seen the draft at least
  jonas' council<->board liaison has seen the draft at least
  jonas' (and extensively commented and approved in general)
  Kev jonas': I know, but it's not clear to me that you speak for all of Council in this ;)
  jonas' I certainly don't, as not all of council has seen the draft
  Kev It's also possible I overestimate how contentious it'll be, and everyone everywhere will just agree it's sensible :)
  dwd Kev, I think Board members commenting on it in public is OK, as long as we agree it's a good start point.
  ralphm ^
  dwd Kev, I think the most contentious part is having it at all.
  arc It is relatively clear that a lot of thoughts was put into this, thank you for that!
  jonas' my cents on this: - I don't think that diametral disagreement with the document as written is going to happen in any reasonable way - The more of the discussion around the draft happens in public the better – I feel putting a complete document in front of the community looks like trying to put things in place without discussion.
  MattJ Yeah, I'd rather get it open, given that several people who have read it are okay with this
  Kev I've made my point, I'm happy you've considered it :)
  ralphm With that, I make my initial suggestion a motion.
  ralphm +1
  arc I agree with that.
  arc +1
  dwd ralphm, I'm +1
  ralphm MattJ for completeness?
  MattJ +1
  ralphm Motion carries. dwd: make it so, please.
  dwd jonas', In that case, you want to grab it off the Board list, or would you prefer a PR?
  jonas' dwd, if the latest .xml from the list is ok, I'll just do it directly.
  dwd jonas', Please, and thanks.
  ralphm yay
  ralphm 2. Update on Open Collective
  jonas' dwd, on it
  ralphm Ge0rG?
  MattJ I think the status is "waiting on Peter", but just want to check if there's anything else needed
  MattJ cc Sam
  Ge0rG I'm not sure what I'm supposed to do here?
  ralphm sorry, brain misfire
  ralphm but hi!
  arc One of us, one of us 😆
  MattJ Okay, well, we can proceed on list
  arc Are there any projects waiting on thisô
  jonas' I am going to give coc.xml a number right away because it was submitted by board, if that makes sense?
  jonas' it doesn't seem sensible to have it go through ProtoXEP
  Kev jonas': I believe it's appropriate to publish.
  dwd jonas', Arguably our vote does approve it.
  jonas' yes, that was my line of thought
  dwd jonas', What number does it get?
  jonas' 458
  ralphm sorry, I was away a bit
  ralphm 3. AOB
  arc Not from me
  MattJ None here
  dwd Just to note my change of employer, and I'm committing my now free Fridays to doing a bit of XSF and FLOSS work.
  MattJ \o/
  ralphm Yay!
  jonas' wooho
  ralphm 4. Date of Next
  ralphm +1W
  ralphm 5. Close
  ralphm Thanks all!
  ralphm bangs gavel
  arc Thanks Ralph
  dwd Or "semi retirement" as my wife keeps calling it.
  ralphm haha
  MattJ By that definition I'm retired
  arc Lol
  arc In 2021 does that even mean anything anymore?
  jonas' dwd, https://xmpp.org/extensions/xep-0458.html
  jonas' (and others)
  arc You should get some chickens. They're a great start to a midlife semi retirement. Both a source of laughter and sweetness. Like earlier this week.. https://youtu.be/lwzZ6wpH_5A
  Kev jonas' - I'm upset the Editor didn't fix typos on the way through ;D
  jonas' Kev, the editor has no time or energy to fix typos in any XEP at this point :)
  Zash "Patches welcome" ?
  arc Are they really typos or just exercising linguistic evolution? 😊
  Kev arc: Yes.
  dwd Are there typos?
  Kev "we wish the maximize the applicability" s/the/to/ presumably.
  666. marc0s has left
  667. marc0s has joined
  John arc, nice chicken, when is the barbecue?
  arc They are pets. And generally you do not eat egg laying hens
  John I'm joking
  dwd Yeah, though it's also submit a XEP.
  Kev 'submit a document for publication as a XEP'?
  dwd Oh, I see, that section.
  Kev 'submit a XEP proposal'
  Kev Something along those lines.
  Kev I think the intent's right, I'm just quibbling about verbiage.
  Kev "this guiding principle allows the XSF to partially or completely exclude anyone from any activity, for any reason" - I think that's not *quite* true, because I don't believe the XSF can prevent
  840. Alex he guys, its meeting time again. Let me get ready and start in 3 minutes
  841. Zash 🥁️
  842. Alex okaay
  843. Alex bangs the gavel
  844. Alex here is our Agenda for today: https://wiki.xmpp.org/web/Meeting-Minutes-2021-06-10
  846. Alex 1) Call for Quorum
  852. Alex 2) Items Subject to a Vote
  853. Alex new and retruning members, you can see al applicants here: https://wiki.xmpp.org/web/Membership_Applications_Q2_2021
  854. Alex 3) Opportunity for XSF Members to Vote in the Meeting
  855. Alex anyone here in the meeting who has not boted yet and wants to do so now?
  856. Kev Doesn’t sound like it.
  857. Alex look like I can shutdown memberbot then and start working on the results
  858. Guus has joined
  861. Alex 4) Announcement of Voting Results
  862. pjn has joined
  863. Alex when you reload the page at: https://wiki.xmpp.org/web/Meeting-Minutes-2021-06-10#Announcement_of_Voting_Results you can see the results
  864. Alex all applicants and reappliers are acceped. Congrats to everyone
  869. Alex 5) Any Other Business?
  870. Zash None from me.
  871. Kev Nor me.
  872. Alex 6) Formal Adjournment
  873. Kev seconded
  875. Alex I motion that we adjourn
  876. Kev ;)
  877. eevvoor Hi
  878. Alex bangs the gavel
  879. Kev Thanks Alex.
  880. Kev As always.
  881. Alex thanks everyone
  882. Zash Thanks Alex!
  883. wurstsalat Thanks Alex!
  891. eevvoor I am busy at the moment rewriting the research proposal with XMPP parts.
  930. emus 🎉️
  931. emus Welcome!
  956. adiaholic has joined
  957. Alex emus: no, only the results in the minutes on the Wiki
  958. emus Thats not being evaluated usually? Well, one could do it themselves of course
