XSF Discussion - 2021-09-26


  1. emus

    But Ge0rG, are the CVEs pulled to the security website by XSF now or is that to be biild?

  2. emus

    Apart from that, its end of month. Everyone is invited to add their news to the newsletrer! πŸ“ŒπŸ—’

  3. Ge0rG

    emus: somebody needs to build that yet

  4. emus

    ok thx

  5. phryk

    Is it possible to generate account loginc URIs with the xmpp: scheme?

  6. phryk

    i.e. after a web registration, I'd like to offer a link people can click to log into the newly created account with an installed client – is that possible?

  7. Zash

    easier to make it secure by passing a reference to the client and have it register itself from there

  8. phryk

    That's what I'm doing – but not all clients support handling invite-based registrations, so I need a fallback.

  9. Zash

    If you are very lucky, xmpp://username@hostname/ may do the right thing.

  10. Zash

    https://www.rfc-editor.org/rfc/rfc5122#section-2.3

  11. MattJ

    That's the theory, but I don't know any client that actually supports that

  12. wgreenhouse

    > If you are very lucky, xmpp://username@hostname/ may do the right thing. conversations parsed that correctly, nice

  13. wgreenhouse

    is there an equivalent for MUCs?

  14. Zash

    wgreenhouse, what did it do, exactly?

  15. Zash

    It does the *wrong* thing here

  16. phryk

    Okay, then I guess I'll just put a collapsed element there so users can show their login data plainly but can make sure nobody's shoulder-surfing first…

  17. MattJ

    That's what I did for Snikket

  18. MattJ

    for the web registration flow

  19. Zash

    That's what the invite based registration stuff for Prosody already does, yes.

  20. Zash

    wgreenhouse, the correct or at least intended behavior would have been to offer to add a new account. it seems to do the same thing as xmpp:user@host here

  21. Ge0rG

    phryk: why not use easy account invitations like in Siskin. You create an invitation token / link and the user can complete account creation from their client. No need to transmit passwords

  22. MattJ

    Ge0rG, "but not all clients support handling invite-based registrations, so I need a fallback"

  23. Zash

    Dejaovuueueue

  24. wgreenhouse

    > wgreenhouse, the correct or at least intended behavior would have been to offer to add a new account. it seems to do the same thing as xmpp:user@host here Zash: yeah it offered to add the contact to roster, not register an account

  25. Zash

    Wrong!

  26. Zash

    xmpp:user@host means "talk to user@host", like mailto:user@host xmpp://user@host means "access host as user", like http://user@host

  27. MattJ

    wgreenhouse, then the equivalent (join a MUC) is xmpp:room@host?join

  28. wgreenhouse

    > Wrong! aha

  29. wgreenhouse

    > wgreenhouse, then the equivalent (join a MUC) is xmpp:room@host?join yeah, I knew this, I misunderstood the intent of the xmpp:// scheme until Zash's further explanation a moment ago

  30. Zash

    finally xmpp://you@yourhost/me@myhost would be "contact me from yourhost"

  31. Zash

    On some platforms where you can't deal with xmpp:user@host a hacky workaround like xmpp:///user@host was used iirc

  32. Zash

    as in, the authority part is empty there

  33. emus

    Hello, we have the first interest of a project (?) for the XSF fiscal host from Thilo Molitor who is the lead developer of Monal. The question is, how would it be working right now? We accept it, then we have a XSF account, we define a code and if that suits to the project we will transfer the money to a specified account, e.g. Thilo Molitor?

  34. emus

    @board, if that needs mire discussion I would like to ask to put it to the upcoming agenda

  35. Sam

    emus: they create a profile on Open Collective. Whenever someone donates, the money goes into the xsf bank account. Whenever they take the money out to pay for something it is paid out of the xsf account using their balance.The xsf does the accounting and what not.

  36. Sam

    The website stuff needs to be merged before it can actually be enabled on open collective though

  37. emus

    ok thx

  38. emus

    Is the process described in the PR

  39. emus

    havent had time to read yet

  40. Sam

    Huh, the new fiscal host page also did the HTTP complaint thing for me, but that one is definitely not cached.

  41. Sam

    Is anyone else here on Open Collective (and can you take a screenshot for me from an account that's not an administrator on the XSF one)?

  42. Sam

    Oh, nevermind, the button still exists if you're not logged in, it's just in a different place. Weird.

  43. phryk

    whoop, finally finished the dynamic setup guides for all OSes \o/