XSF Discussion - 2021-09-26

But Ge0rG, are the CVEs pulled to the security website by XSF now or is that to be biild?

Apart from that, its end of month. Everyone is invited to add their news to the newsletrer! 📌🗒

emus: somebody needs to build that yet

ok thx

Is it possible to generate account loginc URIs with the xmpp: scheme?

i.e. after a web registration, I'd like to offer a link people can click to log into the newly created account with an installed client – is that possible?

easier to make it secure by passing a reference to the client and have it register itself from there

That's what I'm doing – but not all clients support handling invite-based registrations, so I need a fallback.

If you are very lucky, xmpp://username@hostname/ may do the right thing.

https://www.rfc-editor.org/rfc/rfc5122#section-2.3

That's the theory, but I don't know any client that actually supports that

> If you are very lucky, xmpp://username@hostname/ may do the right thing. conversations parsed that correctly, nice

is there an equivalent for MUCs?

wgreenhouse, what did it do, exactly?

It does the *wrong* thing here

Okay, then I guess I'll just put a collapsed element there so users can show their login data plainly but can make sure nobody's shoulder-surfing first…

That's what I did for Snikket

for the web registration flow

That's what the invite based registration stuff for Prosody already does, yes.

wgreenhouse, the correct or at least intended behavior would have been to offer to add a new account. it seems to do the same thing as xmpp:user@host here

phryk: why not use easy account invitations like in Siskin. You create an invitation token / link and the user can complete account creation from their client. No need to transmit passwords

Ge0rG, "but not all clients support handling invite-based registrations, so I need a fallback"

Dejaovuueueue

> wgreenhouse, the correct or at least intended behavior would have been to offer to add a new account. it seems to do the same thing as xmpp:user@host here Zash: yeah it offered to add the contact to roster, not register an account

Wrong!

xmpp:user@host means "talk to user@host", like mailto:user@host xmpp://user@host means "access host as user", like http://user@host

wgreenhouse, then the equivalent (join a MUC) is xmpp:room@host?join

> Wrong! aha

> wgreenhouse, then the equivalent (join a MUC) is xmpp:room@host?join yeah, I knew this, I misunderstood the intent of the xmpp:// scheme until Zash's further explanation a moment ago

finally xmpp://you@yourhost/me@myhost would be "contact me from yourhost"

On some platforms where you can't deal with xmpp:user@host a hacky workaround like xmpp:///user@host was used iirc

as in, the authority part is empty there

Hello, we have the first interest of a project (?) for the XSF fiscal host from Thilo Molitor who is the lead developer of Monal. The question is, how would it be working right now? We accept it, then we have a XSF account, we define a code and if that suits to the project we will transfer the money to a specified account, e.g. Thilo Molitor?

@board, if that needs mire discussion I would like to ask to put it to the upcoming agenda

emus: they create a profile on Open Collective. Whenever someone donates, the money goes into the xsf bank account. Whenever they take the money out to pay for something it is paid out of the xsf account using their balance.The xsf does the accounting and what not.

The website stuff needs to be merged before it can actually be enabled on open collective though

ok thx

Is the process described in the PR

havent had time to read yet

Huh, the new fiscal host page also did the HTTP complaint thing for me, but that one is definitely not cached.

Is anyone else here on Open Collective (and can you take a screenshot for me from an account that's not an administrator on the XSF one)?

Oh, nevermind, the button still exists if you're not logged in, it's just in a different place. Weird.

whoop, finally finished the dynamic setup guides for all OSes \o/