XSF Discussion - 2022-04-05

  1. emus

    The XMPP Newsletter for March '22 is out! Many thanks to all who contributed! Read about last month's activities in the XMPP community and the development of the specifications (XEP)! Enjoy reading! 📰 ☕ https://xmpp.org/2022/04/the-xmpp-newsletter-march-2022/ Toot: https://fosstodon.org/web/@xmpp/108081220463585550 Tweet: https://twitter.com/xmpp/status/1511432207818280970

  2. moparisthebest

    excellent work yet again emus

  3. Zash


  4. emus


  5. mjk


  6. emus

    Any know knows a way to size images alike: ![JMP Cheogram](/images/newsletter/2022-03/cheogram-screenshot.png "JMP Cheogram") I want to fix the size to eg. 600 px width

  7. emus

    so that HTML piece here will recognize it: <p><img src="https://xmpp.org/images/newsletter/2022-03/cheogram-screenshot.png" alt="JMP Cheogram" title="JMP Cheogram"></p>

  8. moparisthebest

    how to resize them? I usually use `convert` from imagemagick on the command line

  9. moparisthebest

    poll: If you ask XMPP client devs in xsf@ and jdev@ to contact you about a vulnerability via email or XMPP, do you think most contacts will be via: 1. XMPP 2. email (it's not even close btw, it's a landslide)

  10. emus

    I'm confused but nevermind

  11. Sam

    I would assume email, just because it's longer form and it's going to be easier to describe the issue?

  12. emus

    From my experience many blog away foreigners and never reply on their JID

  13. emus

    so +1 email

  14. moparisthebest

    I *would* have said XMPP but it was email indeed

  15. moparisthebest

    like 2 vs ... 7 or something? I lost track of the emails

  16. Holger

    Also email has better support for generic security@ addresses as opposed to communicating with alice@ individually. But in this specific case (XMPP client devs) probably not the point.

  17. emus

    Anyway, so we have somthing like security@xmpp.org ?

  18. emus

    I think it would be good to provide the option

  19. Zash

    Don't we already have that?

  20. emus

    I thought so.. wait

  21. emus

    if so, it should be here: https://xmpp.org/contact/

  22. moparisthebest

    what would it do? triage bugs that affect the whole ecosystem ?

  23. Zash

    maybe I'm thinking of something else tho

  24. moparisthebest

    or just bugs with XEPs or ?

  25. moparisthebest

    I've found both in the last month or so :'(

  26. emus

    Did anyone subscribed to the XMPP newsletter via mail received anything?

  27. MattJ

    emus, yes, but went to spam (Gmail)

  28. MattJ

    Welcome to self-hosting mailing lists :)

  29. MattJ

    and yes, the protonmail address was in the "From"

  30. Zash

    And you know that's just a free form text field where you can put anything, right? (modulo some pile of RFCs you have to opt-in to for email to approach a fraction of XMPPs strictly sane security and symetry)

  31. moparisthebest

    unfortunately the alternative isn't much better https://techcrunch.com/2022/04/04/mailchimp-internal-tool-breach/

  32. Zash

    _the_ alternative, you mean farming potatoes? vastly superior

  33. moparisthebest

    unfortunately that has problems too https://en.wikipedia.org/wiki/Potato_blight

  34. emus

    > MattJ escribió: > and yes, the protonmail address was in the "From" Ok, what do you recommend to do?

  35. MattJ

    Sleep :)

  36. emus

    😅 you want the sender to be XMPP Newsletter?

  37. rq77

    thank you for newsletter emus :)

  38. emus

    rq77: Sure, but remind its also done with support of others

  39. emus

    rq77: have you sibscribed via mail?

  40. rq77


  41. emus