-
Daniel
What's the process for becoming editor again? Do I need board approval?
-
Daniel
@board please decide on me becoming an Editor
- Guus brings out the moose antlers, honey and oven gloves.
-
Daniel
> You could mention occupant-id Done. https://gultsch.de/files/xep-0333.html
-
lovetox
š great thanks
-
lovetox
Daniel: about avatar conversion. Why open?
-
Daniel
lovetox: because vcard is open
-
lovetox
Ah I thought for a moment my roster contacts cannot get it then if it's not open
-
lovetox
But they would use pub anyway
-
lovetox
But would it not anyway simply better to write into the exp that pubusb model needs to be taken into consideration
-
lovetox
Then fixing it to open✎ -
lovetox
Than fixing it to open ✏
-
Daniel
I mean it kinda said that. 'clients should put up appropriate warnings' or something. But that didn't pass Last Call
-
Daniel
Fwiw conversion only if access model is open is what prosody has been doing since always
-
lovetox
What I mean is that a legacy client which supports only vcard can not get my vcard anymore
-
lovetox
Because you forbid the conversion with this xep
-
lovetox
Although he is in my roster
-
lovetox
And has subscription
-
Daniel
Yes and no. It means that if you don't want to make your pep node open you can not use the xep
-
Daniel
And have to publish your vcard separately
-
lovetox
I see no reason for this limitation
-
lovetox
It's also not implemented in servers that way I'm pretty sure
-
lovetox
Servers take into consideration the pubusb access model. And I see no reason why this is something bad.
-
Daniel
What you are describing means that I'm denying access to the vcard for people who have previously been able to access the vcard
-
Daniel
Just because this conversation xep is active (and my avatar Pep node is not open)
-
Daniel
I find that odd. That's not something the xep should just be able to do
-
lovetox
i thought thats exactly what you do here with that open clause
-
lovetox
i have a roster contact, with a legacy client, he is able to view my vcard, furhter he is able to see my pep avatar because it set to "presence"
-
Daniel
There are two possible approaches. A) Check on access of the vcard b) check when uploading the pep avatar
-
lovetox
now i activate this XEP on the server, suddenly all my legacy roster contact lose access to the vcard
-
Daniel
No what ever has been in the vcard before stays there
-
Daniel
It's just that the conversion isn't happening
-
lovetox
thats madness in my opinion
-
lovetox
like .. no indication for the client if a conversation on the server happens or not
-
lovetox
did you talk with server implementations if this is really implemented that way?
-
lovetox
that they have two storages and have conversion process going
-
lovetox
as i understood it they store the pep avatar in pep storage, and convert on demand and checking the pubsub access model
-
lovetox
there is no second storage, which means this XEP would force them to add a second storage, and then different things could end up in both storages?
-
lovetox
maybe some server implementors can give a feedback here, but sounds all very not nice to me
-
Daniel
> there is no second storage, which means this XEP would force them to add a second storage, and then different things could end up in both storages? Im under the impression that this is pretty much what is currently happening
-
MattJ
IIRC we just have one storage, yeah (PEP)
-
MattJ
I can check in a bit when I'm at my laptop
-
lovetox
ok, so what the XEP says MattJ, is now you need a second storage, because the conversion is only allowed under certain conditions, and Daniel exepcts clients to publish a avatar separatley to the vcard storage in these cases
-
lovetox
My opinion is the XEp should simply say "When answering Vcard Avatar requests, the pubsub model must be taken into consideration"
-
lovetox
it bolts basically a access model on top of the avatar field inside a vcard
-
pep.
Well there's a single storage if you use the vcard4 and vcard_legacy modules because that's what they use? the "vcard" module used something else right?
-
MattJ
Right. There is no conversion at all then, though.
-
Daniel
> My opinion is the XEp should simply say "When answering Vcard Avatar requests, the pubsub model must be taken into consideration" I think that's a valid approach. However it's not the approach this XEP has taken (which I belive reflected what implementations have been doing)
-
Daniel
In that case the xep needs to be retracted
-
Daniel
In favor of a 'answer vcard requests by mixing in PEP information' xep
-
lovetox
is this not an overreaction? the xep does not mention pubsub model in its current form, now server implementations added the sensible privacy feature that if a client publishes to PEP, the vcard request adhears to PEP access model rules, As the client and user would expect when setting the PEP access model.
-
lovetox
why would this not fine with the current form of the XEP?
-
Daniel
What I can tell you is that the xep in the current form didn't pass Last Call
-
lovetox
ah ok it was rejected, and they wanted you to add this?
-
lovetox
sorry didnt get the history
-
lovetox
anyway i think i said enough, i give others the possibility to state their opinion
-
Daniel
I think both 'copy' and 'feed from the same source' are valid approaches. This xep is build around the copy idea
-
lovetox
last sentence from me: The implementations currently in the wild work *good* as a client dev i didnt waste time on this topic in a long time, it simply works. Please lets not make it worse
-
edhelas
https://github.com/fabiang/sasl/issues/12#issuecomment-1983224432
-
edhelas
The last question is actually valid, the "ordering" of the list is I assume alphabetically ?
-
MattJ
https://xmpp.org/extensions/xep-0474.html#hash
-
MattJ
> Note: All sorting operations MUST be performed using "i;octet" collation as specified in Section 9.3 of RFC 4790 [9].
-
singpolyma
If i understand correctly i agree with lovetox vcard conversion with single storage and you get whichever things access model says you can get. But also it's all for legacy anyway so I'm not super worried since the only place i still use vcard anything is much avatars✎ -
singpolyma
If i understand correctly i agree with lovetox vcard conversion with single storage and you get whichever things access model says you can get. But also it's all for legacy anyway so I'm not super worried since the only place i still use vcard anything is muc avatars ✏
-
Daniel
I should point out that, even though both approaches are valid, they both have their own quirks. If you suddenly start doing access checks on vcard access - and leave your pep access model at default - you will break vcard access through muc
-
Daniel
Which is as you correctly point out the primary place where vcard is still used
-
singpolyma
Is that not true either way? If avatar is not open MUC should not see it. Unless you simehow have presence sub with a MUC š
-
Daniel
there are minor differences between the two
-
moparisthebest
That's solved by the "set a different vcard per muc" XEP that someone still has to write
-
MSavoritias fae.ve
why does it have to be that specific and we cant have instead a generic permission model that you can pick the entity to expose a specific vcard to?
-
MSavoritias fae.ve
or wait this is another limitation of vcard?
-
moparisthebest
Write it and find out! š
-
MSavoritias fae.ve
lol if nobody else gets around to that by the time i need to implement profiles in my library/app sure :P
-
Daniel
fwiw my goal is to get a XEP that is seemingly widely deployed https://compliance.conversations.im/test/xep0398/ and part of the compliance suite out of the deferred state. not write a different xep that fixes all of our avatar related issues
-
moparisthebest
For sure, that's what I meant with my comment, other avatar problems are better solved with other XEPs
-
singpolyma
I think the only concern is speccing what is deployed and not something incompatible
-
Daniel
yes I think we need clarification on what servers are doing. I was under the impression that prosody is doing what the new draft of the XEP says. due to comments like this: https://github.com/iNPUTmice/Conversations/issues/3289#issuecomment-441433477
-
Daniel
OK. I read some source code and I guess I was mistaken
-
Daniel
Probably best to retract the xep then
-
singpolyma
Why not just edit it?
-
Daniel
I think the entire premise is different to what prosody implements
-
singpolyma
I doubt it's entirely different, but even if so can we not just make it say the ridht thing instead of having yet another dead duplicate numberM✎ -
singpolyma
I doubt it's entirely different, but even if so can we not just make it say the ridht thing instead of having yet another dead duplicate number? ✏
-
singpolyma
Are we not just talking about wording for security considerations? I'm not sure how it's so different
-
Daniel
I don't think we are just talking about security considerations
-
MattJ
My understanding is that the main purpose of the XEP, like the bookmark conversion ones, is to define a feature so that the client knows if the server implements automatic conversion
-
MattJ
Otherwise the client might decide to duplicate info between vcard/PEP "manually" to keep them in sync
-
singpolyma
Does any client actually do that?
-
Zash
or use only the older thing
-
MattJ
No idea. Servers have implemented conversion for some time AFAIK, so it may be deemed unnecessary these days for sure.
-
Kev
Pretty sure Swift is still doing vcard.
-
Kev
(Just as an answer to Zash)
-
Daniel
Btw MattJ since I was reading to source code shouldn't https://hg.prosody.im/trunk/file/tip/plugins/mod_vcard_legacy.lua#l329 do access control too?
-
Daniel
Otherwise you leak the hash to parties who shouldn't have access to the avatar
-
Zash
Daniel, that's a one-time check prior to broadcast. is the hash sensitive enough that it's worth doing the access check n=roster items times?
-
Daniel
Zash: depends. I guess if you already know the user you can confirm it's the same user that's in a muc
-
Daniel
And or track users across mucs
-
Daniel
I mean the premise of the module is that avatars are sensitive enough to be hidden behind access control. If one agrees with that premise that surely also involves the hash
-
Daniel
You could do the presence injection only if the node is open. If you wanted to keep a one time look up
-
Zash
I'm not sure I would call that the premise of the module. It just seemed natural to respect the PEP access controls, but for that hash it's messy
-
singpolyma
Messier than access control on pep notifications?
-
Zash
Because the presence is constructed ahead of time
-
lovetox
I just read the introduction of XEP 0398, and as i understand it now the only goal of this XEP was that we dont have to upload avatars into two storages because XEP0084 is not retriveable via MUC.
-
lovetox
So to edit it now and add a sentence that essentially means, if you dont want to use "open" on your PEP node, then you still have to use 2 storages, goes against the initial intended goal of the XEP
-
lovetox
Main Goal is, Use 0084 for upload, use 0153 to retrieve
-
singpolyma
Surely you can fetch pep via MUC. But you don't get +notify to know about changes which is the main thing still uring vcard-temp avatar for
-
lovetox
what was exactly the problem why this did not go through last call, last time?
-
stpeter
ding ding ding
-
Zash
As I see it, the goal of mod_vcard_legacy is to become obsolete and get deleted.
-
lovetox
"If a user uploads his avatar via PEP with a access model X, this access model is to be respected when serving avatars via VCard" I dont see how this sentence breaks something for anyone
- MattJ waves
-
stpeter
Which Board members do we have online for the meeting right now?
-
stpeter
https://wiki.xmpp.org/web/Board-Meeting-2024-03-07
-
stpeter
@emus @nicola are you here?
-
stpeter
I would not be surprised if @ralphm is not able to join.
-
pep.
You know the "@" is likely not to make mentions work right :P
-
pep.
Depending on how regex are written
-
pep.
(Also why we need that mentions spec..)
-
nicola
> @emus @nicola are you here? Yes, I am
-
stpeter
OK, we have a quorum then.
-
stpeter
pep.: :shrug:
-
stpeter
Matt J: would you like to run the meeting or shall I?
-
MattJ
If you would please, I'm on mobile so typing will be less efficient than usual
-
stpeter
OK!
- stpeter bangs the gavel
-
stpeter
Call to order! :-) We have Matthew, Nicola, and Peter here. Eddie and Ralph absent at least to start.
-
stpeter
Returning businessā¦.
-
stpeter
(a) Anything new about the editor role, related tooling, etc.?
-
MattJ
No news from the tooling side that I'm aware of, though there were recent discussions about the future of the Deferred status
-
MattJ
I think that just needs someone to write up a proposal if we want to consider it
-
singpolyma
> @board please decide on me becoming an Editor Said Daniel
-
MattJ
Oh yes
-
stpeter
It seems we go back and forth on Deferred, with no significant energy either way.
-
stpeter
+1 to Daniel!
-
nicola
+1
-
MattJ
The most interesting thing to me would be removal of the automatic transition, because it impacts (specifically, simplifies) tooling
-
MattJ
+1 to Daniel
-
emus
sorry, I missed the meeting
-
singpolyma
I had a PR about editor tooling open durng summit I don't know if that needs review still or what
-
stpeter
emus: weāre just starting
-
nicola
> The most interesting thing to me would be removal of the automatic transition, because it impacts (specifically, simplifies) tooling I agree
-
MattJ
singpolyma: ah, missed that
-
stpeter
MattJ: ah, interesting. Simplify, simplify! ;-)
-
emus
Im not sure if I can participate. i have one or two aob
-
stpeter
The challenge in the past was that we had more XEPs seemingly under active consideration than was really the case.
-
stpeter
emus: please mention your AOBs and weāll add them at the end
-
singpolyma
I just made tne script able to auto do actions, with the idea that editor can run that like the do the current script and if all goes well it's trivial to make a GitHub action (which im willing to write
-
MattJ
Basically we have a bunch of stuff marked as deferred that is actually in active use. Sometimes we have reasons for that, sometimes we've just not been on the ball about advancing them. There was a suggestion that making "deferred" a conscious move would be better.
-
emus
stpeter: ok
-
MattJ
Daniel has been doing some work to get some of those XEPs advanced, which is great
-
stpeter
Excellent. Thanks, Daniel!
-
stpeter
MattJ: I see. I have no objections to that.
-
stpeter
So we need to find someone who can be āvoluntoldā to write up a proposal. š
-
MattJ
š
-
stpeter
Likely we were following IETF practice, but they have way more Internet-Drafts than we have XEPs.
-
pep.
What to do of currently Deferred documents? Leave them as is?
-
stpeter
I will look at it and think about writing the XEP.
-
pep.
Fix typos for those we care about?
-
emus
- Topic 1: Paying two twitter accounts or deprecate. I vote for deprecate. on the other side we have new money - Topic 2: Trello --> Github projects function? - Info: Outreachy does not accept umbrella organisations
-
stpeter
pep. not sure - letās see what the proposal looks like, but thatās something that needs to be considered.
-
stpeter
emus: OK
-
stpeter
moving on to the next item then? Daniel is on the Editor team, I might write the Deferred proposal
-
stpeter
(b) infrastructure situation
-
stpeter
Any news here?
-
MattJ
No news since last month
-
stpeter
OK
-
stpeter
moving on then š
-
stpeter
(c) sponsors
-
stpeter
Weāve done a great job of getting more sponsors on board, thanks to everyone who has helped with that!
-
stpeter
A few of them are still in progress.
-
stpeter
And big thanks to Isode for sponsoring the Summit.
-
emus
šš
-
nicola
Great!
-
stpeter
If we can keep up this level of sponsorship (with annual renewals) then your Treasurer will be much more comfortable. :-)
-
stpeter
Moving on again, then, to New Business.
-
stpeter
(a) GSOC
-
stpeter
Thanks to Eddie for getting us into GSOC again.
-
emus
Accepted, 7 ideas, 3 clients
-
stpeter
emus: is there anything you need from us?
-
nicola
> Accepted, 7 ideas, 3 clients š
-
emus
stpeter: just advertise where you can, also offlie
-
emus
offlline
-
stpeter
OK
-
stpeter
emus: what is the deadline?
-
stpeter
(our internal deadline for people to submit ideas)
-
emus
16th
-
emus
ahh 16th +1w
-
stpeter
OK, thanks.
-
emus
i think
-
stpeter
So folks should poke their developer friends.
-
stpeter
Moving on again. I like short meetings. ;-)
-
stpeter
New (b) explicitly pseudonymous authors of XEPs
-
emus
https://jabbers.one:5281/file_share/YWWvBsXyX_4wa5U4WSAA5hTF/zb2rhYPCCQJLjAUnC6Uox3iDHuzXf7gbCD4Jz2yvarG2WQw6n.jpg
-
stpeter
The Editor team has received a new XEP contribution from someone who explicitly told us he operates under a pseudonym.
-
stpeter
We donāt actually check peopleās legal status / name when they contribute a spec.
-
stpeter
e.g., for IPR assignment
-
stpeter
And weāve never done that.
-
stpeter
Itās not as if there is a legal contract involved.
-
stpeter
The author merely says āhere, itās now the XSFās IPRā
-
Kev
That's not exactly true.
-
Kev
There is an explicit IP grant step.
-
stpeter
So I donāt have a problem accepting this contribution.
-
Kev
That GitHub checks for us, and when it's not received via GitHub that the Editor does manually by mail.
-
stpeter
Right, but the author doesnāt sign a contract with their legal name with notarization and all that.
-
Kev
Because Board decided that doing what you describe wasn't sufficient a couple of years ago.
-
Kev
IIRC
-
stpeter
Yes, there is an explicit grant, but we donāt check the personās identity.
-
stpeter
And we never have.
-
MattJ
I'm fine to continue with that
-
pep.
IP grant steps are done everyday with CLAs or DCOs without any means of legal identity verification
-
Kev
No, indeed, but I've been told in the past (by lawyers) that email is fine to be considered a contract-in-writing.
-
Kev
At least, that was what I understood from it.
-
nicola
> No, indeed, but I've been told in the past (by lawyers) that email is fine to be considered a contract-in-writing. I agree š
-
stpeter
pep.: yes, most open-source projects do it that way, there are all sorts of nicks/handles/ contributing.
-
pep.
As long as the author is reachable..
-
pep.
(which isn't the case of some of the XEPs' authors, note)✎ -
pep.
(which isn't the case of some of the XEPs' authors, note, even though they may have used their legal names) ✏
-
stpeter
Kev mentioned another potential concern, which is that a pseudonymous author might be less reachable or less inclined to move the document forward, but we have other ways of handling that situation (e.g., assign co-author).
-
stpeter
Right.
-
Kev
> mentioned another potential concern, which is that a pseudonymous author might be less reachable or less inclined to move the document forward, but we have other ways of handling that situation (e.g., assign co-author). Did I? I thought that was someone else, but maybe it was me.
-
stpeter
Canāt recall. Could have been someone else.
-
Kev
(I have to duck out again now. I don't care which way it goes, but I'm noting that we *do* require people to grant IP explicitly, and so what I was mostly wanting was that Board was happy/not happy that that was still valid when it happens under a pseudonym, in whichever legal regions we have to care about)
-
Kev
Answers on a post card to Editor please :)
-
stpeter
In any case, what Iām seeing is that Nicola and I are fine with accepting this XEP. And I think Matthew as well if I understand the reference of his statement above āIām fine to continue with that.ā
-
stpeter
Kev: yep, will do, thanks. :-)
-
nicola
> In any case, what Iām seeing is that Nicola and I are fine with accepting this XEP. And I think Matthew as well if I understand the reference of his statement above āIām fine to continue with that.ā Yes
-
MattJ
Yes, happy to accept this XEP and pseudonymous authors
-
stpeter
OK!
-
emus
It would be one step towards being more open
-
stpeter
We have quorum, decision made, Iāll post something about this somewhere to memorialize it.
-
stpeter
emus: are you OK with this, too?
-
stpeter
Moving along to āAny Other Businessāā¦
-
stpeter
emus raised the following AOBs above: - Topic 1: Paying two twitter accounts or deprecate. I vote for deprecate. on the other side we have new money - Topic 2: Trello --> Github projects function? - Info: Outreachy does not accept umbrella organisations
-
emus
> emus: are you OK with this, too? yes ↺
-
stpeter
(1) I thought we had decided to pay for 12 months while we sort out where to move our social media presence.
-
nicola
> emus raised the following AOBs above: > > - Topic 1: Paying two twitter accounts or deprecate. I vote for deprecate. on the other side we have new money > - Topic 2: Trello --> Github projects function? > - Info: Outreachy does not accept umbrella organisations I agree with Topic1 and 2
-
stpeter
emus: read, thanks.
-
stpeter
s/read/great/
-
emus
> (1) I thought we had decided to pay for 12 months while we sort out where to move our social media presence. Yes, but according to twitter I must pay my remote account as well ↺
-
stpeter
ah
-
nicola
Sorry I meant that I prefer to deprecate
-
emus
we can test and kev starts to party for the main one and see if it requires me to pay as well
-
stpeter
Iām fine with deprecating, personally! But then I got off Twitter in 2016. Ten years was enough for me. ;-)
-
stpeter
emus: sure, whatever you think makes sense is fine with me.
-
nicola
> Iām fine with deprecating, personally! But then I got off Twitter in 2016. Ten years was enough for me. ;-) I see š
-
MattJ
As before, my preference is to deprecate that account, but ralphm felt strongly about this in the past so it might be worth discussing when he is around
-
stpeter
MattJ: noted
-
MattJ
Or we just abandon the tweetdeck approach
-
stpeter
Letās discuss via email or in next monthās meeting. I donāt see a hurry here, unless emus says our access will be cut off.
-
stpeter
nod
-
stpeter
As to Trello->GitHub, that seems sensible (this way we donāt have things spread around on different services).
-
emus
On twitter: Just saying its unmaintainable.this way. I cannot do reach out to Kev all the time and its quite a burden
-
nicola
> As to Trello->GitHub, that seems sensible (this way we donāt have things spread around on different services). If we use it ok, otherwise ā¦
-
MattJ
I'm fine with that, but we haven't really been using Trello for years
-
stpeter
emus: Yes, thatās crazy. š
-
stpeter
MattJ: true, so this is perhaps a non-decision.
-
stpeter
But we might want to remove the Trello board to reduce confusion (I donāt even know who controls it now).
-
emus
+1 but extract if there are still valid topics listed
-
nicola
Shall we think about it and postpone the decision to the next board?
-
stpeter
emus: what I see is, let us know what you need/want re Twitter/X and weāll support you - but before turning off the account we should talk with Ralph.
-
stpeter
nicola: yes
-
stpeter
emus: please send a note to the board@ or members@ list about Trello so we can have a look (I donāt recall what the URL is for our board there).
-
stpeter
OK, any other AOBs?
-
MattJ
None here
-
stpeter
Date of Next Meeting. This should be 2024-04-04 (the first Thursday in April). I can create a wiki page with the agenda.
-
nicola
> Date of Next Meeting. This should be 2024-04-04 (the first Thursday in April). I can create a wiki page with the agenda. Ok. Thank you everyone
-
stpeter
Hearing no more agenda items, I move that we adjourn. Second?
-
MattJ
Seconded
- stpeter bangs the gavel
-
stpeter
Thanks, all!
-
MattJ
Thanks stpeter š
-
stpeter
My pleasure!
-
nicola
Thank stpeter
-
stpeter
Now back to our regularly scheduled technical programmingā¦ ;-)
-
Daniel
Btw I just checked the ejabberd source code and I'm pretty sure it copies the avatar on write from one storage to another. Which is different to what prosody is doing. (which is synthesizing the vcard on access). So I'm not sure I'm comfortable rewriting the xep to what prosody is doing
-
emus
thanks all
-
MattJ
One reason we did it the way we do is to honour access control on the vcard info, even if you have clients supporting only legacy vcard
-
MattJ
Otherwise it's weird, and having two copies of the same data (that can get out of sync, sometimes) is also weird
-
Daniel
It's not that I dislike prosodys approach. But I think the difference (essentially when access control happens) is more than just an implementaional difference
-
MattJ
For Snikket we expose the access control, and I don't want to have to explain to users that it only affects the visibility of their profile to *some* other entities
-
MattJ
Neither do I particularly want to just remove vcard-temp (for interop)
-
Daniel
And the xep was certainly written with the intent to spec out what ejabberd is doing.
-
MattJ
Can the XEP cover both use cases? As I said earlier, I thought the main value was the client knowing it didn't need to publish the data twiilce
-
Daniel
Not saying it's good that the xep is that way. But that makes me uncomfortable changing the xep
-
MattJ
"If the server stores the data in both places separately, here's how"
-
MattJ
We did that with 0191/0016
-
Daniel
> Can the XEP cover both use cases? As I said earlier, I thought the main value was the client knowing it didn't need to publish the data twiilce Not with providing clear and accurate security considerations I think
-
MattJ
So should Prosody not advertise the feature?
-
MattJ
That seems like a step backwards
-
Daniel
Idk if you think you currently implemt 0398 we can also publish it as is
-
Daniel
And only slightly modify the existing security considerations to remove the 'in the future' wording and replace it with 'services may'
-
MattJ
As lovetox said, from a client perspective, "it works"
-
Zash
I wonder when we can sunset vcard-temp completely
-
stpeter
Hey, it was always supposed to be ātempā
-
MattJ
At least it wasn't called simple-vcard-temp
-
Zash
temporary the way the earth is?
-
Zash
https://xkcd.com/1606/
-
MSavoritias fae.ve
we can depreceate it and then its done :)
-
MSavoritias fae.ve
deprecate*
-
Daniel
see the new 5.2 section and the slightly updated security considerations https://gultsch.de/files/xep-0398.html
-
lovetox
sounds good, so does ejabberd check the pep access? or does it simply serve the avatar to everyone that requests vcard
-
lovetox
because i would consider this a leak
-
lovetox
this XEP introduced a privacy leak when not correctly implemented, clients who always only published to PEP with access presence, suddenly would have there avatar public when requested via vcard. I think Daniels intention with the XEP edit now, was to make it clear to servers that this leak must not happen. Thas why he added the rule, that avatar must only be sent via vcard if model is "open". what i proposed is simply to make it not stricly open, rather say "honor the pep access model". I still dont understand how "open" can be ok with the XEP intention but "honor the pep access model" is not
-
lovetox
it was not my intention to get everything out of the XEP about the access model, there is a privacy leak risk here which should be mitigated with wording in the XEP
-
lovetox
Now your proposal talks about different ways to implement the storage, and now we have different rules per storage? why would it be allowed for ejabberd to have this privacy leak, just because they decided to copy avatars around
-
Daniel
We have two very different implementations that both claim to be compatible. I can't write security considerations that are strict and keep both implementions in compliance
-
moparisthebest
Write them strict then fix the ejabberd impl
-
lovetox
just so it be noted, i never checked the ejabberd impl, and dont know if they consider the access model
-
lovetox
Daniel checked the code, and i asked if he saw something
-
Daniel
> this XEP introduced a privacy leak The xep (as published on xmpp.org) says so
-
singpolyma
I think maybe security considerations can say "note that many vcard-temp implementations historically have not used any access control, so care should be taken if the pep node access model is not open" or such?
-
Zash
I would note that the Prosody module defaults to open, so it would behave as with the old vcard module until the user interacts directly with PEP and sets some other access model, which is then respected. Seemed the sensible thing to do back then.
-
Daniel
If the xep has no clear security considerations and is written broadly enough to allow for both the prosody and the ejabberd approach then I'm not really sure what we need the xep for
-
Zash
It's a transition helper, ultimately it should all become obsolete and leave us in a glorious PEP-only paradise, right? :)
-
Zash
So maybe we don't need to worry too much about it
-
Daniel
Right. Servers do _something sensible_ no xep required
-
Zash
The XEP doesn't say anything about merging in other PEP nodes like vcard4 or nickname, right? Only avatar?
-
Daniel
Yes only avatar
-
Daniel
I don't dislike the idea of writing down what prosody does in xep form
-
Daniel
Like a 'virtual vcard' xep
-
Zash
Tho parts of it can be squint-derived from the vcard4 xep.
-
Daniel
Which two parts?
-
Zash
https://xmpp.org/extensions/xep-0292.html#mapping
-
Zash
But not in the same way of 398
-
Zash
('Tho' = 'Although')
-
Zash
Reading 398 and going with a single source of truth method where data is stored in a canonical form in PEP, moving out the rest of the vcard data into vcard4 seemed sensible, but we never got around to a XEP about that.
-
Daniel
Zash: if I publish a vcard4 with a photo will it store that in the avatar node (and remove it from vcard4)
-
Zash
if you publish to vcard4 then it's just regular pubsub
-
Zash
I would recommend against putting a photo in vcard4, since we have the separate pep node for that
-
Daniel
Well yes but vcard4 can have a photo (and nicks) so you'd be duplicating information again
-
Zash
having a public avatar but contact-only profile details was a thing I personally wanted
-
singpolyma
> Zash: if I publish a vcard4 with a photo will it store that in the avatar node (and remove it from vcard4) Would be nice ↺
-
singpolyma
Pep nick has always felt redundant to me
-
Zash
I think it would be nice if we just offer generic PEP and don't have to do anything special
-
Zash
Hence the module translating to/from vcard-temp but storing vcard4+pep avatar (and also mod_bookmarks doing a similar thing)
-
Zash
So when all the clients have moved to the PEP native method, these translation layers can be turned off.
-
lovetox
> Well yes but vcard4 can have a photo (and nicks) so you'd be duplicating information again i dont think we need to think about that, a client is not forced to do this at all
-
lovetox
vcard is vcard, we didnt invent it, and it has a million things in it, no problem with that
-
lovetox
we have a better way to store avatars, and client devs know about it, really there own problem if they decide they need to put it into vcard
-
lovetox
same with nickname, we have different nodes on pubsub for different kind of data, everything is nicely separated with the additional nice thing, that we can also use different access model on different data
-
lovetox
i really see no problem we need to solve here that merges server side different data into one
-
lovetox
XEP0398 was a helper so we can transition to pubsub with avatar, without losing avatar in MUCs
-
lovetox
thats about it, im not aware of another problem which needs solving in that regard (vcard/nickname/avatar)
-
Zash
Sorry I never finished the vcard4 PR adding some words of discourangement for including pictures.
-
lovetox
no need really, every developer will get it rather fast
-
lovetox
we have compliance specs ect, and they probably all mention avatars
-
goffi
https://vin01.github.io/piptagole/security-tools/soar/urlscan/hybrid-analysis/data-leaks/urlscan.io/cloudflare-radar%22/2024/03/07/url-database-leaks-private-urls.html ==> could this affect HTTP Upload links? Those links are not supposed to be handled outside of chat room by XMPP clients, but how can we be sure that there is not a proxy or whatever CDN somewhere in the middle? When e2ee is used, it should not be a problem though.
-
lovetox
yes if e2e is not used, middleman can steal your data, i dont think we can do something about it
-
goffi
We could add a password in HTTP header (or use Jingle).
-
moparisthebest
Is that about people being surprised that when they send links to 3rd party services that the 3rd party services have the links then? Yikes... Stop hitting yourself
-
moparisthebest
goffi: http has user/pass auth standardized, but also this isn't a problem unless clients are sending URLs to third parties and then no amount of passwords will help e2e uploads are protected from CDNs/middleboxes at least
-
goffi
moparisthebest: my concern is more about not being aware of third party being used (your XMPP provider use a CDN, your web client does URL analysis, or whatever). But I realise that there is authorization header already in HTTP Upload, I remembered it wrongly as not allowed. So this is fine.
-
singpolyma
assuming you don't also expose that header to whatever third party :)
-
goffi
yeah sure. Anyway if you really want your file to be safe, use proper e2ee. I was mostly concerned about the file link shared on the casual unencrypted private conversation being accidentally exposed.
-
goffi
And if we can't totally avoid that, we can at least add some foolproof.
-
Daniel
You can also send the encryption key to third parties if you want to
-
singpolyma
so many options!