Re: [jdev] Displaying presence from contacts with multiple resources

2018-04-19 Thread Georg Lukas 
* Matthew Wild  [2018-04-19 16:12]:
> If you've implemented a client, I'm curious to learn how you chose to
> determine what presence to show for a contact if they have multiple
> resources with different 'show' states (e.g. one is just available,
> and one is dnd).

That's a great question. It would make sense to have "dnd" override any
other setting, as yout typically don't want to disturb a person on any
of the channels if this setting is configured.

Some implementations order by resource priority, which is not very
helpful to users, IMO.

I'd suggest to use the following sort order:

- dnd
- chat
- available
- away
- xa

With ties resolved by using the client priority (or maybe the length of
the status message - the longer one wins. This actually does make sense
if you only have configured a status message on one client).


Georg


signature.asc
Description: PGP signature
___
JDev mailing list
Info: https://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: jdev-unsubscr...@jabber.org
___

Re: [jdev] XMPP Software Developers: Action Required

2017-03-23 Thread Georg Lukas 
* Goffi  [2017-03-23 16:24]:
> Will we have a reminder before the deadline? I'm pretty sure I'll forget.

Currently there is no automatic reminder process. I'm not sure if it
would be a good idea or not. It might encourage developers to reapply
out of a habit, despite having an outdated and unmaintained software.
Also there is no infrastructure for this in place yet.

> Also is the deadline the same for everybody (1st of May every year), or is it 
> subscription date + 1 year?

The deadline is `last_renewed` + 13 months for each entry, so it is
possible to have acyclic projects. Of course you can just bump the
timestamp on all projects you maintain at the same time to reduce the
hassle.


Georg


signature.asc
Description: PGP signature
___
JDev mailing list
Info: https://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: jdev-unsubscr...@jabber.org
___

[jdev] XMPP Software Developers: Action Required

2017-03-23 Thread Georg Lukas 
Dear XMPP software authors,

The XSF provides a public list of XMPP implementations[0] on its
website. For this list to be useful, it should contain up-to-date
information about up-to-date software.

To achieve this, the XSF Board has decided that all implementations have
to reapply once per year, to ensure that they are still actively
maintained and that the listed info is accurate. This is a purely formal
process, though we encourage implementors to follow the current compliance
suites.

If you have an entry in one of the lists, please create a pull request
as desribed in the README[1] before the 1st of May 2017. There is an example
commit[2] that can be used as a reference. Software that is not updated until
that date will be automatically removed from the listing. Alternatively, you
can ask in the jdev MUC[3] for a manual update of your listing.

Please also ensure that you repeat this step in the following years.

Thank you for observing all safety precautions.


Georg Lukas, on behalf of the XSF Board

[0] https://xmpp.org/software
[1] https://github.com/xsf/xmpp.org/blob/master/data/README.rst
[2] 
https://github.com/xsf/xmpp.org/commit/8724430ff702bab98865ef2338cd392c277a71ee
[3] xmpp:j...@conference.jabber.org?join


signature.asc
Description: PGP signature
___
JDev mailing list
Info: https://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: jdev-unsubscr...@jabber.org
___

[jdev] CVE-2017-5589+ Multiple XMPP Clients User Impersonation Vulnerability

2017-02-09 Thread Georg Lukas 
m/moxl/commit/838b0a42efc3b67cc17d63e25ae1d0ea849cd89
b
  - 2017-01-31 Notification of Debian Security Team
  - 2017-02-01 Release of profanity 0.4.7.patch1 and 0.5.0.patch1 (backports
of the fix)
  - 2017-02-01 Release of Converse.js 1.07 and 2.05
fix commit:
https://github.com/jcbrand/converse.js/commit/42f249cabbbf5c026398e6d3b350f6
f9536ea572
  - 2017-02-05 Release of Jitsi 2.10
fix commit:
https://github.com/jitsi/jitsi/commit/7d66da61b316c9480b63000f831b6de723b873
15
  - 2017-02-08 Release of Zom 1.0.12
fix commit:
https://github.com/zom/Zom-iOS/commit/880051eaa8ba32d1b257c87a7d8798a93561bf
d3
  - 2017-02-09 Publication of this advisory

Acknowledgements


  - Daniel Gultsch for CVE-2015-8688: Gajim Roster Push Attack / Message
Interception[1]
  - Sam Whited for CVE-2016-9928 (same as above in mcabber)[2]
  - Thijs Alkemade for being an awesome XMPP security researcher (and
for proof-reading this)[3]

Links
-

[0] https://xmpp.org/extensions/xep-0280.html
[1] https://gultsch.de/gajim_roster_push_and_message_interception.html
[2] http://www.openwall.com/lists/oss-security/2016/12/09/5
[3] https://blog.thijsalkema.de/

HTML version of advisory:
https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/

PDF version of advisory:
https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbon
s.pdf


-- 
Dr.-Ing. Georg Lukas
rt-solutions.de GmbH
Oberländer Ufer 190a
D-50968 Köln

Tel. : (+49)221 93724 16
Fax : (+49)221 93724 50
Mobil: (+49)179 4176591
Web : www.rt-solutions.de
rt-solutions.de
experts you can trust.

Sitz der Gesellschaft: Köln
Eingetragen beim Amtsgericht Köln: HRB 52645
Geschäftsführer: Prof. Dr. Ralf Schumann, Dr. Stefan Schemmer


smime.p7s
Description: S/MIME cryptographic signature
___
JDev mailing list
Info: https://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: jdev-unsubscr...@jabber.org
___