Re: [jdev] Displaying presence from contacts with multiple resources
* Matthew Wild[2018-04-19 16:12]: > If you've implemented a client, I'm curious to learn how you chose to > determine what presence to show for a contact if they have multiple > resources with different 'show' states (e.g. one is just available, > and one is dnd). That's a great question. It would make sense to have "dnd" override any other setting, as yout typically don't want to disturb a person on any of the channels if this setting is configured. Some implementations order by resource priority, which is not very helpful to users, IMO. I'd suggest to use the following sort order: - dnd - chat - available - away - xa With ties resolved by using the client priority (or maybe the length of the status message - the longer one wins. This actually does make sense if you only have configured a status message on one client). Georg signature.asc Description: PGP signature ___ JDev mailing list Info: https://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org ___
Re: [jdev] XMPP Software Developers: Action Required
* Goffi[2017-03-23 16:24]: > Will we have a reminder before the deadline? I'm pretty sure I'll forget. Currently there is no automatic reminder process. I'm not sure if it would be a good idea or not. It might encourage developers to reapply out of a habit, despite having an outdated and unmaintained software. Also there is no infrastructure for this in place yet. > Also is the deadline the same for everybody (1st of May every year), or is it > subscription date + 1 year? The deadline is `last_renewed` + 13 months for each entry, so it is possible to have acyclic projects. Of course you can just bump the timestamp on all projects you maintain at the same time to reduce the hassle. Georg signature.asc Description: PGP signature ___ JDev mailing list Info: https://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org ___
[jdev] XMPP Software Developers: Action Required
Dear XMPP software authors, The XSF provides a public list of XMPP implementations[0] on its website. For this list to be useful, it should contain up-to-date information about up-to-date software. To achieve this, the XSF Board has decided that all implementations have to reapply once per year, to ensure that they are still actively maintained and that the listed info is accurate. This is a purely formal process, though we encourage implementors to follow the current compliance suites. If you have an entry in one of the lists, please create a pull request as desribed in the README[1] before the 1st of May 2017. There is an example commit[2] that can be used as a reference. Software that is not updated until that date will be automatically removed from the listing. Alternatively, you can ask in the jdev MUC[3] for a manual update of your listing. Please also ensure that you repeat this step in the following years. Thank you for observing all safety precautions. Georg Lukas, on behalf of the XSF Board [0] https://xmpp.org/software [1] https://github.com/xsf/xmpp.org/blob/master/data/README.rst [2] https://github.com/xsf/xmpp.org/commit/8724430ff702bab98865ef2338cd392c277a71ee [3] xmpp:j...@conference.jabber.org?join signature.asc Description: PGP signature ___ JDev mailing list Info: https://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org ___
[jdev] CVE-2017-5589+ Multiple XMPP Clients User Impersonation Vulnerability
m/moxl/commit/838b0a42efc3b67cc17d63e25ae1d0ea849cd89 b - 2017-01-31 Notification of Debian Security Team - 2017-02-01 Release of profanity 0.4.7.patch1 and 0.5.0.patch1 (backports of the fix) - 2017-02-01 Release of Converse.js 1.07 and 2.05 fix commit: https://github.com/jcbrand/converse.js/commit/42f249cabbbf5c026398e6d3b350f6 f9536ea572 - 2017-02-05 Release of Jitsi 2.10 fix commit: https://github.com/jitsi/jitsi/commit/7d66da61b316c9480b63000f831b6de723b873 15 - 2017-02-08 Release of Zom 1.0.12 fix commit: https://github.com/zom/Zom-iOS/commit/880051eaa8ba32d1b257c87a7d8798a93561bf d3 - 2017-02-09 Publication of this advisory Acknowledgements - Daniel Gultsch for CVE-2015-8688: Gajim Roster Push Attack / Message Interception[1] - Sam Whited for CVE-2016-9928 (same as above in mcabber)[2] - Thijs Alkemade for being an awesome XMPP security researcher (and for proof-reading this)[3] Links - [0] https://xmpp.org/extensions/xep-0280.html [1] https://gultsch.de/gajim_roster_push_and_message_interception.html [2] http://www.openwall.com/lists/oss-security/2016/12/09/5 [3] https://blog.thijsalkema.de/ HTML version of advisory: https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/ PDF version of advisory: https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbon s.pdf -- Dr.-Ing. Georg Lukas rt-solutions.de GmbH Oberländer Ufer 190a D-50968 Köln Tel. : (+49)221 93724 16 Fax : (+49)221 93724 50 Mobil: (+49)179 4176591 Web : www.rt-solutions.de rt-solutions.de experts you can trust. Sitz der Gesellschaft: Köln Eingetragen beim Amtsgericht Köln: HRB 52645 Geschäftsführer: Prof. Dr. Ralf Schumann, Dr. Stefan Schemmer smime.p7s Description: S/MIME cryptographic signature ___ JDev mailing list Info: https://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org ___