On 02.07.2018 09:47, Georg Lukas wrote:
> * Sam Whited [2018-06-24 17:19]:
>> On Sat, Jun 23, 2018, at 06:24, Tedd Sterr wrote:
>>> 3) Advance XEP-0363: HTTP File Upload
>>> Georg: [pending]
> +1, if we add a clear statement about potentially malicious uploads
> running in the context of your web
* Sam Whited [2018-06-24 17:19]:
> On Sat, Jun 23, 2018, at 06:24, Tedd Sterr wrote:
> > 3) Advance XEP-0363: HTTP File Upload
> > Georg: [pending]
> A few notes on the security section:
>
> - I wonder if it's worth either specifying that content-type sniffing by the
> client is not allowed,
I think being informed of the server's retention policy is definitely useful;
the server already returns a 'max-file-size' as part of its disco reply, so it
should be simple to include a 'file-expires-time' value indication the number
of seconds before which the file is automatically deleted.
> FWIW, since I was one of those (if there even were multiple) who made a joke
> about that, I want to make sure it’s received as a joke, too.
Yes, all in jest, don't worry.
You'll be hearing from my lawyer!
___
Standards mailing list
Info:
Wed, 27 Jun 2018 09:34:02 +0200
Goffi wrote:
> It would be even better to be able to list existing files and delete
> them on request, but this can be done in a separated XEP.
As someone already mentions here (or in another list/chat), a user may
not want a server to keep tracking their files,
Hi,
after pushing on standard@ on this point because I had not feedback, I'll
try to explain better why it's important to have expiration date.
For now, when we use HTTP Upload, we blindly upload a file on a server,
with no clue for the time of retention, how to delete it, or even to list
On Samstag, 23. Juni 2018 13:28:54 CEST Tedd Sterr wrote:
> Contrary to vicious rumours floating around, I have no interest in
> supplanting Dave's position as Chair. With only a few hours remaining and
> no agenda forthcoming, I thought a meeting with some agenda would be better
> than with none
On Sat, 23 Jun 2018, 12:24 Tedd Sterr, wrote:
> http://logs.xmpp.org/council/2018-06-20/#15:00:27
>
> *1) Roll Call and Sandwich Orders*
> Present: Kev, Sam, Daniel
> Stuck in endless meetings: Dave
> Deep under-cover behind enemy lines: Georg
>
So... I wasn't stuck in meetings this time,
On Sat, Jun 23, 2018, at 06:24, Tedd Sterr wrote:
> 3) Advance XEP-0363: HTTP File Upload
> Kev: [on-list] (without the agenda in advance, failed to look at this
> again)
> Sam: [on-list] (still nervous about the http headers stuff being too
> restrictive)
> Daniel: +1
> Dave: [pending]
> Georg:
> On Stream Compression: as TLS is pretty much a requirement now and it already
> does compression (unless explicitly disabled), wouldn't that make Stream
> Compression surplus to requirements at this point?
Nevermind; support for compression is dropped from TLS as of version 1.3, for
security
Hi,
Le samedi 23 juin 2018, 13:24:22 CEST Tedd Sterr a écrit :
> 3) Advance XEP-0363: HTTP File Upload
> Kev: [on-list] (without the agenda in advance, failed to look at this
> again) Sam: [on-list] (still nervous about the http headers stuff being
> too restrictive) Daniel: +1
> Dave: [pending]
On Sat, Jun 23, 2018 at 11:28:54AM +, Tedd Sterr wrote:
> On Stream Compression: as TLS is pretty much a requirement now and it
> already does compression (unless explicitly disabled), wouldn't that
> make Stream Compression surplus to requirements at this point?
It is explicitly disabled and
Contrary to vicious rumours floating around, I have no interest in supplanting
Dave's position as Chair.
With only a few hours remaining and no agenda forthcoming, I thought a meeting
with some agenda would be better than with none - and the agenda is largely
straightforward.
Why was
http://logs.xmpp.org/council/2018-06-20/#15:00:27
1) Roll Call and Sandwich Orders
Present: Kev, Sam, Daniel
Stuck in endless meetings: Dave
Deep under-cover behind enemy lines: Georg
2) Isn't it nice that Tedd Sterr does the agenda?
[It's a dirty job, but somebody should do it.]
3) Advance
14 matches
Mail list logo