Am Fr., 9. Nov. 2018 um 10:29 Uhr schrieb Matthew Wild <[email protected]>: > There are a couple of issues with this section of XEP-0045: > https://xmpp.org/extensions/xep-0045.html#modifymember > > In particular, I think this text was squeezed in at a later date:
Probably yes. > Firstly, I think that although it says this behaviour is conditional > on the room being members-only, I think it should more correctly be > conditional on the room being non-anonymous. Otherwise JIDs of other > users are leaked through this mechanism, even if the room is > semi-anonymous. Implementing the behaviour as defined will cause an > unexpected privacy leak for anyone who configured their room so that > JIDs are visible to "moderators only" (as per XEP-0045 config form > wording). Yes > With that out of the way, I think the MUC should additionally allow > requesting the admin and owner lists (again, only if the room is > non-anonymous and already reveals the JIDs of occupants). There is > little point in the described feature if it is not able to retrieve > the full list of affiliated users. Yes > I believe ejabberd already implements what I wrote above, Yes > planning to implement the same logic in Prosody. Cool, please do. Although I assumed it does so already. cheers Daniel _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
