From dbanes at cleartext.com Fri May 1 01:16:29 2009 From: dbanes at cleartext.com (David Banes) Date: Fri, 1 May 2009 16:16:29 +1000 Subject: [Members] XMPP Meetup in Sydney Australia Message-ID: Excuse the cross post but I'm working towards an XMPP meet up in Sydney (and Melbourne if I can get the numbers). Details here, inspired by the San Fran group :) http://www.meetup.com/Sydney-XMPP-Meetup/ Please let anyone you know in Australia know about this. regards, David. David Banes Director & CEO, Cleartext Director & Secretary, Internet Industry Association Director & Chairman, XMPP Standards Foundation email: dbanes at cleartext.com xmpp: dbanes at cleartext.com Tel: +61 2 8001 2600 - Cleartext is Carbon Minimised - NEW SERVICE LAUNCH - Social Networking over XMPP -- http://www.cleartext.com/social/ -------------------------------------------------------------------------------------------------------- Email Filtering by Cleartext a Carbon Minimised company - www.cleartext.com -------------------------------------------------------------------------------------------------------- From stpeter at stpeter.im Fri May 1 10:59:32 2009 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Fri, 01 May 2009 09:59:32 -0600 Subject: [Members] XMPP Meetup in Sydney Australia In-Reply-To: References: Message-ID: <49FB1C64.6030208@stpeter.im> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/1/09 12:16 AM, David Banes wrote: > Excuse the cross post but I'm working towards an XMPP meet up in Sydney > (and Melbourne if I can get the numbers). > > Details here, inspired by the San Fran group :) > > http://www.meetup.com/Sydney-XMPP-Meetup/ Super! Let's post about this at blog.xmpp.org -- you should have an account there IIRC. :) /psa -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkn7HGQACgkQNL8k5A2w/vzFqQCeIH/p/tI0NxAXGXkJkTjDmg9r XswAnj5RrVntxV8J0t0VU1MNVNN5pSBF =spg4 -----END PGP SIGNATURE----- From alexey.melnikov at isode.com Fri May 1 18:58:29 2009 From: alexey.melnikov at isode.com (Alexey Melnikov) Date: Sat, 02 May 2009 00:58:29 +0100 Subject: [Members] OFFICIAL MEETING ANNOUNCEMENT In-Reply-To: <49F21EA4.9030807@ag-software.de> References: <49F21EA4.9030807@ag-software.de> Message-ID: <49FB8CA5.1090307@isode.com> Alexander Gnauck wrote: > I've started proxy voting via xmpp:memberbot at jabber.org on the > membership applications listed here: > > http://wiki.xmpp.org/web/Membership_Applications_April_2009 > > I propose that we continue the proxy voting until the close of > business on May 10th and hold a meeting on May 11th to formally > approve the voting results. As a side note: it would have been nice if it were possible to vote something other than 0 or 1 for people. I wish I can vote 0.5 in some cases. From stpeter at stpeter.im Sat May 2 08:35:16 2009 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Sat, 02 May 2009 07:35:16 -0600 Subject: [Members] OFFICIAL MEETING ANNOUNCEMENT In-Reply-To: <49FB8CA5.1090307@isode.com> References: <49F21EA4.9030807@ag-software.de> <49FB8CA5.1090307@isode.com> Message-ID: <49FC4C14.1030300@stpeter.im> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/1/09 5:58 PM, Alexey Melnikov wrote: > Alexander Gnauck wrote: > >> I've started proxy voting via xmpp:memberbot at jabber.org on the >> membership applications listed here: >> >> http://wiki.xmpp.org/web/Membership_Applications_April_2009 >> >> I propose that we continue the proxy voting until the close of >> business on May 10th and hold a meeting on May 11th to formally >> approve the voting results. > > As a side note: it would have been nice if it were possible to vote > something other than 0 or 1 for people. I wish I can vote 0.5 in some > cases. We could do preference order or something like that. But, truly, XSF membership is so meaningless that I don't think it's worth the effort to tweak the voting system. ;-) Elections for Board and Council might be another matter. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkn8TBQACgkQNL8k5A2w/vxY6ACgrsjIvblGNahnfa6xWUK1JgPy yrAAoPW2z20iDpvmIU6ysLW3H9zmD/Ft =hAIW -----END PGP SIGNATURE----- From dbanes at cleartext.com Sun May 3 21:20:36 2009 From: dbanes at cleartext.com (David Banes) Date: Mon, 4 May 2009 12:20:36 +1000 Subject: [Members] XMPP Meetup in Sydney Australia In-Reply-To: <49FB1C64.6030208@stpeter.im> References: <49FB1C64.6030208@stpeter.im> Message-ID: <10B3A86B-0D4D-4FC9-B1A5-D9AB8DD42A59@cleartext.com> On 02/05/2009, at 1:59 AM, Peter Saint-Andre wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 5/1/09 12:16 AM, David Banes wrote: >> Excuse the cross post but I'm working towards an XMPP meet up in >> Sydney >> (and Melbourne if I can get the numbers). >> >> Details here, inspired by the San Fran group :) >> >> http://www.meetup.com/Sydney-XMPP-Meetup/ > > Super! Let's post about this at blog.xmpp.org -- you should have an > account there IIRC. :) > > /psa > Posted at http://blog.xmpp.org/. thnx, David. -------------------------------------------------------------------------------------------------------- Email Filtering by Cleartext a Carbon Minimised company - www.cleartext.com -------------------------------------------------------------------------------------------------------- From dave at cridland.net Tue May 5 04:49:29 2009 From: dave at cridland.net (Dave Cridland) Date: Tue, 05 May 2009 10:49:29 +0100 Subject: [Members] OFFICIAL MEETING ANNOUNCEMENT In-Reply-To: <49FC4C14.1030300@stpeter.im> References: <49F21EA4.9030807@ag-software.de> <49FB8CA5.1090307@isode.com> <49FC4C14.1030300@stpeter.im> Message-ID: <4067.1241516969.508456@puncture> On Sat May 2 14:35:16 2009, Peter Saint-Andre wrote: > We could do preference order or something like that. But, truly, XSF > membership is so meaningless that I don't think it's worth the > effort to > tweak the voting system. ;-) If you were to do voting system tweaks, then range voting is the sensible option, since unlike preference ordering, it defeats Arrow's theorum, from what I recall. (In particular, it eliminates tactical voting). I'd certainly support a review of voting systems, and I'd also be keen to see the same voting system for all elections. Dave. -- Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade From mateusz.bilinski at gmail.com Tue May 5 05:03:26 2009 From: mateusz.bilinski at gmail.com (=?ISO-8859-2?Q?Mateusz_Bili=F1ski?=) Date: Tue, 5 May 2009 12:03:26 +0200 Subject: [Members] OFFICIAL MEETING ANNOUNCEMENT In-Reply-To: <4067.1241516969.508456@puncture> References: <49F21EA4.9030807@ag-software.de> <49FB8CA5.1090307@isode.com> <49FC4C14.1030300@stpeter.im> <4067.1241516969.508456@puncture> Message-ID: <60278bef0905050303g8aaa109hc110e34295e475c0@mail.gmail.com> On Tue, May 5, 2009 at 11:49, Dave Cridland wrote: > On Sat May ?2 14:35:16 2009, Peter Saint-Andre wrote: >> >> We could do preference order or something like that. But, truly, XSF >> membership is so meaningless that I don't think it's worth the effort to >> tweak the voting system. ;-) > > If you were to do voting system tweaks, then range voting is the sensible > option, since unlike preference ordering, it defeats Arrow's theorum, from > what I recall. (In particular, it eliminates tactical voting). > > I'd certainly support a review of voting systems, and I'd also be keen to > see the same voting system for all elections. As new memberbot is still in development it's good time to decide whether non-binary voting should be allowed. If so I'll have to review design as I've done some assumptions about this to make implementation simplier. I don't think this is hard thing to code, but I need to know whether I should at least keep it in mind when implementing memberbot. -- Mateusz Bili?ski From gnauck at ag-software.de Wed May 6 15:12:16 2009 From: gnauck at ag-software.de (Alexander Gnauck) Date: Wed, 06 May 2009 22:12:16 +0200 Subject: [Members] voting update Message-ID: <4A01EF20.3030801@ag-software.de> According to my records the following 29 XSF members had voted via proxy in the current voting period. intosi at ik.nu l-fy at jabber.null.ro dmeyer at jabber.org alexey.melnikov at isode.com edrin at jabber.org bmalkow at malkowscy.net siegle at jabber.org stpeter at jabber.org cking at mumbo.ca hildjj at jabber.org kevin at doomsong.co.uk bct at necronomicorp.com remko at el-tramo.be linuxwolf at outer-planes.net tofu at thetofu.com axelsena at jabber.uww.edu migri at jabber.i-pobox.net admin at im.flosoft.biz tobiasfar at jabber.org fritzy at netflint.net cbas at pandion.be mateusz at bilinski.it nyco at jabber.fr omega at im.apinc.org mwild1 at jaim.at dallasgutauckis at jabber.org wolf.heiner at googlemail.com ff at jabber.bluendo.com js at webkeks.org The XSF has currently 50 members, which means we already have a quorum. If you have not yet voted, please send a message to xmpp:memberbot at jabber.org The meeting particulars are: Date: 2009-05-11 Time: 19:00 UTC Location: xmpp:foundation at conference.jabber.org To convert UTC times to your local time follow this link: http://www.worldtimeserver.com/convert_time_in_UTC.aspx?y=2009&mo=5&d=11&h=19&mn=0 Regards, Alex __ Alexander Gnauck xmpp:gnauck at jabber.org From nathanfritz at gmail.com Mon May 11 16:21:09 2009 From: nathanfritz at gmail.com (Nathan Fritz) Date: Mon, 11 May 2009 14:21:09 -0700 Subject: [Members] First XSF Certificate Meeting Message-ID: <182eea400905111421x5b6bde48gabc38e39c7936496@mail.gmail.com> XSF Members, What: Meeting to start Compliance Certificate process Who: the XSF Members When: Thursday, May 21st at 1800 GMT Where: xmpp:foundation at conference.jabber.org?join Quote: "the XSF is useless -- what's the point of compliance levels without compliance certification?!?" -PSA A couple of years ago, the Council started creating yearly XMPP Client/Server Compliance levels as XEPs (XEP-0211, XEP-0212, XEP-0213, XEP-0216, XEP-0242, XEP-0243) to publish the XSF's expectations for IM servers and clients that claim to be XMPP compliant. While a good first step, these compliance XEPs are worthless without certifications for compliance. These certifications would not be limited to the Council's compliance XEPs, but could include specific XEPs and RFCs. This means that we, the XSF Members, will be responsible for determining which XEPs to create certificates for, gathering tests and criteria for a piece of software to pass a certificate, performing the testing (automated and brute force alike), awarding compliance certificates, and maintaining existing certificates. During next week's meeting we will determine our first set of XEPs to create certificates for, discuss the criteria for awarding certificates in general, and discuss how this should apply to XSF membership. As one of the action items following this meeting, I will call a vote for the XSF members to determine whether we should have a process for awarding compliance certificates. In the meantime, please think about what XEPs we should initially offer as certificates. I propose that XEP-0242, XEP-0243, XEP-0060, and XEP-0163 should be our initial set of certificates, and I will defend that during the meeting. Also, think about what tests you can contribute including automated wire tests that you have access to and methods that you use for manually testing features. We will likely need to make a call out to the greater community for additional automated tests that will help for specific XEPs that we choose to create certificates for. I personally am working on a large test harness for XEP-0060 that I hope to have finished in time for the San Jose Summit. In the end, I hope it will become part of the core responsibilities of the XSF members to develop these certificates, actively test implementations, and award developers for being compliant with specific XEPs. XMPP software developers should reach out to us to get their products certified and we could reach out to software developers to encourage them to get their servers and clients certified. They should be able to display their certification proudly on their product pages. Thanks, Nathan Fritz -------------- next part -------------- An HTML attachment was scrubbed... URL: From coder2000 at gmail.com Mon May 11 16:52:42 2009 From: coder2000 at gmail.com (Dieter Lunn) Date: Mon, 11 May 2009 16:52:42 -0500 Subject: [Members] First XSF Certificate Meeting In-Reply-To: <182eea400905111421x5b6bde48gabc38e39c7936496@mail.gmail.com> References: <182eea400905111421x5b6bde48gabc38e39c7936496@mail.gmail.com> Message-ID: <340b38940905111452t9fff0c3y2eee0551ff5c1ce5@mail.gmail.com> I wholly agree. There should be more for the membership of the XSF to do but look pretty and vote on new members. I will do my best to aid in this effort and get my library ready for certification. Dieter Lunn http://www.coder2000.ca On Mon, May 11, 2009 at 4:21 PM, Nathan Fritz wrote: > XSF Members, > > What: Meeting to start Compliance Certificate process > Who: the XSF Members > When: Thursday, May 21st at 1800 GMT > Where: xmpp:foundation at conference.jabber.org?join > Quote: "the XSF is useless -- what's the point of compliance levels without > compliance certification?!?" -PSA > > A couple of years ago, the Council started creating yearly XMPP > Client/Server Compliance levels as XEPs (XEP-0211, XEP-0212, XEP-0213, > XEP-0216, XEP-0242, XEP-0243) to publish the XSF's expectations for IM > servers and clients that claim to be XMPP compliant. While a good first > step, these compliance XEPs are worthless without certifications for > compliance.? These certifications would not be limited to the Council's > compliance XEPs, but could include specific XEPs and RFCs.? This means that > we, the XSF Members, will be responsible for determining which XEPs to > create certificates for, gathering tests and criteria for a piece of > software to pass a certificate, performing the testing (automated and brute > force alike), awarding compliance certificates, and maintaining existing > certificates.? During next week's meeting we will determine our first set of > XEPs to create certificates for, discuss the criteria for awarding > certificates in general, and discuss how this should apply to XSF > membership.? As one of the action items following this meeting, I will call > a vote for the XSF members to determine whether we should have a process for > awarding compliance certificates. > > In the meantime, please think about what XEPs we should initially offer as > certificates.? I propose that XEP-0242, XEP-0243, XEP-0060, and XEP-0163 > should be our initial set of certificates, and I will defend that during the > meeting.? Also, think about what tests you can contribute including > automated wire tests that you have access to and methods that you use for > manually testing features.? We will likely need to make a call out to the > greater community for additional automated tests that will help for specific > XEPs that we choose to create certificates for.? I personally am working on > a large test harness for XEP-0060 that I hope to have finished in time for > the San Jose Summit. > > In the end, I hope it will become part of the core responsibilities of the > XSF members to develop these certificates, actively test implementations, > and award developers for being compliant with specific XEPs.? XMPP software > developers should reach out to us to get their products certified and we > could reach out to software developers to encourage them to get their > servers and clients certified.? They should be able to display their > certification proudly on their product pages. > > Thanks, > Nathan Fritz > From stpeter at stpeter.im Mon May 11 17:13:49 2009 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Mon, 11 May 2009 16:13:49 -0600 Subject: [Members] First XSF Certificate Meeting In-Reply-To: <182eea400905111421x5b6bde48gabc38e39c7936496@mail.gmail.com> References: <182eea400905111421x5b6bde48gabc38e39c7936496@mail.gmail.com> Message-ID: <4A08A31D.8030806@stpeter.im> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/11/09 3:21 PM, Nathan Fritz wrote: > XSF Members, > > What: Meeting to start Compliance Certificate process "Certificate" makes me think of X.509. Perhaps we could call it "Certification" instead. > Who: the XSF Members > When: Thursday, May 21st at 1800 GMT Added here: http://xmpp.org/xsf/XSF.ics > Where: xmpp:foundation at conference.jabber.org?join > > Quote: "the XSF is useless -- what's the point of compliance levels > without compliance certification?!?" -PSA I was only half-joking. :) > A couple of years ago, the Council started creating yearly XMPP > Client/Server Compliance levels as XEPs (XEP-0211, XEP-0212, XEP-0213, > XEP-0216, XEP-0242, XEP-0243) to publish the XSF's expectations for IM > servers and clients that claim to be XMPP compliant. While a good first > step, these compliance XEPs are worthless without certifications for > compliance. These certifications would not be limited to the Council's > compliance XEPs, but could include specific XEPs and RFCs. This means > that we, the XSF Members, will be responsible for determining which XEPs > to create certificates for, gathering tests and criteria for a piece of > software to pass a certificate, performing the testing (automated and > brute force alike), awarding compliance certificates, and maintaining > existing certificates. During next week's meeting we will determine our > first set of XEPs to create certificates for, discuss the criteria for > awarding certificates in general, and discuss how this should apply to > XSF membership. As one of the action items following this meeting, I > will call a vote for the XSF members to determine whether we should have > a process for awarding compliance certificates. Another action item would be to research open-source testing tools. Perhaps http://www.opensourcetesting.org/ has some useful links. It seems to me that we'd want to develop an extensible approach that enables XSF members and interested others to write their own test sets for XMPP functionality. Something scriptable comes to mind. :) > In the meantime, please think about what XEPs we should initially offer > as certificates. I propose that XEP-0242, XEP-0243, XEP-0060, and > XEP-0163 should be our initial set of certificates, and I will defend > that during the meeting. Also, think about what tests you can > contribute including automated wire tests that you have access to and > methods that you use for manually testing features. We will likely need > to make a call out to the greater community for additional automated > tests that will help for specific XEPs that we choose to create > certificates for. I personally am working on a large test harness for > XEP-0060 that I hope to have finished in time for the San Jose Summit. What's the general approach behind your test harness? > In the end, I hope it will become part of the core responsibilities of > the XSF members to develop these certificates, actively test > implementations, and award developers for being compliant with specific > XEPs. XMPP software developers should reach out to us to get their > products certified and we could reach out to software developers to > encourage them to get their servers and clients certified. They should > be able to display their certification proudly on their product pages. That all sounds wonderful. :) /psa -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoIox0ACgkQNL8k5A2w/vzyHgCcDUiBMWM4kwSZBECSgxJil2Q5 DYYAnAtzpQiR7dwWoI9Sxn6+ua8ARm3s =AxFY -----END PGP SIGNATURE----- From nathanfritz at gmail.com Mon May 11 17:37:30 2009 From: nathanfritz at gmail.com (Nathan Fritz) Date: Mon, 11 May 2009 15:37:30 -0700 Subject: [Members] First XSF Certificate Meeting In-Reply-To: <4A08A31D.8030806@stpeter.im> References: <182eea400905111421x5b6bde48gabc38e39c7936496@mail.gmail.com> <4A08A31D.8030806@stpeter.im> Message-ID: <182eea400905111537u76697ff5i32d3260853a1a074@mail.gmail.com> > "Certificate" makes me think of X.509. Perhaps we could call it > "Certification" instead. What's in a name? Sure, certification is fine. Another action item would be to research open-source testing tools. > Perhaps http://www.opensourcetesting.org/ has some useful links. > > It seems to me that we'd want to develop an extensible approach that > enables XSF members and interested others to write their own test sets > for XMPP functionality. Something scriptable comes to mind. :) > Sure, I think that expecting everyone to contribute to a single harness in a single language would be ideal but is a fantasy. I'll look into opensourcetesting.org. Perhaps expecting specific result from a test harness would allow us to span all of the languages that our members enjoy, but still us to have a unified interface. For example, our harness could run as a webapp, and call individually contributed tests (in various languages) calling each with a standardized configuration XML format, and returning a standardized XML result so that the webapp could display and total the results from disparate tests in a unified way. This seems like a "down the road" idea, and I think we'd be better served by starting without at first. We could work up to it. > What's the general approach behind your test harness? > > Here's something I wrote to explain it to someone else: XMPP Publish-Subscribe Test Harness > > This test harness is designed to assist QA staff in finding bugs, provide > developers with clear goals and tasks to develop against, and build customer > confidence in specification compliance and stability. The harness is > available via command line or website, is cross platform, can email detailed > results, and be automated with a check-in procedure. A configuration file > determines credentials for JIDs to test from, values to test against (for > example, a size of pubsub payload that should cause an ?payload too large > error?) and other values. The test will be scored based on various > compliance levels, as well as a raw pass/fail ratios. This harness is > designed to be applied to other areas of XMPP compliance testing, but is not > a generic test suite for any other wire protocol. > > The following tests will be applied to *each feature* in XEP-0060: > > - Tests that check for proper error responses. > - DTD compliance tests for all incoming and outgoing traffic during > each test. > - Tests from local accounts, federated accounts, and SASL-Anonymous > bound JIDs > - Tests for each node affiliation against every applicable feature. > - Tests that compare bareJIDs, fullJIDs, and federated, local, and > anonymous JIDs in every combination reasonable against every JID field for > every applicable feature. This is different from the tests for testing from > these types of JIDs. > > > Given this thoroughness, the harness could approach 10,000 tests. However, > the vast majority of the tests are variations of sources, jid fields, and > affiliations on a core set of about 200 tests. These variations would be > generated beforehand to a plan script that could be edited and overridden by > hand for subtle exceptions. Tests would be grouped into different > categories like ?owner tests? and ?subscriber tests? and would be further > broken down by individual features. Test variations could be disabled by > execution options for less thorough, quicker testing. Individual tests sets > for a specific feature could also be invoked by the tester. > > Test plan scripts could be distributed to separate servers and instances of > the test harness in order to provide load tests. The execution of these > plans would be coordinated from a single source. Scaling tests could be > done with a plan script that loops through certain tests (like node creation > and subscription tests, following by node publishing and consuming tests), > again potentially coordinated from multiple sources at the same time. > > The test harness would be developed in stages, so as to maximize it's > usefulness before completion. Between any of these steps, a user could > still use the test harness, although obviously with only the previously > developed features. The development stages are as follows: > > 1. Develop core features tests (~200). > 2. Add DTD compliance testing for expected namespaces. > 3. Add detailed logging. > 4. Create test plan generation and execution for test variations. > 5. Create testing groups and features for managing which tests are > executed. > 6. Add reporting for scoring and compliance levels. > 7. Add web interface for executing tests. > 8. Add test coordinator bot for scale and load testing. > > Obviously this is a very ambitious, very thorough test suite, and we could make do without with hand-testing and smaller test suites for most XEPs. This is simply an "ideal" test suite in my mind. We should be making use of those DTDs that you write, after all. -Fritz -------------- next part -------------- An HTML attachment was scrubbed... URL: From stpeter at stpeter.im Mon May 11 17:56:44 2009 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Mon, 11 May 2009 16:56:44 -0600 Subject: [Members] First XSF Certificate Meeting In-Reply-To: <182eea400905111537u76697ff5i32d3260853a1a074@mail.gmail.com> References: <182eea400905111421x5b6bde48gabc38e39c7936496@mail.gmail.com> <4A08A31D.8030806@stpeter.im> <182eea400905111537u76697ff5i32d3260853a1a074@mail.gmail.com> Message-ID: <4A08AD2C.8070904@stpeter.im> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/11/09 4:37 PM, Nathan Fritz wrote: > > "Certificate" makes me think of X.509. Perhaps we could call it > "Certification" instead. > > > What's in a name? Sure, certification is fine. > > Another action item would be to research open-source testing tools. > Perhaps http://www.opensourcetesting.org/ has some useful links. > > It seems to me that we'd want to develop an extensible approach that > enables XSF members and interested others to write their own test sets > for XMPP functionality. Something scriptable comes to mind. :) > > > Sure, I think that expecting everyone to contribute to a single harness > in a single language would be ideal but is a fantasy. I'll look into > opensourcetesting.org . Perhaps expecting > specific result from a test harness would allow us to span all of the > languages that our members enjoy, but still us to have a unified interface. It strikes me that developing something in [insert-language-here] and using that across the board is less of a fantasy than trying to use the same tests with multiple test harnesses in multiple languages. Every serious XMPP project / company I've known has their own testing systems. It's not clear to me if the test cases are tied to the language in which each harness is written. > For example, our harness could run as a webapp, and call individually > contributed tests (in various languages) calling each with a > standardized configuration XML format, and returning a standardized XML > result so that the webapp could display and total the results from > disparate tests in a unified way. This seems like a "down the road" > idea, and I think we'd be better served by starting without at first. > We could work up to it. Possible. But I think we'd need to bootstrap it in a specific language first -- Python, Ruby, C#, Java, Lua, whatever. > What's the general approach behind your test harness? > > > Here's something I wrote to explain it to someone else: > > XMPP Publish-Subscribe Test Harness > > This test harness is designed to assist QA staff in finding bugs, > provide developers with clear goals and tasks to develop against, > and build customer confidence in specification compliance and > stability. The harness is available via command line or website, is > cross platform, can email detailed results, and be automated with a > check-in procedure. A configuration file determines credentials for > JIDs to test from, values to test against (for example, a size of > pubsub payload that should cause an ?payload too large error?) and > other values. The test will be scored based on various compliance > levels, as well as a raw pass/fail ratios. This harness is designed > to be applied to other areas of XMPP compliance testing, but is not > a generic test suite for any other wire protocol. > > The following tests will be applied to *each feature* in XEP-0060: > > * Tests that check for proper error responses. > * DTD compliance tests for all incoming and outgoing traffic > during each test. > * Tests from local accounts, federated accounts, and > SASL-Anonymous bound JIDs > * Tests for each node affiliation against every applicable feature. > * Tests that compare bareJIDs, fullJIDs, and federated, local, > and anonymous JIDs in every combination reasonable against > every JID field for every applicable feature. This is > different from the tests for testing from these types of JIDs. > > > Given this thoroughness, the harness could approach 10,000 tests. > However, the vast majority of the tests are variations of sources, > jid fields, and affiliations on a core set of about 200 tests. > These variations would be generated beforehand to a plan script that > could be edited and overridden by hand for subtle exceptions. Tests > would be grouped into different categories like ?owner tests? and > ?subscriber tests? and would be further broken down by individual > features. Test variations could be disabled by execution options > for less thorough, quicker testing. Individual tests sets for a > specific feature could also be invoked by the tester. What is the difference between "test set" and "test script"? What are these written in? > Test plan scripts could be distributed to separate servers and > instances of the test harness in order to provide load tests. The > execution of these plans would be coordinated from a single source. > Scaling tests could be done with a plan script that loops through > certain tests (like node creation and subscription tests, following > by node publishing and consuming tests), again potentially > coordinated from multiple sources at the same time. > > The test harness would be developed in stages, so as to maximize > it's usefulness before completion. Between any of these steps, a > user could still use the test harness, although obviously with only > the previously developed features. The development stages are as > follows: > > 1. Develop core features tests (~200). > 2. Add DTD compliance testing for expected namespaces. > 3. Add detailed logging. > 4. Create test plan generation and execution for test variations. > 5. Create testing groups and features for managing which tests > are executed. > 6. Add reporting for scoring and compliance levels. > 7. Add web interface for executing tests. > 8. Add test coordinator bot for scale and load testing. > > Obviously this is a very ambitious, very thorough test suite, and we > could make do without with hand-testing and smaller test suites for most > XEPs. This is simply an "ideal" test suite in my mind. Yes, that's quite comprehensive! I like the idea of starting small (immediate bang for the buck) and then we can build outward from there. It'd be really cool to have some of this in place before we work to advance the XMPP RFCs from Proposed Standard to Draft Standard (probably in 2010 or 2011)), because the IETF requires interop reports. We'd blow their doors off with complete testing results like this. :) > We should be > making use of those DTDs that you write, after all. Or W3 XML Schema, or Relax NG -- whatever is easiest to use! Peter Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoIrSwACgkQNL8k5A2w/vxLvwCdELmKSR3lRXFskV78HGBF5PGJ TbUAnR4DKeONkdmj2fYbdwP5eY3gxyhs =ZSii -----END PGP SIGNATURE----- From dbanes at cleartext.com Mon May 11 18:48:45 2009 From: dbanes at cleartext.com (David Banes) Date: Tue, 12 May 2009 09:48:45 +1000 Subject: [Members] First XSF Certificate Meeting In-Reply-To: <182eea400905111421x5b6bde48gabc38e39c7936496@mail.gmail.com> References: <182eea400905111421x5b6bde48gabc38e39c7936496@mail.gmail.com> Message-ID: <80CBB691-C1E8-4E8F-ADF5-D5B9D1C2B8C2@cleartext.com> - Deliberately posted over this message. - Cross posted to the XSF Board list. Can I raise a caution flag here as it occurs to me other email, IM or messaging platforms don't go this far and in my opinion we should avoid doing anything that discourages developers, especially smaller innovative types that are often cash poor, from adopting XMPP. Testing for compliance, and implementing feature sets to comply could become very expensive. We wouldn't want to end up in a situation where only the Microsoft's and Ciscos of the world can afford to get their XMPP solutions certified. This could mean that the smaller innovative developers get shut out of business opportunities even if they may have a 'better' solution. I've seen this happening whilst running a dev team for Symantec. Norton AV often got the big deals based on 'Certifications' when smaller companies often had better technology, but couldn't fund compliance testing and R&D. We might also consider who would be managing and policing such a scheme, this in itself will be expensive as XMPP becomes more popular. This said, I fully support the current scheme as a voluntary opt in. Food for thought. Best regards, David Banes Director & CEO, Cleartext Director & Secretary, Internet Industry Association Director & Chairman, XMPP Standards Foundation email: dbanes at cleartext.com xmpp: dbanes at cleartext.com Tel: +61 2 8001 2600 - Cleartext is Carbon Minimised - On 12/05/2009, at 7:21 AM, Nathan Fritz wrote: > XSF Members, > > What: Meeting to start Compliance Certificate process > Who: the XSF Members > When: Thursday, May 21st at 1800 GMT > Where: xmpp:foundation at conference.jabber.org?join > Quote: "the XSF is useless -- what's the point of compliance levels > without compliance certification?!?" -PSA > > A couple of years ago, the Council started creating yearly XMPP > Client/Server Compliance levels as XEPs (XEP-0211, XEP-0212, > XEP-0213, XEP-0216, XEP-0242, XEP-0243) to publish the XSF's > expectations for IM servers and clients that claim to be XMPP > compliant. While a good first step, these compliance XEPs are > worthless without certifications for compliance. These > certifications would not be limited to the Council's compliance > XEPs, but could include specific XEPs and RFCs. This means that we, > the XSF Members, will be responsible for determining which XEPs to > create certificates for, gathering tests and criteria for a piece of > software to pass a certificate, performing the testing (automated > and brute force alike), awarding compliance certificates, and > maintaining existing certificates. During next week's meeting we > will determine our first set of XEPs to create certificates for, > discuss the criteria for awarding certificates in general, and > discuss how this should apply to XSF membership. As one of the > action items following this meeting, I will call a vote for the XSF > members to determine whether we should have a process for awarding > compliance certificates. > > In the meantime, please think about what XEPs we should initially > offer as certificates. I propose that XEP-0242, XEP-0243, XEP-0060, > and XEP-0163 should be our initial set of certificates, and I will > defend that during the meeting. Also, think about what tests you > can contribute including automated wire tests that you have access > to and methods that you use for manually testing features. We will > likely need to make a call out to the greater community for > additional automated tests that will help for specific XEPs that we > choose to create certificates for. I personally am working on a > large test harness for XEP-0060 that I hope to have finished in time > for the San Jose Summit. > > In the end, I hope it will become part of the core responsibilities > of the XSF members to develop these certificates, actively test > implementations, and award developers for being compliant with > specific XEPs. XMPP software developers should reach out to us to > get their products certified and we could reach out to software > developers to encourage them to get their servers and clients > certified. They should be able to display their certification > proudly on their product pages. > > Thanks, > Nathan Fritz -------------------------------------------------------------------------------------------------------- Email Filtering by Cleartext a Carbon Minimised company - www.cleartext.com -------------------------------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: From nathanfritz at gmail.com Mon May 11 19:22:38 2009 From: nathanfritz at gmail.com (Nathan Fritz) Date: Mon, 11 May 2009 17:22:38 -0700 Subject: [Members] First XSF Certificate Meeting In-Reply-To: <80CBB691-C1E8-4E8F-ADF5-D5B9D1C2B8C2@cleartext.com> References: <182eea400905111421x5b6bde48gabc38e39c7936496@mail.gmail.com> <80CBB691-C1E8-4E8F-ADF5-D5B9D1C2B8C2@cleartext.com> Message-ID: <182eea400905111722p65e0465ega41b3bcd5d26ec3a@mail.gmail.com> On Mon, May 11, 2009 at 4:48 PM, David Banes wrote: > > - Deliberately posted over this message. > - Cross posted to the XSF Board list. > > Can I raise a caution flag here as it occurs to me other email, IM or > messaging platforms don't go this far and in my opinion we should avoid > doing anything that discourages developers, especially smaller innovative > types that are often cash poor, from adopting XMPP. > > Testing for compliance, and implementing feature sets to comply could > become very expensive. We wouldn't want to end up in a situation where only > the Microsoft's and Ciscos of the world can afford to get their XMPP > solutions certified. > > This could mean that the smaller innovative developers get shut out of > business opportunities even if they may have a 'better' solution. > > I've seen this happening whilst running a dev team for Symantec. Norton AV > often got the big deals based on 'Certifications' when smaller companies > often had better technology, but couldn't fund compliance testing and R&D. > > We might also consider who would be managing and policing such a scheme, > this in itself will be expensive as XMPP becomes more popular. > > This said, I fully support the current scheme as a voluntary opt in. > > Food for thought. > > I really don't see this as being a problem short term. In the long term, here's how I see things working (keep in mind, we've got a long way to go to get there): We would have a webapp on xmpp.org that a server or client developer could register with and fill in some configuration values for their development server. They could run any test they want to, for free. This provides a huge time savings, and thus cost savings for the small developer, because they have tests to develop against. If they pass all of the automated tests for a particular certificate, they could then fill out an application for the XSF members to take time to certify their compliance. The XSF would, based on their own priorities, work through the list of applicants. Maybe donations would effect the XSF's priorities and maybe not. I could see this system breaking down as XMPP gets more and more popular, and we simply do not have enough members/time to make a significant dent in the application list. In the long, long, long term, perhaps the XSF members wouldn't be enough to keep up with demand for certification. I don't really see it as being an issue in the next couple of years though. The way I see it is that this can be a huge service for server developers, big and small, that the XSF can provider to proliferate adoption. -Fritz -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnauck at ag-software.de Tue May 12 01:28:37 2009 From: gnauck at ag-software.de (Alexander Gnauck) Date: Tue, 12 May 2009 08:28:37 +0200 Subject: [Members] First XSF Certificate Meeting In-Reply-To: <182eea400905111722p65e0465ega41b3bcd5d26ec3a@mail.gmail.com> References: <182eea400905111421x5b6bde48gabc38e39c7936496@mail.gmail.com> <80CBB691-C1E8-4E8F-ADF5-D5B9D1C2B8C2@cleartext.com> <182eea400905111722p65e0465ega41b3bcd5d26ec3a@mail.gmail.com> Message-ID: I like the idea of a webapp. And something like http://validator.w3.org/ comes to my mind. It should be easy to use like the W3C validators. Then also users of a software can run tests and point the server or client developers to errors. But I think such a test suite for XMPP is a big challenge to code. Alex -- Alexander Gnauck http://www.ag-software.de xmpp:gnauck at jabber.org From gnauck at ag-software.de Tue May 12 07:25:07 2009 From: gnauck at ag-software.de (Alexander Gnauck) Date: Tue, 12 May 2009 14:25:07 +0200 Subject: [Members] voting results Message-ID: FYI, the voting results are here: http://xmpp.org/xsf/members/meetings/2009-05-11.shtml The meeting log is here: http://logs.jabber.org/foundation at conference.jabber.org/2009-05-11.html All new and returning members were accepted. @ new members Feel free to say hello to the list and introduce yourself. I will add your Jids in the days to memberbot at jabber.org which is our voting application. So accept the subscription request if you get one. Regards, Alex -- Alexander Gnauck xmpp:gnauck at jabber.org From stpeter at stpeter.im Tue May 12 09:35:36 2009 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Tue, 12 May 2009 08:35:36 -0600 Subject: [Members] First XSF Certificate Meeting In-Reply-To: References: <182eea400905111421x5b6bde48gabc38e39c7936496@mail.gmail.com> <80CBB691-C1E8-4E8F-ADF5-D5B9D1C2B8C2@cleartext.com> <182eea400905111722p65e0465ega41b3bcd5d26ec3a@mail.gmail.com> Message-ID: <4A098938.6070400@stpeter.im> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/12/09 12:28 AM, Alexander Gnauck wrote: > I like the idea of a webapp. And something like > http://validator.w3.org/ comes to my mind. It should be easy to use > like the W3C validators. Then also users of a software can run tests > and point the server or client developers to errors. > > But I think such a test suite for XMPP is a big challenge to code. Agreed. It's a huge project. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoJiTgACgkQNL8k5A2w/vwSNQCgyKUagLwopTXhUuEOjewvBGvb sS4AoKvklRtVtzuDuiiGAxynbIUR5XUJ =WhQo -----END PGP SIGNATURE----- From stpeter at stpeter.im Tue May 12 09:44:45 2009 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Tue, 12 May 2009 08:44:45 -0600 Subject: [Members] First XSF Certificate Meeting In-Reply-To: <80CBB691-C1E8-4E8F-ADF5-D5B9D1C2B8C2@cleartext.com> References: <182eea400905111421x5b6bde48gabc38e39c7936496@mail.gmail.com> <80CBB691-C1E8-4E8F-ADF5-D5B9D1C2B8C2@cleartext.com> Message-ID: <4A098B5D.3090207@stpeter.im> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/11/09 5:48 PM, David Banes wrote: > Can I raise a caution flag here as it occurs to me other email, IM or > messaging platforms don't go this far Perhaps that's why at least for IM and VoIP they don't have very good interoperability. > and in my opinion we should avoid > doing anything that discourages developers, especially smaller > innovative types that are often cash poor, from adopting XMPP. How does an automated testing tool discourage developers? I think it makes their lives easier. > Testing for compliance, and implementing feature sets to comply could > become very expensive. We wouldn't want to end up in a situation where > only the Microsoft's and Ciscos of the world can afford to get their > XMPP solutions certified. I don't think that will be the case. In fact, I think this would level the playing field even more, because currently only the really dedicated vendors have in-house protocol testing suites. > This could mean that the smaller innovative developers get shut out of > business opportunities even if they may have a 'better' solution. I don't see that. > I've seen this happening whilst running a dev team for Symantec. Norton > AV often got the big deals based on 'Certifications' when smaller > companies often had better technology, but couldn't > fund compliance testing and R&D. The community would be funding the compliance testing, not big companies. > We might also consider who would be managing and policing such a scheme, > this in itself will be expensive as XMPP becomes more popular. How much policing is involved with something like validator.w3.org?? > This said, I fully support the current scheme as a voluntary opt in. This entire effort is envisioned as voluntary. /psa -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoJi10ACgkQNL8k5A2w/vxonQCdGHKaJjUHmcUZ4rgKnIs9TuKp IY4AoJVRoEyQSrFyx3DCWPhpMDub6GkF =IpJD -----END PGP SIGNATURE----- From safasofuoglu at gmail.com Wed May 13 02:59:43 2009 From: safasofuoglu at gmail.com (Safa) Date: Wed, 13 May 2009 10:59:43 +0300 Subject: [Members] voting results In-Reply-To: References: Message-ID: <8f384a460905130059j357918bsab181abd2fe46aa2@mail.gmail.com> Hello everyone, I am Safa Sofuo?lu, XMPP summer of code student of 2008. You can read more in my application if you haven't already: http://wiki.xmpp.org/web/Safa_Sofuoglu_Application_2009 Until now I've mostly done BOSH-related work. I am happy to be elected as a member, and excited to meet everyone here. Feel free to contact me through email/jabber (safasofuoglu at gmail.com) Thanks, Safa 2009/5/12 Alexander Gnauck > FYI, the voting results are here: > http://xmpp.org/xsf/members/meetings/2009-05-11.shtml > > The meeting log is here: > http://logs.jabber.org/foundation at conference.jabber.org/2009-05-11.html > > All new and returning members were accepted. > > @ new members > Feel free to say hello to the list and introduce yourself. > I will add your Jids in the days to memberbot at jabber.org which is our > voting application. So accept the subscription request if you get one. > > Regards, > Alex > -- > Alexander Gnauck > xmpp:gnauck at jabber.org > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alexey.melnikov at isode.com Wed May 13 10:16:09 2009 From: alexey.melnikov at isode.com (Alexey Melnikov) Date: Wed, 13 May 2009 16:16:09 +0100 Subject: [Members] First XSF Certificate Meeting In-Reply-To: <4A08AD2C.8070904@stpeter.im> References: <182eea400905111421x5b6bde48gabc38e39c7936496@mail.gmail.com> <4A08A31D.8030806@stpeter.im> <182eea400905111537u76697ff5i32d3260853a1a074@mail.gmail.com> <4A08AD2C.8070904@stpeter.im> Message-ID: <4A0AE439.1050304@isode.com> Peter Saint-Andre wrote: >It'd be really cool to have some of this in place before we work to >advance the XMPP RFCs from Proposed Standard to Draft Standard (probably >in 2010 or 2011)), because the IETF requires interop reports. We'd blow >their doors off with complete testing results like this. :) > > Yes, I am sure IESG will be very impressed. From stpeter at stpeter.im Tue May 19 16:43:43 2009 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Tue, 19 May 2009 15:43:43 -0600 Subject: [Members] PayPal links Message-ID: <4A13280F.9010605@stpeter.im> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 BTW, I have added PayPal links to all the XMPP CA pages, such as the following: http://xmpp.org/ca/issuance.shtml Currently it is not free for us to generate certificates via StartCom (and I don't think it ever would be free), so it seems appropriate to ask for a donation when someone receives a certificate that otherwise might cost them hundreds of dollars a year. :) Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoTKA4ACgkQNL8k5A2w/vznAwCgosAkEksYbbxABbQF7Ladvemu Hn4AoNr0Q3vC8O20MJKfV7TlT5QwSsSE =dQU3 -----END PGP SIGNATURE----- From arcriley at gmail.com Tue May 19 18:57:07 2009 From: arcriley at gmail.com (Arc Riley) Date: Tue, 19 May 2009 19:57:07 -0400 Subject: [Members] PayPal links In-Reply-To: <4A13280F.9010605@stpeter.im> References: <4A13280F.9010605@stpeter.im> Message-ID: Please consider providing a Google Checkout or other method to receive donations, most take a smaller cut as Paypal and are better with user privacy. On Tue, May 19, 2009 at 5:43 PM, Peter Saint-Andre wrote: > > BTW, I have added PayPal links to all the XMPP CA pages, such as the > following: > > http://xmpp.org/ca/issuance.shtml > > Currently it is not free for us to generate certificates via StartCom > (and I don't think it ever would be free), so it seems appropriate to > ask for a donation when someone receives a certificate that otherwise > might cost them hundreds of dollars a year. :) > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From stpeter at stpeter.im Tue May 19 20:27:29 2009 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Tue, 19 May 2009 19:27:29 -0600 Subject: [Members] PayPal links In-Reply-To: References: <4A13280F.9010605@stpeter.im> Message-ID: <4A135C81.1030701@stpeter.im> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/19/09 5:57 PM, Arc Riley wrote: > Please consider providing a Google Checkout or other method to receive > donations, most take a smaller cut as Paypal and are better with user > privacy. If I had my way we'd use Pecunix or some other gold-based system. ;-) http://pecunix.com/ But these systems are not yet mainstream... Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoTXIEACgkQNL8k5A2w/vx8lQCeLa1vVxS0Q364jsd5rVSzO4yC Rj4AoMEq9ZitCpGBa8G+Z1shSlDLW1+G =5jsi -----END PGP SIGNATURE----- From coder2000 at gmail.com Tue May 19 21:23:26 2009 From: coder2000 at gmail.com (Dieter Lunn) Date: Tue, 19 May 2009 21:23:26 -0500 Subject: [Members] PayPal links In-Reply-To: <4A135C81.1030701@stpeter.im> References: <4A13280F.9010605@stpeter.im> <4A135C81.1030701@stpeter.im> Message-ID: <8AF0A4C3-C446-48CF-B9F5-B932109DD972@gmail.com> I think paypal is fine. There are only so many payment options available and unless you want to use pledgie. Sent from my iPod On May 19, 2009, at 8:27 PM, Peter Saint-Andre wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 5/19/09 5:57 PM, Arc Riley wrote: >> Please consider providing a Google Checkout or other method to >> receive >> donations, most take a smaller cut as Paypal and are better with user >> privacy. > > If I had my way we'd use Pecunix or some other gold-based system. ;-) > > http://pecunix.com/ > > But these systems are not yet mainstream... > > Peter > > - -- > Peter Saint-Andre > https://stpeter.im/ > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkoTXIEACgkQNL8k5A2w/vx8lQCeLa1vVxS0Q364jsd5rVSzO4yC > Rj4AoMEq9ZitCpGBa8G+Z1shSlDLW1+G > =5jsi > -----END PGP SIGNATURE----- From js-xmpp-members at webkeks.org Wed May 20 09:46:22 2009 From: js-xmpp-members at webkeks.org (Jonathan Schleifer) Date: Wed, 20 May 2009 16:46:22 +0200 Subject: [Members] PayPal links In-Reply-To: <4A13280F.9010605@stpeter.im> References: <4A13280F.9010605@stpeter.im> Message-ID: Am 19.05.2009 um 23:43 schrieb Peter Saint-Andre: > Currently it is not free for us to generate certificates via StartCom > (and I don't think it ever would be free) I wonder if this is a good idea for the foundation of a free, decentralized protocol to support a single, specific company (which is all but embracing being decentralized). I think if we really spend money for certs, we should try to be decentralized there as well and have agreements with other companies as well. > so it seems appropriate to > ask for a donation when someone receives a certificate that otherwise > might cost them hundreds of dollars a year. :) Well, the cert you get is not really comparable to the certs they sell :/. If you want to use your XMPP StartCom Cert for example for your website as well, you will get a warning in every browser, as they use a different Root CA for that. So it's as useful as using some other service that's free, but not listed in the Root CAs of the 4 big browsers. This is the reason why I went back to CACert after trying the XMPP StartCom Cert, since the CACert Root CA will most likely be included in the next Firefox version while the XMPP StartCom Root CA most likely never will. Or did they change the Root CA for the XMPP Certs now? -- Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 801 bytes Desc: Signierter Teil der Nachricht URL: From stpeter at stpeter.im Wed May 20 10:10:58 2009 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Wed, 20 May 2009 09:10:58 -0600 Subject: [Members] PayPal links In-Reply-To: References: <4A13280F.9010605@stpeter.im> Message-ID: <4A141D82.2070103@stpeter.im> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/20/09 8:46 AM, Jonathan Schleifer wrote: > Am 19.05.2009 um 23:43 schrieb Peter Saint-Andre: > >> Currently it is not free for us to generate certificates via StartCom >> (and I don't think it ever would be free) > > I wonder if this is a good idea for the foundation of a free, > decentralized protocol to support a single, specific company (which is > all but embracing being decentralized). I think if we really spend money > for certs, we should try to be decentralized there as well and have > agreements with other companies as well. Feel free to recommend other CAs that would enable us to be an Intermediate CA at a reasonable cost. When I did this research several years ago, there were no such options. No one is forcing anyone to use a cert issued by the XMPP ICA. We are simply making it easier for XMPP server admins to obtain a CA-issued certificate at a reasonable cost (free). In my experience, the vast, vast majority of server operators really appreciate this service. A few people don't, but they are free to buy a cert from VeriSign/Equifax/etc. or to use CAcert. >> so it seems appropriate to >> ask for a donation when someone receives a certificate that otherwise >> might cost them hundreds of dollars a year. :) > > Well, the cert you get is not really comparable to the certs they sell > :/. If you want to use your XMPP StartCom Cert for example for your > website as well, you will get a warning in every browser, as they use a > different Root CA for that. The certs issued by the XMPP ICA are for XMPP services, not HTTP services. That's why it's called the XMPP ICA. > So it's as useful as using some other > service that's free, but not listed in the Root CAs of the 4 big > browsers. The StartCom root is included in Mozilla, OS X, various Linux distros, etc. StartCom is also working hard on inclusion into Windows. > This is the reason why I went back to CACert after trying the > XMPP StartCom Cert, since the CACert Root CA will most likely be > included in the next Firefox version while the XMPP StartCom Root CA > most likely never will. Or did they change the Root CA for the XMPP > Certs now? There are two different StartCom roots, the old one and the new one. We need to transition the XMPP ICA to use the new one. I am not sure which root cert is supported in Mozilla, but I thought it was the old one (the Mozilla folks will need to do the same upgrade we're doing). I can check on this. BTW I thought you didn't care about SSL/TLS anyway, so what's the fuss? Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoUHYIACgkQNL8k5A2w/vyvxQCdFmU6s/5h4k03L95GLTfRY/Nb +mgAnR/mA7RXOczFWNiZdhfnkjwlagNk =CyeJ -----END PGP SIGNATURE----- From js-xmpp-members at webkeks.org Wed May 20 10:19:39 2009 From: js-xmpp-members at webkeks.org (Jonathan Schleifer) Date: Wed, 20 May 2009 17:19:39 +0200 Subject: [Members] PayPal links In-Reply-To: <4A141D82.2070103@stpeter.im> References: <4A13280F.9010605@stpeter.im> <4A141D82.2070103@stpeter.im> Message-ID: Am 20.05.2009 um 17:10 schrieb Peter Saint-Andre: > Feel free to recommend other CAs that would enable us to be an > Intermediate CA at a reasonable cost. When I did this research several > years ago, there were no such options. I have to admit that I haven't looked for this yet. Didn't know the situation is that bad. >> Well, the cert you get is not really comparable to the certs they >> sell >> :/. If you want to use your XMPP StartCom Cert for example for your >> website as well, you will get a warning in every browser, as they >> use a >> different Root CA for that. > > The certs issued by the XMPP ICA are for XMPP services, not HTTP > services. That's why it's called the XMPP ICA. Yeah, but we actually *PAY* StartCom for certs with a RootCA that is listed nowhere. We could have our own RootCA that is listed nowhere as well for free. >> So it's as useful as using some other >> service that's free, but not listed in the Root CAs of the 4 big >> browsers. > > The StartCom root is included in Mozilla, OS X, various Linux distros, > etc. StartCom is also working hard on inclusion into Windows. Last time I checked, the XMPP StartCom certificates did not even use their RootCA. They had a new RootCA for this, which was in *NO* browser and *NO* OS at all. Even most XMPP-Clients did not include it. For example, Psi gave a big, fat warning. So, basically, they created a new RootCA for the XMPP Certificates which is not in any browser or OS and it seems not even in most XMPP Clients. We could have the same by just creating an XSF RootCA. > There are two different StartCom roots, the old one and the new one. > We > need to transition the XMPP ICA to use the new one. I am not sure > which > root cert is supported in Mozilla, but I thought it was the old one > (the > Mozilla folks will need to do the same upgrade we're doing). I can > check > on this. When I checked the XMPP StartCom Certs the last time, they we're using neither the old nor the new one, but a completely different CA. If the XSF would create a RootCA and sign certs sent in, it would be basically the same, but free. > BTW I thought you didn't care about SSL/TLS anyway, so what's the > fuss? For s2s, as the actual messages should be encrypted rather than the s2s connection and you can't rely on s2s encryption anyway (seriously, who even checks the certificates for s2s TLS? Most don't). But this is something which we will only get in the future. -- Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 801 bytes Desc: Signierter Teil der Nachricht URL: From stpeter at stpeter.im Wed May 20 10:35:45 2009 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Wed, 20 May 2009 09:35:45 -0600 Subject: [Members] XMPP ICA (was: Re: PayPal links) In-Reply-To: References: <4A13280F.9010605@stpeter.im> <4A141D82.2070103@stpeter.im> Message-ID: <4A142351.7030106@stpeter.im> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/20/09 9:19 AM, Jonathan Schleifer wrote: > Am 20.05.2009 um 17:10 schrieb Peter Saint-Andre: > >> Feel free to recommend other CAs that would enable us to be an >> Intermediate CA at a reasonable cost. When I did this research several >> years ago, there were no such options. > > I have to admit that I haven't looked for this yet. Didn't know the > situation is that bad. What other CAs would you look at? VeriSign, Equifax, etc. are very very expensive. The only other relatively inexpensive and widely available CA that I know of is GoDaddy, but at the time they didn't support ICAs, but I think that has changed now. >>> Well, the cert you get is not really comparable to the certs they sell >>> :/. If you want to use your XMPP StartCom Cert for example for your >>> website as well, you will get a warning in every browser, as they use a >>> different Root CA for that. >> >> The certs issued by the XMPP ICA are for XMPP services, not HTTP >> services. That's why it's called the XMPP ICA. > > Yeah, but we actually *PAY* StartCom for certs with a RootCA that is > listed nowhere. We could have our own RootCA that is listed nowhere as > well for free. Why do you say that the StartCom root is "listed nowhere"? It is supported in Mozilla, OS X, etc. Now, I freely admit that the XMPP ICA is currently using the *old* StartCom root. StartCom keeps poking me about upgrading, so the fault might be mine that we haven't done so yet. >>> So it's as useful as using some other >>> service that's free, but not listed in the Root CAs of the 4 big >>> browsers. >> >> The StartCom root is included in Mozilla, OS X, various Linux distros, >> etc. StartCom is also working hard on inclusion into Windows. > > Last time I checked, the XMPP StartCom certificates did not even use > their RootCA. They had a new RootCA for this, which was in *NO* browser > and *NO* OS at all. I don't think that's correct. > Even most XMPP-Clients did not include it. At the beginning, no. It has been a multi-year effort to encourage XMPP client and server developers to support the certificates issued by the XMPP ICA. In fact, before we started issuing these certificates it was difficult for server operators to install proper certificates, so we found a lot of bugs in server code (not presenting the entire cert chain), clients didn't warn users about bad certs, etc. Thank you for so clearly expressing your appreciation for all of the hard work that has gone into this effort at the XMPP ICA and the various code projects. I'm sorry that we have not achieved perfection yet, but this stuff takes time. > For > example, Psi gave a big, fat warning. You must have tested an older version of Psi. Psi 0.11 and above has full support for the certificates issued by the XMPP ICA. > So, basically, they created a new RootCA for the XMPP Certificates which > is not in any browser or OS and it seems not even in most XMPP Clients. I think that you are confusing the root cert with the intermediate cert. Please specify the complete cert chain and where you think the problem lies. > We could have the same by just creating an XSF RootCA. And take on the liability and management burden of running a CA? We decided against that approach years ago. However, feel free to introduce it as a topic for discussion among the membership, and describe how the XSF can manage such an effort, the infrastructure required, etc. The XSF is open to operational proposals like this, just follow the format of the documents at http://xmpp.org/xsf/proposals/ >> There are two different StartCom roots, the old one and the new one. We >> need to transition the XMPP ICA to use the new one. I am not sure which >> root cert is supported in Mozilla, but I thought it was the old one (the >> Mozilla folks will need to do the same upgrade we're doing). I can check >> on this. > > When I checked the XMPP StartCom Certs the last time, they we're using > neither the old nor the new one, but a completely different CA. I don't think that's right, but I will check. > If the > XSF would create a RootCA and sign certs sent in, it would be basically > the same, but free. TANSTAAFL. We'd be paying somehow -- for a new machine to house the CA, for management processes, for work to ensure that we are in line with industry best practices, for audits, etc. I am not convinced that running a CA is within our core competencies. But feel free to write a proposal for consideration by the membership. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoUI1EACgkQNL8k5A2w/vy92QCeLkrRpzi7tt1dXhr5GA90mFER x5sAn05Lgi5WpRaHjhDdcZ2r61NiG9qf =R1YN -----END PGP SIGNATURE----- From js-xmpp-members at webkeks.org Wed May 20 12:37:21 2009 From: js-xmpp-members at webkeks.org (Jonathan Schleifer) Date: Wed, 20 May 2009 19:37:21 +0200 Subject: [Members] XMPP ICA (was: Re: PayPal links) In-Reply-To: <4A142351.7030106@stpeter.im> References: <4A13280F.9010605@stpeter.im> <4A141D82.2070103@stpeter.im> <4A142351.7030106@stpeter.im> Message-ID: <6894958A-58C8-44D4-864F-22CE6D97A5C8@webkeks.org> Am 20.05.2009 um 17:35 schrieb Peter Saint-Andre: > What other CAs would you look at? VeriSign, Equifax, etc. are very > very > expensive. The only other relatively inexpensive and widely > available CA > that I know of is GoDaddy, but at the time they didn't support ICAs, > but > I think that has changed now. Does it need to be one of the well-known ones? It wouldn't make any difference, see below why. >> Yeah, but we actually *PAY* StartCom for certs with a RootCA that is >> listed nowhere. We could have our own RootCA that is listed nowhere >> as >> well for free. > > Why do you say that the StartCom root is "listed nowhere"? It is > supported in Mozilla, OS X, etc. Well, I think we got a misunderstanding here. When you request a StartCom cert the normal way, you get one signed by their Root CA. Last time I tried to get an XMPP StartCom cert, it used a different Root CA, which was labeled "StartCom XMPP ICA" or something like this. So, it seems we got 3 RootCAs here: The old StartCom one, the new StartCom one and the XMPP StartCom one. The old and the new StartCom one might be in some browsers and other apps. The XMPP StartCom one wasn't. I don't know if this has changed, because it's a long time since I tried the XMPP StartCom certificate. > Now, I freely admit that the XMPP ICA is currently using the *old* > StartCom root. StartCom keeps poking me about upgrading, so the fault > might be mine that we haven't done so yet. So actually we can change to their normal RootCAs? Because last time I requested an XMPP StartCom certificate, it was signed by some other RootCA that was just for XMPP. >> Last time I checked, the XMPP StartCom certificates did not even use >> their RootCA. They had a new RootCA for this, which was in *NO* >> browser >> and *NO* OS at all. > > I don't think that's correct. It;'s been a long time, so it's possible that this changed. >> Even most XMPP-Clients did not include it. > > At the beginning, no. It has been a multi-year effort to encourage > XMPP > client and server developers to support the certificates issued by the > XMPP ICA. In fact, before we started issuing these certificates it was > difficult for server operators to install proper certificates, so we > found a lot of bugs in server code (not presenting the entire cert > chain), clients didn't warn users about bad certs, etc. Thank you > for so > clearly expressing your appreciation for all of the hard work that has > gone into this effort at the XMPP ICA and the various code projects. > I'm > sorry that we have not achieved perfection yet, but this stuff takes > time. This was not criticism to your efforts. I just wanted to say: If we need to spend time to get the clients and servers to include it, we might as well create our own CA and try to get that included. This won't cost us anything. >> For >> example, Psi gave a big, fat warning. > > You must have tested an older version of Psi. Psi 0.11 and above has > full support for the certificates issued by the XMPP ICA. As I said, this was some time ago. Even 0.10 was only in SVN back then and even that gave a warning back then :). >> So, basically, they created a new RootCA for the XMPP Certificates >> which >> is not in any browser or OS and it seems not even in most XMPP >> Clients. > > I think that you are confusing the root cert with the intermediate > cert. > Please specify the complete cert chain and where you think the > problem lies. Guess I have to have a new look at this, maybe it was fixed now. >> We could have the same by just creating an XSF RootCA. > > And take on the liability and management burden of running a CA? We > decided against that approach years ago. However, feel free to > introduce > it as a topic for discussion among the membership, and describe how > the > XSF can manage such an effort, the infrastructure required, etc. The > XSF > is open to operational proposals like this, just follow the format of > the documents at http://xmpp.org/xsf/proposals/ This might indeed be an idea, especially as many complain that the XSF membership means "doing nothing besides some voting". >> When I checked the XMPP StartCom Certs the last time, they we're >> using >> neither the old nor the new one, but a completely different CA. > > I don't think that's right, but I will check. Ok, hopefully they fixed it. If they did, I might try it again :). >> If the >> XSF would create a RootCA and sign certs sent in, it would be >> basically >> the same, but free. > > TANSTAAFL. We'd be paying somehow -- for a new machine to house the > CA, > for management processes, for work to ensure that we are in line with > industry best practices, for audits, etc. I am not convinced that > running a CA is within our core competencies. But feel free to write a > proposal for consideration by the membership. Why would we need a new machine? For the revoke list? There aren't so many servers that it's impossible that one or a few individuals got the RootCA's private key and then unsigned certs are sent to them for signing, right? We don't need to open something that's as big as for example StartCom. -- Jonathan -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 801 bytes Desc: Signierter Teil der Nachricht URL: From stpeter at stpeter.im Wed May 20 13:56:31 2009 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Wed, 20 May 2009 12:56:31 -0600 Subject: [Members] XMPP ICA In-Reply-To: <6894958A-58C8-44D4-864F-22CE6D97A5C8@webkeks.org> References: <4A13280F.9010605@stpeter.im> <4A141D82.2070103@stpeter.im> <4A142351.7030106@stpeter.im> <6894958A-58C8-44D4-864F-22CE6D97A5C8@webkeks.org> Message-ID: <4A14525F.8050903@stpeter.im> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have an idea. The field is wide open. Anyone can be a CA. So why don't you put your money where your mouth is and start your own? Why does it need to be an official XSF CA? That's just more centralization! Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoUUl8ACgkQNL8k5A2w/vyt7wCeKLGBJaWWBTnjyoLgqkvOPXWM 9xQAoL9hDUgBBC4uGGEn3u6F8KCefqz/ =Hgp+ -----END PGP SIGNATURE----- From js-xmpp-members at webkeks.org Wed May 20 14:03:13 2009 From: js-xmpp-members at webkeks.org (Jonathan Schleifer) Date: Wed, 20 May 2009 21:03:13 +0200 Subject: [Members] XMPP ICA In-Reply-To: <4A14525F.8050903@stpeter.im> References: <4A13280F.9010605@stpeter.im> <4A141D82.2070103@stpeter.im> <4A142351.7030106@stpeter.im> <6894958A-58C8-44D4-864F-22CE6D97A5C8@webkeks.org> <4A14525F.8050903@stpeter.im> Message-ID: <20090520210313.3c1a6dd0@webkeks.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Peter Saint-Andre wrote: > I have an idea. The field is wide open. Anyone can be a CA. So why > don't you put your money where your mouth is and start your own? Why > does it need to be an official XSF CA? That's just more > centralization! There does not need to be an official XSF CA, that's exactly the point of the whole thread! And just think it's wrong to give money of a non-profit organization to a company. As for me, I'm not going to start my own CA, as I'm happy with CACert. - -- Jonathan -----BEGIN PGP SIGNATURE----- iQIcBAEBAwAGBQJKFFP1AAoJEMtRg9d5cXHkMU8P/1wYsKnObJH+VFBLohC+TXDW kPdKA72gI1wYn8p+JNw8veF4n5YJBj0Nqj42an5I7AnKTVee8q6NwkXv3h7cEKVZ UHG58zqdkKnF7XKzWGpy21g1TO/Ni9DItErIjFUK3nu2RLJrq6psfOFBNmE7aWA4 6aHWRE3+A1T+TOopHBdtorbxK8qj53W89wjI9hbHP+oNz77FWbHgVTt0T9HrGN04 MyBqITQNDVhxrikTpGlqdBiTCIb+yBBrXypWPETXAUuFdbfG2Tg5RsRwMczLjI+Y pCKD+l72EEBs6qbjYDG2zdyDRHDVoLaThneXzdOyOnehEpL8yhmRXwlBSVs3TYw/ +h+pLOAcXtSz7tZoz47VKYTWpDFaTeKG8ntyFuE5PwggcloTV95+il66sbcd5hOp 4aiAkWAm6ZTGdRTeUdbWiXv+5w/xe2JwGJpcjtLSG8mqxavDLCHZHoV6NnxXKHWw H/zTLzpyINTOjeac6qbYu30x46gYZ3YoQ8PazJ98FuMH4xtTh3XlhtMLrvDqCQuJ 2ORDVNDqMrIP+JdkAfId1GxXTA+GklAMqbDdZ4v2w2dPf34HkRRZJdIeOWHA0Kc9 3ihr4WstSkiUm2HmL84kQm+TNbWKClct8bHeUSm3wilrWiihOzkzl8i0eOW3b/ep fZkGPUq7YfoXGjySOhtt =CkbK -----END PGP SIGNATURE----- From arcriley at gmail.com Wed May 20 14:08:15 2009 From: arcriley at gmail.com (Arc Riley) Date: Wed, 20 May 2009 15:08:15 -0400 Subject: [Members] XMPP ICA In-Reply-To: <4A14525F.8050903@stpeter.im> References: <4A13280F.9010605@stpeter.im> <4A141D82.2070103@stpeter.im> <4A142351.7030106@stpeter.im> <6894958A-58C8-44D4-864F-22CE6D97A5C8@webkeks.org> <4A14525F.8050903@stpeter.im> Message-ID: And how does this play into federation? If CAs start springing up everywhere how are certs validated? On Wed, May 20, 2009 at 2:56 PM, Peter Saint-Andre wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have an idea. The field is wide open. Anyone can be a CA. So why don't > you put your money where your mouth is and start your own? Why does it > need to be an official XSF CA? That's just more centralization! > > Peter > > - -- > Peter Saint-Andre > https://stpeter.im/ > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkoUUl8ACgkQNL8k5A2w/vyt7wCeKLGBJaWWBTnjyoLgqkvOPXWM > 9xQAoL9hDUgBBC4uGGEn3u6F8KCefqz/ > =Hgp+ > -----END PGP SIGNATURE----- > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nathanfritz at gmail.com Thu May 21 12:11:48 2009 From: nathanfritz at gmail.com (Nathan Fritz) Date: Thu, 21 May 2009 10:11:48 -0700 Subject: [Members] First XSF Certificate Meeting In-Reply-To: <4A0AE439.1050304@isode.com> References: <182eea400905111421x5b6bde48gabc38e39c7936496@mail.gmail.com> <4A08A31D.8030806@stpeter.im> <182eea400905111537u76697ff5i32d3260853a1a074@mail.gmail.com> <4A08AD2C.8070904@stpeter.im> <4A0AE439.1050304@isode.com> Message-ID: <182eea400905211011t513d58cdgc9ed0965ff8c84d9@mail.gmail.com> Reminder: Meeting in xmpp:foundation at conference.jabber.org?join in 50 minutes, 1800 UTC. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nathanfritz at gmail.com Thu May 21 16:40:18 2009 From: nathanfritz at gmail.com (Nathan Fritz) Date: Thu, 21 May 2009 14:40:18 -0700 Subject: [Members] XMPP Server Compliance Tests Message-ID: <182eea400905211440m3b698ef5p51bf308ebe9e6bc9@mail.gmail.com> The XSF had a meeting today, and we decided to create a test harness for server compliance on interop.xmpp.org. As such, the interop at xmpp.orgmailing list is being resurrected to discuss these tests. Matthew Wild and I will be putting together the test harness, which will have a web interface and a few small tests. We hope to have all of this going in time for the Summit to take lessons learned for building some larger tests. These tests will be available to the community to help with test driven development of servers. The long term goals for these tests include the XSF providing Compliance Certifications, although we've got a lot of work to get done between now and then. If you have tests that you use, we would like to review it for adoption -- I'll publish a list of requirements in the near future. If you'd like to discuss this further, please join the interop list. Thanks, Nathan Fritz -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnauck at ag-software.de Fri May 22 01:50:54 2009 From: gnauck at ag-software.de (Alexander Gnauck) Date: Fri, 22 May 2009 08:50:54 +0200 Subject: [Members] PayPal links In-Reply-To: References: <4A13280F.9010605@stpeter.im> <4A141D82.2070103@stpeter.im> Message-ID: <4A164B4E.1040305@ag-software.de> Jonathan Schleifer wrote: > Last time I checked, the XMPP StartCom certificates did not even use > their RootCA. They had a new RootCA for this, which was in *NO* > browser and *NO* OS at all. Even most XMPP-Clients did not include it. > For example, Psi gave a big, fat warning. > > So, basically, they created a new RootCA for the XMPP Certificates > which is not in any browser or OS and it seems not even in most XMPP > Clients. We could have the same by just creating an XSF RootCA. go to our ICA pages and checkout a new cert. And please install the latest versions of clients before we continue this discussion with half truth. Peter, thanks for adding the Paypal link. Maybe in 2 month we can create some stats about the donations. Alex From stpeter at stpeter.im Tue May 26 10:40:44 2009 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Tue, 26 May 2009 09:40:44 -0600 Subject: [Members] volunteering Message-ID: <4A1C0D7C.7080100@stpeter.im> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nathan Fritz has kicked off the idea of volunteering for XSF-related tasks (his idea was that XSF members might do manual testing of IM clients once we have conformance tools in place). I've thought of two other tasks: 1. Helping to maintain the XMPP services list: http://xmpp.org/services/ 2. Helping to verify certificate requests for the XMPP ICA: http://xmpp.org/ca/ If you are interested in helping, please ping me via IM. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkocDXwACgkQNL8k5A2w/vz/2wCgq6QXVdxpTJxuojYeppmR8rRp IhIAoKzNFxLSU9Spc8omTCNIHSTtafrT =ZNEo -----END PGP SIGNATURE----- From stpeter at stpeter.im Tue May 26 12:13:29 2009 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Tue, 26 May 2009 11:13:29 -0600 Subject: [Members] volunteering In-Reply-To: <4A1C0D7C.7080100@stpeter.im> References: <4A1C0D7C.7080100@stpeter.im> Message-ID: <4A1C2339.7000601@stpeter.im> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/26/09 9:40 AM, Peter Saint-Andre wrote: > 2. Helping to verify certificate requests for the XMPP ICA: > > http://xmpp.org/ca/ Florian Jensen volunteered to help with this. He already has a Class 2 end-user cert from StartCom, so that made it easy. :) Thanks, Florian! Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkocIzkACgkQNL8k5A2w/vz2YwCfaFv/+RA3twCs4l8a0xZeNW8u 90QAoObZjcO6NVW+9xiFL5PrXY8vt/iT =cMOq -----END PGP SIGNATURE----- From stpeter at stpeter.im Thu May 28 14:20:31 2009 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Thu, 28 May 2009 13:20:31 -0600 Subject: [Members] PayPal links In-Reply-To: <4A164B4E.1040305@ag-software.de> References: <4A13280F.9010605@stpeter.im> <4A141D82.2070103@stpeter.im> <4A164B4E.1040305@ag-software.de> Message-ID: <4A1EE3FF.3020802@stpeter.im> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/22/09 12:50 AM, Alexander Gnauck wrote: > Jonathan Schleifer wrote: >> Last time I checked, the XMPP StartCom certificates did not even use >> their RootCA. They had a new RootCA for this, which was in *NO* >> browser and *NO* OS at all. Even most XMPP-Clients did not include >> it. For example, Psi gave a big, fat warning. >> >> So, basically, they created a new RootCA for the XMPP Certificates >> which is not in any browser or OS and it seems not even in most XMPP >> Clients. We could have the same by just creating an XSF RootCA. > > go to our ICA pages and checkout a new cert. And please install the > latest versions of clients before we continue this discussion with half > truth. > > Peter, thanks for adding the Paypal link. Maybe in 2 month we can create > some stats about the donations. No stats to report yet. :( Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoe4/8ACgkQNL8k5A2w/vzXtgCfV3aK/Z33ekEpChEOOH7mtAl6 cScAoJoQOSzozxxhROniQtBd110q1v5v =VGIV -----END PGP SIGNATURE----- From stpeter at stpeter.im Fri May 29 09:15:45 2009 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Fri, 29 May 2009 08:15:45 -0600 Subject: [Members] volunteering In-Reply-To: <4A1C0D7C.7080100@stpeter.im> References: <4A1C0D7C.7080100@stpeter.im> Message-ID: <4A1FEE11.5030001@stpeter.im> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/26/09 9:40 AM, Peter Saint-Andre wrote: > Nathan Fritz has kicked off the idea of volunteering for XSF-related > tasks (his idea was that XSF members might do manual testing of IM > clients once we have conformance tools in place). I've thought of two > other tasks: > > 1. Helping to maintain the XMPP services list: > > http://xmpp.org/services/ Since it seems that no one is interested in helping with this, I'll post about it on the operators at xmpp.org list. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkof7hEACgkQNL8k5A2w/vxw2gCgroXlcP+5YrrvI/FjEODvHQgT fe4AoJz+RM+hgOVevt8k7jaOuC5roee7 =76Rj -----END PGP SIGNATURE----- From coder2000 at gmail.com Fri May 29 09:48:08 2009 From: coder2000 at gmail.com (Dieter Lunn) Date: Fri, 29 May 2009 09:48:08 -0500 Subject: [Members] volunteering In-Reply-To: <4A1FEE11.5030001@stpeter.im> References: <4A1C0D7C.7080100@stpeter.im> <4A1FEE11.5030001@stpeter.im> Message-ID: <340b38940905290748i23fbc489x2f352cd3bde3b0ae@mail.gmail.com> I could help out maintaining that list. I'll make no guarantee of timeliness though. Dieter Lunn http://www.coder2000.ca On Fri, May 29, 2009 at 9:15 AM, Peter Saint-Andre wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 5/26/09 9:40 AM, Peter Saint-Andre wrote: >> Nathan Fritz has kicked off the idea of volunteering for XSF-related >> tasks (his idea was that XSF members might do manual testing of IM >> clients once we have conformance tools in place). I've thought of two >> other tasks: >> >> 1. Helping to maintain the XMPP services list: >> >> ? ?http://xmpp.org/services/ > > Since it seems that no one is interested in helping with this, I'll post > about it on the operators at xmpp.org list. > > Peter > > - -- > Peter Saint-Andre > https://stpeter.im/ > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkof7hEACgkQNL8k5A2w/vxw2gCgroXlcP+5YrrvI/FjEODvHQgT > fe4AoJz+RM+hgOVevt8k7jaOuC5roee7 > =76Rj > -----END PGP SIGNATURE----- > From stpeter at stpeter.im Fri May 29 10:34:34 2009 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Fri, 29 May 2009 09:34:34 -0600 Subject: [Members] volunteering In-Reply-To: <340b38940905290748i23fbc489x2f352cd3bde3b0ae@mail.gmail.com> References: <4A1C0D7C.7080100@stpeter.im> <4A1FEE11.5030001@stpeter.im> <340b38940905290748i23fbc489x2f352cd3bde3b0ae@mail.gmail.com> Message-ID: <4A20008A.6080609@stpeter.im> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/29/09 8:48 AM, Dieter Lunn wrote: > I could help out maintaining that list. I'll make no guarantee of > timeliness though. If we have a few people working on it, I think it will go faster. I'll post a bit of a HOWTO about it soon. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkogAIoACgkQNL8k5A2w/vxfbgCfYlcZ9EHNyB4mSPVfgmHFCkzz qBgAoMb3grSLTTGr1hP2lVsL/7Dd1aJ0 =Nmpr -----END PGP SIGNATURE-----