Daniel Gultsch for Council 2019
My name is Daniel Gultsch. I’m self employed and work full time on XMPP related projects. One of my publicly known projects is the open source Android client Conversations but I also do consulting and contract work for commercial projects.
There are currently three XEPs that bear my name:
- XEP-0363: HTTP File Upload
- XEP-0398: User Avatar to vCard-Based Avatars Conversion
- XEP-0411: Bookmarks Conversion
I concern myself with security in the open source ecosystem and have over the years documented a couple of vulnerabilities in various open source clients.
- CVE-2015-8688: Gajim Roster Push Attack / Message Interception
- CVE-2018-6591: Converse.js leaking information about which rooms are bookmarked
- CVE-2019-16235+: Multiple Vulnerabilities found in Dino
I've previously served on Council for two terms in the years 2017 and 2018.
A majority of the votes in day-to-day council operation are going to be two things: Accepting XEPs as experimental and moving XEPs from experimental to draft. The criteria in XEP-0001 leave room for interpretation and different people have interpreted them differently over the times. So if you are going to put me into Council you should know how I’m (generally) going to vote on these issue.
Accepting a XEP as Experimental
I’m a believer of providing a stable base for anything people want to work on. To be accepted as experimental a XEP doesn’t have to be perfect. I’m also open to giving a number to XEPs that I personally don’t agree with or find otherwise controversial. I believe that there is room for exploring different solutions to the same problem. However I think that a XEP has to be implementable to be accepted. In the past Council has accepted XEPs that were just a bunch of TODOs or otherwise contained a lot of placeholders. I believe that an independent developer has to be able to look at a XEP and start implementing it.
Moving XEPs to Draft
There are currently a lof of XEPs stuck in experimental that are widely implemented and a working fine for a lot of people (Most noteworthy are Message Carbons, Message Archive Management, HTTP Upload).
If we are going to consider experimental as a lower quality just-provide-a-stable-base kind of stage (see previous section) we need to move those XEPs that are widely implemented (and are obviously working for a lot of people) on to draft to make them distinguishable from XEPs that are not fit for use.
There is a chance that one or even all of the XEPs I used as examples above are not the most beautiful things the XMPP has ever come up with. But that doesn’t change the fact that these XEPs are different to the average lower quality experimental stage XEPs. The life cycle state of those XEP has to reflect that.
It is irritating that our Compliance Suits which are basically lists of XEPs to implement for a good & modern IM experience point to XEPs that then say »Please don’t implement me in production«.