I’m afraid that’s quite outside my field of expertise. I can only report how my experience on XMPP has been as a user, though perhaps @poVoq@slrpnk.net, who hosts it, may be able to weigh in on that. Edit: ah, I see you already have 😄

Though from my untrained eye, it seems that Jabber.ru was compromised due to not enabling a particular feature on their server

“Channel binding” is a feature in XMPP which can detect a MiTM even if the interceptor present a valid certificate. Both the client and the server must support SCRAM PLUS authentication mechanisms for this to work. Unfortunately this was not active on jabber.ru at the time of the attack.

And it seems that hosting it externally on paid hosting service (hetzner and linode) left them particularly vulnerable to this attack, and tgat it could’ve been mitigated by self hosting the XMPP locally, as well as activating that feature.

Slrpnk hosts an XMPP/Jabber for our users, mods and admins to communicate. Its worked pretty darn well for the past couple years, with very low resource needs.

The clients are pretty slick now too, such as Cheogram or Monocles for mobile, and movim is an excellent web app with support for group calls.

I’d certainly recommend it over Matrix/element.

He wouldn’t have any problem whatsoever if Debian was publicly endorsing right wing views and losing leftist contributors.

Linux and the GPL FOSS movement is inherently leftist, snd right wingers have been wailing about leftist views in various FOSS projects for over a decade. I recall many threads on reddit accusing Linus of having been made ‘woke’ by his daughter when the CoC was introduced, back during the gamergate era.

It’s all the same shit, all the same complaints, and all a waste of time. As the US descends into extreme fascism to the cries of approval of the MAGA cult, it becomes harder and harder to stomach them in a project.

The more concerning thing going on is Debian potentially embracing AI, which I am very much not a fan of.