|
Top-level
 I'm not a statistician, but there are a few things to consider in all this. FediDB is a really good source of truth, but there is no single source of who runs what versions. There is a possibility that folks individually patched their instances with the relevant CVE fixes but otherwise remained on older versions. There are a number of dead instances in FediDB, where they may have been polled when their version was the latest and greatest, and then disappeared from the Fediverse. 5 comments
  @thisismissem @vmstan @Gargron The information is there in the api which known instances could be sampled daily. Only it might get complicated with instances not using Mastodon. Perhaps introducing a unique version code like mstdn.4.x.x or kbin.x.x.x might help. Vulnerabilities occur elsewhere. Might be useful if a gihub account of another distribution gets compromised and they need to be locked out until proven safe. Just a suggestion going forward if other distributions would co-operate. |
Gregory's Server
Something else to consider, but that I've not figured out a great way to poll yet, is the user representation of those on out-dated installs.
The largest instances in the network tend to have administrators who are aware of updates, and apply them regularly (especially when it's security related) either because they care, because their users ask them to, or because they're on managed providers that handle it for them.
Sorted by monthly active users:
10 of 10
19 of 20
46 of 50
92 of 100
Are all patched.
Something else to consider, but that I've not figured out a great way to poll yet, is the user representation of those on out-dated installs.
The largest instances in the network tend to have administrators who are aware of updates, and apply them regularly (especially when it's security related) either because they care, because their users ask them to, or because they're on managed providers that handle it for them.