Email or username:

Password:

Forgot your password?
Top-level
Michael Stanclift

Something else to consider, but that I've not figured out a great way to poll yet, is the user representation of those on out-dated installs.

The largest instances in the network tend to have administrators who are aware of updates, and apply them regularly (especially when it's security related) either because they care, because their users ask them to, or because they're on managed providers that handle it for them.

Sorted by monthly active users:
10 of 10
19 of 20
46 of 50
92 of 100

Are all patched.

4 comments
stuart

@vmstan

A useful feature would be for Admins to automatically block instances below a security version level. Might encourage recalcitrant Admins to catch up.

Paging @Gargron

Emelia πŸ‘ΈπŸ»

@stuart @vmstan @Gargron mastodon currently doesn't collect nor store information on the instances it's federating with, afaik, so this would be hard to do, without a change to collect that data.

stuart

@thisismissem @vmstan @Gargron

The information is there in the api which known instances could be sampled daily. Only it might get complicated with instances not using Mastodon. Perhaps introducing a unique version code like mstdn.4.x.x or kbin.x.x.x might help.

Vulnerabilities occur elsewhere. Might be useful if a gihub account of another distribution gets compromised and they need to be locked out until proven safe.

Just a suggestion going forward if other distributions would co-operate.

Emelia πŸ‘ΈπŸ»

@stuart @vmstan yes, the information may be in the API & available via say nodeinfo, but Mastodon doesn't actually store data about instances, just the known accounts & domain blocks.

tbh, this would possibly be better done via an advisory list.

Go Up