Something else to consider, but that I've not figured...

Something else to consider, but that I've not figured out a great way to poll yet, is the user representation of those on out-dated installs.

The largest instances in the network tend to have administrators who are aware of updates, and apply them regularly (especially when it's security related) either because they care, because their users ask them to, or because they're on managed providers that handle it for them.

Sorted by monthly active users:
10 of 10
19 of 20
46 of 50
92 of 100

Are all patched.

Like 17 Oct 2023 at 16:36 | Open on vmst.io

4 comments

stuart

@vmstan

A useful feature would be for Admins to automatically block instances below a security version level. Might encourage recalcitrant Admins to catch up.

Paging @Gargron

17 Oct 2023 at 17:17 | Open on social.brainsys.com

Emelia 👸🏻

@stuart @vmstan @Gargron mastodon currently doesn't collect nor store information on the instances it's federating with, afaik, so this would be hard to do, without a change to collect that data.

17 Oct 2023 at 17:52 | Open on hachyderm.io

stuart

@thisismissem @vmstan @Gargron

The information is there in the api which known instances could be sampled daily. Only it might get complicated with instances not using Mastodon. Perhaps introducing a unique version code like mstdn.4.x.x or kbin.x.x.x might help.

Vulnerabilities occur elsewhere. Might be useful if a gihub account of another distribution gets compromised and they need to be locked out until proven safe.

Just a suggestion going forward if other distributions would co-operate.

17 Oct 2023 at 18:31 | Open on social.brainsys.com

Emelia 👸🏻

@stuart @vmstan yes, the information may be in the API & available via say nodeinfo, but Mastodon doesn't actually store data about instances, just the known accounts & domain blocks.

tbh, this would possibly be better done via an advisory list.

17 Oct 2023 at 18:34 | Open on hachyderm.io