@stuart@vmstan@Gargron mastodon currently doesn't collect nor store information on the instances it's federating with, afaik, so this would be hard to do, without a change to collect that data.
The information is there in the api which known instances could be sampled daily. Only it might get complicated with instances not using Mastodon. Perhaps introducing a unique version code like mstdn.4.x.x or kbin.x.x.x might help.
Vulnerabilities occur elsewhere. Might be useful if a gihub account of another distribution gets compromised and they need to be locked out until proven safe.
Just a suggestion going forward if other distributions would co-operate.
@stuart@vmstan yes, the information may be in the API & available via say nodeinfo, but Mastodon doesn't actually store data about instances, just the known accounts & domain blocks.
tbh, this would possibly be better done via an advisory list.
Gregory's Server
@thisismissem @vmstan @Gargron
The information is there in the api which known instances could be sampled daily. Only it might get complicated with instances not using Mastodon. Perhaps introducing a unique version code like mstdn.4.x.x or kbin.x.x.x might help.
Vulnerabilities occur elsewhere. Might be useful if a gihub account of another distribution gets compromised and they need to be locked out until proven safe.
Just a suggestion going forward if other distributions would co-operate.