Email or username:

Password:

Forgot your password?
All posts Renaud's posts Post Back to profile
Renaud Chaput

Advice to OSS projects that are exposing a public interface: implement an update checker with very visible admin notifications.

We did this for Mastodon 4.2, and it allowed our latest security release to reach 90% active user adoption in less than 48 hours, which took weeks previously.

Also, you should probably have a written guide on how to do your security releases, I hope I can share ours at some point.

You can check the update checker implemention here: github.com/mastodon/mastodon/p

9 February at 11:58 | Open on oisaur.com
9 comments
Tristan Harward

@renchap this was fantastic. Immediately visible, impossible to ignore, clear and actionable. Thank you!

9 February at 12:21 | Open on m.trisweb.com
Jo Kingly :verified:

@renchap Nice. Will take that into account for hybrix.io platform.

9 February at 12:54 | Open on c.im
Expert Plus πŸ€

@JoKingly wtf? it's a cryptocurrency platform! seriously? you're interested in crypto? i personally hate it.

9 February at 23:31 | Open on attractive.space
Jo Kingly :verified:

@expert I have been working on hybrix for 7 years, and during this process have tried to keep the spirit of openness and transparency alive. It has always been non-profit, and it supports storing and sending of euro, dollar and yuan, as well as programmability without needing to pay for anything.

Sadly, crypto is no longer what it used to be at the very beginning. Many individuals in the space have sold their souls to profiteering and money-making. That annoys me a lot too, and as a result I strongly dislike roughly 80% of the projects in the space as well.

@expert I have been working on hybrix for 7 years, and during this process have tried to keep the spirit of openness and transparency alive. It has always been non-profit, and it supports storing and sending of euro, dollar and yuan, as well as programmability without needing to pay for anything.

Sadly, crypto is no longer what it used to be at the very beginning. Many individuals in the space have sold their souls to profiteering and money-making. That annoys me a lot too, and as a result I strongly...

10 February at 5:10 | Open on c.im
Justin Myers

@renchap I'm not a Mastodon admin, but I've certainly appreciated the straightforward and obvious update notifications in @homeassistant, as someone who recently has put one of those instances together.

9 February at 16:42 | Open on mastodon.sdf.org
Eelco Maljaars πŸ‡ͺπŸ‡Ί

@renchap communication dealing with the latest CVE was excellent. The clear message in de UI was good, but also the upfront heads-up allowed me to be prepared and deploy updates to all my instances in 1-2 hours time. Great work, highly appreciated!

#mastodon #security

9 February at 18:04 | Open on social.lutra-it.eu
axleyjc

@renchap Kudos! Great success story! And real data!

9 February at 19:59 | Open on federate.social
Dr. jonny phd

@renchap
That was a huge win, congrats to yall.

9 February at 20:20 | Open on neuromatch.social
Emelia πŸ‘ΈπŸ»

@renchap I've shared the PR for mastodon's implementation with @dansup

10 February at 11:26 | Open on hachyderm.io
Go Up