Closed alltheseas closed 11 months ago
I will at no point be giving special treatment to specific relay softwares, results in too much bloat. However, this is NIP-11, so would be better worded as "show version for relays".
That said, the version attribute for relays is already displayed for relays with NIP-11 on the relay's page.
Where are you asking for this to be displayed? In a table column? Are you asking for this to be a filterable attribute?
@alltheseas
Where are you asking for this to be displayed? In a table column? Are you asking for this to be a filterable attribute?
Where are you asking for this to be displayed? In a table column? Are you asking for this to be a filterable attribute?
I was suggesting both added in table column, and filterable.
I will at no point be giving special treatment to specific relay softwares, results in too much bloat. However, this is NIP-11, so would be better worded as "show version for relays".
This makes sense. I was assuming all relays ran the same software/OS.
Re-reading the user story I wrote, the version is a means to an end. The job-to-be-done here is "is this relay secure". So if a relay runs with a known unsecure version of relay OS/software (for instance anything prior to cameri nostr 1.22.2), there should be a secure/insecure column displayed + attribute.
What do you think @dskvr ?
Updated
As an advanced relay user who is performing security research on relays, I want to know which if a particular relay is running insecure software, so that I can adjust my relay preferences as not to use insecure relays.
User has method to see if relay is insecure.
Yes, I think this is an excellent idea.
There are a number of issues at present that make this difficult
0.4
will include a number of optimizations and refactors, and implementing this feature during such an exercise would likely prove more fruitful, with less wasted time/energy.
Now, when it comes to the goal "User has method to see if relay is insecure," it would be interesting to figure out a standard where relay operators can use nostr to post advisories for specific versions, and then those advisories appear on nostr.watch. This would be much easier to implement, and doesn't require a user to know before hand that a version is insecure, instead, they would just see an advisory from the relay software author.
there are some minor chores there:
relays.yaml
but more verbose. Would need to include:
org/software
name as keypubkey
object member where hex public key is defined. relay
that indicates an author's home relay. #t
] from specific pubkeys (as defined in yaml above) and...
Is your feature request related to a problem? Please describe. I want to easily find what version of Nostream a relay is running. I am not aware of a solution for this. There can be security risks in running Nostream versions that are not up to date, and I want to avoid the vulnerable relays.
Describe the solution you'd like
User Story
As an advanced relay user who is performing security research on relays, I want to know which Nostream version is being run by which relay, so that I can adjust my relay preferences accordingly.
Acceptance Criteria
Describe alternatives you've considered Don't do anything.
Additional context See Cameri security patch announcement https://damus.io/note1z9zvwfdfqnnz9z02faxucc7pyp483mh8fq8ew76j0p8xswzdxdzqdw07ek