| 19 Aug 2025 |
 Cat | As of 2.6.0 the don't upgrade recommendation changed to a make sure you know what your doing type of recomendation. | 12:53:38 |
| Cat | Since room upgrades especially to v12 are a mess and if you dont know what your doing its easy to screw up. | 12:54:03 |
| Cat | Especially as nobody who is responsible to any real degree can ethically use /upgrade API if they have been attacked in the past. | 12:54:38 |
 K900 | My personal take on this is that I'd want to see some sort of automation for upgrades too | 12:54:42 |
| Cat | Due to that you will be re sending offensive mxids. | 12:54:48 |
| K900 | FWIW I absolutely don't care about resending banned MXIDs | 12:55:07 |
| Cat | I agree. Thats why room upgrade tooling in Draupnir is a issue thats open. | 12:55:11 |
| K900 | That's extremely not my problem | 12:55:19 |
| Cat | We had a problem in the past where they contained CSAM onion links. | 12:55:30 |
| K900 | OK, so? | 12:55:39 |
| K900 | That's already in the room history and can't be meaningfully removed | 12:55:49 |
| Cat | yes you cant remove it from the old room but adding it to your new room is bad optics especially when your bot renders it not needed. | 12:56:13 |
| Cat | Thats the point im making. Like the API that Synapse provides for upgrades has that as one of its flaws. | 12:56:38 |
| Cat | Also that is especially needed for v12 due to that in v12 the room creator has infinite power. | 12:57:07 |
| Cat | And said power is not revokable. | 12:57:12 |
| Cat | I know Ubuntu are going to do all their upgrades via system account due to that. And it looks likely that Fedora will also take that same direction.
It wouldnt shock me if Nix will also end up doing that. | 12:58:23 |
| K900 | We already have an account like that and yes that would be the plan | 13:05:34 |
 @emma:rory.gay | opensuse will too, but most likely just using the Guard Geeko account | 13:07:36 |
| @emma:rory.gay | the upgrade isnt that worthwhile | 13:08:12 |
| Cat | The upgrade currently comes at too large a cost i would argue. | 13:11:32 |
| Cat | Considering not all the homeservers people currently run are on v12 support yet. | 13:11:48 |
| @emma:rory.gay | there's the version issue, but also continuwuity outright not having a release with v12 support at all yet | 13:15:12 |
|  ylagr joined the room. | 15:16:41 |
 Sandro | Already did that with all Hackspace rooms to have the power on one account for all existing rooms | 15:40:21 |
| @emma:rory.gay | im still holding off on room version 12 | 15:48:54 |
 Charles | i think i would say the vulnerabilities are, uh, underblown, and the efficacy of the mitigations are overblown | 15:52:12 |
| Charles | see also my comment here https://lobste.rs/s/1ghsju/project_hydra_improving_state#c_eayyqo | 15:52:44 |
 emily | "More generally, I think that availability of write nodes is actually an undesirable property for public rooms" 💯 | 15:54:22 |
| emily | they should really just add a room type that is "owned" by a homeserver | 15:54:48 |
| emily | I guess policy servers are basically this with extra steps or something | 15:54:56 |
