| 19 Aug 2025 |
 matthewcroughan | NixOS is not being as proactive as them, is there a reason? | 12:29:59 |
 K900 | Good for them, I guess | 12:30:14 |
| matthewcroughan | I remember you mentioned that the security stuff was perhaps overblown, is it still the view you take? | 12:30:21 |
| K900 | Yes, and we still have tons of users that are not patched, and Draupnir | 12:31:04 |
| matthewcroughan | True, but users will never patch unless we are proactive don't you think | 12:31:21 |
| K900 | And the security stuff is overblown, as is the efficiency of mitigation | 12:31:33 |
| matthewcroughan | Alright fair, just wanted to know, thanks for informing | 12:32:15 |
 c-x-berger | Efficiency or efficacy? | 12:32:39 |
| K900 | Efficacy, sorry, brain bad | 12:33:05 |
 dgrig | If it's any help with setting some context, even the matrix foundation wont update its rooms until September where more people will have upgraded their servers and clients | 12:33:10 |
| dgrig | * If it's any help with setting some context, even the matrix foundation wont update its rooms until September when more people will have upgraded their servers and clients | 12:33:21 |
 Cat | Ok im confused are you saying tones of users that arent patched plus having Draupnir protection is why your not upgrading or because Draupnir is not ready? | 12:51:44 |
| K900 | Draupnir is not entirely ready still AFAIK | 12:52:08 |
| Cat | Because Draupnir is technically ready to protect v12 rooms its just v12 is a royal fucking pain in the rear to deal with for the un initiated. | 12:52:14 |
| K900 | But that may have changed by now | 12:52:23 |
| Cat | As of 2.6.0 the don't upgrade recommendation changed to a make sure you know what your doing type of recomendation. | 12:53:38 |
| Cat | Since room upgrades especially to v12 are a mess and if you dont know what your doing its easy to screw up. | 12:54:03 |
| Cat | Especially as nobody who is responsible to any real degree can ethically use /upgrade API if they have been attacked in the past. | 12:54:38 |
| K900 | My personal take on this is that I'd want to see some sort of automation for upgrades too | 12:54:42 |
| Cat | Due to that you will be re sending offensive mxids. | 12:54:48 |
| K900 | FWIW I absolutely don't care about resending banned MXIDs | 12:55:07 |
| Cat | I agree. Thats why room upgrade tooling in Draupnir is a issue thats open. | 12:55:11 |
| K900 | That's extremely not my problem | 12:55:19 |
| Cat | We had a problem in the past where they contained CSAM onion links. | 12:55:30 |
| K900 | OK, so? | 12:55:39 |
| K900 | That's already in the room history and can't be meaningfully removed | 12:55:49 |
| Cat | yes you cant remove it from the old room but adding it to your new room is bad optics especially when your bot renders it not needed. | 12:56:13 |
| Cat | Thats the point im making. Like the API that Synapse provides for upgrades has that as one of its flaws. | 12:56:38 |
| Cat | Also that is especially needed for v12 due to that in v12 the room creator has infinite power. | 12:57:07 |
| Cat | And said power is not revokable. | 12:57:12 |
