Skip to content

[Feature] version property exposed on public_node #4384

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: stable
Choose a base branch
from
Open

[Feature] version property exposed on public_node #4384

wants to merge 4 commits into from

Conversation

marchrius
Copy link

This PR let a client retrieve the globaleaks version also from the /api/public endpoint

Before submitting a pull request, please ensure the following:

  • The pull request includes a description of the problem you're trying to solve.
  • The pull request provides an overview of the suggested solution.
  • The proposed code is fully functional.
  • The proposed code includes relevant tests to verify its functionality.
  • All new and existing tests pass successfully.
  • Overall code quality and test coverage metrics are not reduced by more than 0.5%

@marchrius marchrius requested a review from a team as a code owner January 29, 2025 13:30
@evilaliv3
Copy link
Member

Thank you @marchrius for this proposal.

May i ask you which is hte motivation of this implementation?

The reason why we are not exposing the the software version is the following.

Back in 2011 we used to expose the software version and a auditor advised to remove it.

We do not believe in security through obscurity and of course the version of the software can be discovered with fingerprinting technics but still we want to honor and respect the peer review received when lecit :)

@evilaliv3 evilaliv3 force-pushed the stable branch 2 times, most recently from 4745036 to 9a85d8f Compare January 29, 2025 19:54
@marchrius
Copy link
Author

Hi @evilaliv3 , the explanation is simple. We have a small Globaleaks SDK which is implemented in our software. We need to know which version is running and compare it with remote available tags.

@evilaliv3
Copy link
Member

Thank you @marchrius for the clarification.

I think for exposing a detail like this, that is sensible to security we might eventually need an other strategy and administrative API functionality because automating deployments does not justify lowering security.

If you like, please join us on community.globaleaks.org and if helpful you are invited to present your SDK in a next community call.

@evilaliv3 evilaliv3 force-pushed the stable branch 7 times, most recently from 213085d to 87418da Compare February 15, 2025 00:01
@evilaliv3 evilaliv3 force-pushed the stable branch 4 times, most recently from d3ee545 to 0b9fb4a Compare February 23, 2025 13:01
@evilaliv3 evilaliv3 force-pushed the stable branch 9 times, most recently from a5f5a31 to f3ecdc5 Compare March 9, 2025 18:09
@evilaliv3 evilaliv3 force-pushed the stable branch 10 times, most recently from 59c6ff5 to b4eab9c Compare March 14, 2025 09:54
@evilaliv3 evilaliv3 force-pushed the stable branch 3 times, most recently from 10f91a1 to 8468530 Compare March 31, 2025 16:38
@evilaliv3 evilaliv3 force-pushed the stable branch 6 times, most recently from 6aa3251 to 947afe2 Compare May 20, 2025 17:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@marchrius @evilaliv3