from tedu@azorius.net to azorius@azorius.net on 25 Jul 2023 23:15
https://azorius.net/p/Nn3Q4Ps24pljbr31CQ
Well, that was quick. 0.2 is here. Almost immediately after setting up azorius.net, I found an accidental key disclosure. I was told sharing is caring, but the "experts" say that's wrong. More on that below.
So it's a little short of where 0.2 was supposed to be.
changelog
- Fix key disclosure. Keep secrets away from the web.
- UI refinements.
- Edit and delete comments.
- Reports for stuff you don't like.
- Modest group mod capabilities.
- AP vocab: better hashtag and context support.
why why why
The tactical bug was accidentally putting an internal object into public json. There are wire representations for these things, and it's not supposed to include all the messy guts. There are now json marshal methods for each type that panic to prevent a recurrence.
The strategic bug was keeping secret key data in the everyday types at all. I felt like this was a mistake, but let it slide. Gah. The fix here was to move all the key data out of the normal tables and types, so it's only accessed as needed.
The database upgrade will also rotate keys. I think fedi key disclosures are kinda low impact anyway, but whatever.
#azorius
threaded - newest