Mastodon: Block old software versions

Counterpoint: Not every site runs on Mastodon, so checking for software is not a viable strategy for making decisions like this. Especially not automated ones.

Also, the problem with Pawoo is not that they run an older version of Mastodon. The problem is that they have open registrations.

the problem with pawoo is neither of those things. The problem with pawoo is that they don't have active moderation

Well, Pawoo was just the one little thing to make me write this FR, but in general the problem of old insecure instances still stands, that are/might be abused for spamming.

As you can see from my Federation Statistics page for Mastodon, there are lots of very old versions out there.

Counterpoint: Not every site runs on Mastodon, so checking for software is not a viable strategy for making decisions like this. Especially not automated ones.

Sure. For e.g. Friendica we are discussing this in the Friendica Admin forum. So it's not only something for Mastodon to do, but it would be a good start as Mastodon is the major player in the Fediverse.

Also, the problem with Pawoo is not that they run an older version of Mastodon. The problem is that they have open registrations.

I don't think that's a problem of open registrations, but as nightpool put it out a matter of missing moderation. I do have open registration as well, but I'm still able to review all of my registrations (like 5-10 per week). Missing moderation is a clear sign of missing care that results in multiple things. Like missing updates to keep the software up-to-date.
So, to put it simple: outdated software -> missing active maintenance -> increasing bots accounts -> increased spam volume in the Fediverse.

How would you react to a an open, unmaintained mail server allowing spamming you and your users? You would block it, preventing it sending even more spam to your users.

This proposal is like a long term plan: of couse in step 1 you'll need to notify the instance admins about a new version being available. Maybe just by a popup within the website, maybe an additional mail would also do the trick. Of course this can only be implemented in newer versions.
The next step could be to implement something that prevents the instance from federation if the version is too old (how many versions behind is a matter of discussion, for sure).
In the final step newer Mastodon releases should block very outdated versions of Mastodon. For the small sites using outdated versions this might be not an issue at all as I assume they don't federate much anymore with other active users on active sites.

Now, for the example of Pawoo, if the threat of being kicked out of federation in newer versions would have the result of more active moderation and active maintenance of the site, then everyone wins from this. And this is good for the Fediverse and Mastodon in the end.
Gargron requires admins to adhere to some basic prinicipals to include them on joinmastodon.org (see https://joinmastodon.org/covenant ). Actively maintaining the software and servers on the Internet should be a basic rule in general, so I wonder why this is an issue at all to block very outdated servers. At least give the admin of the site the choice to block them.

How would you react to a an open, unmaintained mail server allowing spamming you and your users? You would block it, preventing it sending even more spam to your users.

I already do this. I can already suspend federation with an individual server for any reason I choose.

In general, I don't think it's good practice to conflate "I wish I had an automated tool that would perform an admin policy I want to enforce" with a tool that will force those policies on everyone else on the network, and I don't think forced autoblocking of servers running older (or other or customized) software is going to add much to the fediverse as a whole.

If something like this is widely needed by Mastodon servers (it's not on mine), it would be better as an option in the admin interface that you could toggle to restrict federation on your own server to only allow federation with servers running the current Mastodon release, rather than something hardcoded in that would restrict federation for everyone running current Mastodon. If Mastodon was only able to federate with other (current revision) Mastodon servers, it would lose a lot of value for me and the inclusion of this feature would be a strong argument _against_ upgrading.

I also don't think it's reasonable to expect Mastodon developers to spend their time policing all the software used on the fediverse and decide what is and isn't whitelisted for federation, which is what would have to happen in order to not autoblock every non-Mastodon server.

ETA: I know they're controversial, but spam from insecure servers is an ideal use case for shared blacklist/greylist/whitelist functionality. Like with mail servers.