@julian said in Software version in nodeinfo: The other line of thinking is that relying on security by obscurity is fallacious, but since it's only one facet of a broader security posture (the rest of it being keeping up with updates, writing as secure code as you can, reporting/bounty systems, audits, etc.), I honestly don't see a problem with transmitting as little information as I can. The only thing in all of this that is relevant to the software operator (i.e. not nodebb developers but those using it as self-hosting) is tracking updates and applying them quickly, so I'm against exposing the version number in a way that would allow bots to easily identify which nodebb installations around the world are still vulnerable