see the title. running the federation tester at https://federationtester.matrix.org on librem.one and looking at the json report says the matrix server is synapse version 1.66.0. at Information for Matrix Users - Public Matrix Homeserver List it says that any version of synapse less than 1.85.0 is “vulnerable” (has known vulnerabilities) and that having such an old server version is a warning sign that the server maintainers are likely “not keeping up with maintenance”.
what’s up here?
i’m looking to start using matrix and have seen recommendations to avoid matrix.org for my homeserver for my matrix ID for a number of reasons. for me the biggest reason is simply that this goes against the idea of federation and decentralization. so i thought, don’t i have a matrix ID already with my librem.one account? it turns out i do have one. surely i trust the motives of the operators of this server? however, the data i report above seems to argue against trusting their technical competence.
what matrix ID homeserver do other folks here use? how did you decide?
(yes, i am aware of the work on p2p matrix and that it would pretty much abolish any issues of what homeserver to trust. it might be a while before that actually works well enough, and @matthew recently posted elsewhere that it (and several other very nice projects) was at the moment not prioritized due to not enough funding.)