[Feature] version property exposed on public_node

[marchrius]

This PR let a client retrieve the globaleaks version also from the /api/public endpoint

Before submitting a pull request, please ensure the following:

• The pull request includes a description of the problem you're trying to solve.
• The pull request provides an overview of the suggested solution.
• The proposed code is fully functional.
• The proposed code includes relevant tests to verify its functionality.
• All new and existing tests pass successfully.
• Overall code quality and test coverage metrics are not reduced by more than 0.5%

[evilaliv3]

Thank you @marchrius for this proposal.

May i ask you which is hte motivation of this implementation?

The reason why we are not exposing the the software version is the following.

Back in 2011 we used to expose the software version and a auditor advised to remove it.

We do not believe in security through obscurity and of course the version of the software can be discovered with fingerprinting technics but still we want to honor and respect the peer review received when lecit :)

[marchrius]

Hi @evilaliv3 , the explanation is simple. We have a small Globaleaks SDK which is implemented in our software. We need to know which version is running and compare it with remote available tags.

[evilaliv3]

Thank you @marchrius for the clarification.

I think for exposing a detail like this, that is sensible to security we might eventually need an other strategy and administrative API functionality because automating deployments does not justify lowering security.

If you like, please join us on community.globaleaks.org and if helpful you are invited to present your SDK in a next community call.