WMF is interested in allowing users to use arc diff to update a revision they don't own. Currently, this fails with an error:
You don't own revision "Dxxx: Embiggen Security", You can only update revisions you own. You can "Commandeer" this revision from the web interface if you want to become the owner.
This operation is also soft-prevented in the web UI: users aren't given an option to update revisions they don't own. It isn't technically prevented, but can't be accomplished without, e.g., editing the DOM nodes in the page.
See also this discussion downstream: https://phabricator.wikimedia.org/T121751
D15468 proposes an approach which adds an option to arc (diff.amend-without-commandeer) to disable this prompt and allow the process to move forward.
From a technical point of view, I don't want to add a client-side option for two reasons:
- I generally want to avoid adding options except as a last resort where we have no alternatives (see T8227).
- I want the CLI and web UI to have the same behavior, and this isn't possible if a client-side flag controls some of the CLI behavior.
A similar behavior which avoids these issues and would be more upstreamable from a product perspective is to change the hard error in the client to a prompt ("Are you sure you want to update a revision you don't own?"), and likewise allow but confirm the behavior in the web UI. Then the workflows would be the same, this would become possible, and we wouldn't need options.
However, I think this behavior is a very bad one, and I'm quite hesitant to upstream it. I'd prefer to go the other way: put technical checks in place to prevent this, so clients can not do this. I'll discuss this below.