Bulk edits generate normal notifications, mail, webhooks, etc. However, since you can "bulk edit" a single task, it's a policy issue to just add a [√] Don't tell anyone I did this. checkbox, since an attacker could use it to act in a significantly more stealthy way than they otherwise could.
Since there are some permissions around this already we could maybe add such a checkbox eventually, e.g., maybe after T9515 when you could apply an "M-of-N" requirement to it.
For now, a reasonable compromise is to build the backend support and put the UI on the CLI for the moment, basically:
$ ./bin/bulk make-silent --id <bulk-job-id>
...or similar. That addresses a reasonable set of practical needs today and builds us toward a more complete solution in the future without creating any policy peril.
We already have this capability, broadly, in phabricator.silent, which we use to silence test instance in the Phacility cluster. I plan to:
- Deprecate and disable setDisableEmail(), a similar legacy option used only by differential.createcomment. This is policy-violating and was historically used to post build status, which can now go through Harbormaster.
- Provide a similar flag on TransactionEditor to act silently.
- Have phabricator.silent and this new flag share code from there.
- Add a flag to the bulk job thing to set this on the editor, then put a management flow for it in the CLI utils.