I'd like to prevent passwords where the password is a substring of any account or install identifier, or vice versa. (For example, if your username is alincoln, passwords alincoln, lincoln, and alincoln1 would not be permitted.) This is primarily to stop occasional reports from HackerOne that this is a critical security issue. I don't think we can really stop determined users from selecting horrendous passwords or, say, tweeting their passwords, but we can stop researchers from reporting it.
See PHI944, which has another large diff that's causing import problems.
See PHI948, which reports some especially bad/confusing timeout behavior from Macros.
See PHI939, which has a major aesthetic upgrade.
See PHI943 and PHI889. One primitive we should clearly build in the short term is an intracluster sync log, since it would likely have helped with about 5 different issues by now. This log should, particularly, make fetch failures during sync more clear.
See PHI943. The bin/repository thaw --promote operation and/or the version bumping after a write can currently misbehave in the presence of disabled nodes with larger versions. When we increment the version, we should bump it past the largest version of any node, not just any enabled node.
See PHI951. Beyond introducing a sync log, we should tighten up the timing reported by the existing pull/push logs. Notably, hookTime (time spent in commit hooks) and subprocessTime (time spent running the git/hg/etc subprocess) would have been useful in investigating this issue.
See PHI947, which would like a Herald filter which excludes personal rules owned by disabled users (these rules do not actually run, but appear in the "Active" list, which is misleading).
See PHI959, et al. We could easily add an asChunks(...) primitive to LiskMigrationIterator to give these kinds of migrations a ~100x boost, since they tend to be limited by per-query INSERT overhead (e.g., network round trip cost).
See PHI977, which reports an overflow issue with hovercards that reference objects with long names.
See PHI970, which identifies an issue with containerPHID not being populated correctly on a subset of buildables.
See PHI958, which refines diffusion.branchquery.
See PHI975, which raises an issue with "Submit Quietly" button text in Differential being misleading when "Request Review" is in your action stack.
See PHI943. The UI for managing cluster storage doesn't visually scale very well when you have a larger number of disabled nodes. At a minimum, better sorting would be helpful.
See PHI885, which requests timeouts on git fetch during working copy construction.
See PHI980, which wants configurable permissions for creating custom forms.
See PHI916. When resolving futures during builds, we should close connections if we believe we're going to be sitting there for a while.
See PHI984, which wants identifiers for diffusion.commit.search.
See PHI908 (et al?) which would like a maximum filesize limit for hosted repositories and a maximum number of files a commit is permitted to touch.
See PHI911, which discusses an unintuitive resign-after-reject behavior.