PHI979 is a specific issue where we could use better instance controls (around worker count) in the short term. An alternative approach is to hard-coded if ($instance === 'X') { ... } for now. admin could also probably use more workers, I think we get saturated by backups occasionally.
See PHI857, which wants support for serial queues in repository operations.
See PHI989, which notes some consistency issues with certain datasource queries, particularly when some components are empty.
SSH key handling (mostly in T13123) is fairly ripe. Related are these HackerOne reports, which are primarily just informative, but solid reports:
- https://hackerone.com/reports/474897 - Weak SSH keys should be detected and rejected.
- https://hackerone.com/reports/475126 - The SSH key "comment" field is exposed via the API, but it turns out that a whole lot of users put their entire personal diary into the "comment" field of their "public" keys.
Phacility instances don't allow administrators to manage auth providers. This is good, but it also means that administrators can't manage MFA. We should either separate these permissions or maybe automatically create a TOTP MFA provider for now?
PHI985 would like smarter block boundary detection (T11738) and "click to expand block". T13161 should generally get at least an initial pass.
Change attributes (T784) could use a pass on at least the server side for PHI675, PHI1061, and the various other issues linked there.
PHI1121 wants user/project import/sync. This can at least be planned more cohesively.
PHI1118 hit an issue with "Audit Unreviewed Commits" not working as expected.
PHI1141 would like viability on T8092.
PHI1172 would like a revisit of "move project under another project", see T10350.
See PHI1231, which wants hacky/temporary access to Conduit coverage information until we find a way forward on T13125.
See PHI1276, which is interested in T11741 (removing the last remaining MyISAM stuff).
See PHI614, which likely has harbormaster.build.edit as a path forward, plus T13072.
See PHI1268, with a max-width / layout issue in Diffusion readme files.
See https://discourse.phabricator-community.org/t/query-for-differentials-with-no-reviewers/2751/, which requests "No Reviewers" in Differential.
When a Phriction document is created, the first email about it has both the published document content and a fully-green diff. This is redundant and not useful.
D20451 was incorrectly updated (with an empty diff) after being closed by the stable-promotion merge commit. This is not expected. [The "extra update" half of this is fixed; the "empty commit" part lives on in T7333.]
When an object is hard-locked, we should prevent edits to comments on that object.
See https://discourse.phabricator-community.org/t/fatal-error-in-pagination-in-drydock-resources-host-logs-all-logs/2735, which identifies a pagination error in Drydock.
See https://phabricator.wikimedia.org/T224133, which identifies a somewhat obscure mis-interaction between no-op transactions, comments, and "Sign with MFA".