Beside !requiretty i've defined also umask settings to enforce group-readwriteability of repo files.

Defaults:www-user umask=007
Defaults:www-user umask_override

(for vcs-user too)

this still applies 2 years after sending a diff. is there missing something?

Accepting contributions isn't free to us. We bear the cost of testing, accepting, documenting, and providing lifetime support. See https://secure.phabricator.com/book/phabcontrib/article/contributing_code/ for more details.

If you don't plan to add it: just reject the task - no problem. I just wanted to let you guys no that there is a slightly more secure way of doing what you provide to all the novice users out there.

But leaving it open forever without requesting more information or whatever comments makes no sense to me.

I have no idea if we plan to add it or not. See Planning for how we prioritize time.

Unfortunately, Phabricator is managed by two unpaid developers and a backlog of thousands of tasks. We can only meaningfully move a handful forward each week. We have real, physical, limitations to covering every issue filed here, and we already do so for free. The downside to this is then some things take longer to address. If it's open in Maniphest, it will eventually be addressed. But overall we spend our time primarily on things we feel have the largest impact to the most users. Or money, we like money because it gives us healthcare.

so would you mind closing the task? I can't do it myself.