Page MenuHomePhabricator

Convert Mailing Lists into special users, similar to bot users
Closed, ResolvedPublic


See some discussion in T6367. Particularly after the introduction of Spaces (T8376), we need to start applying proper viewer-based policy checks to outbound email.

There is no way to policy check a mailing list, and all the options are bad:

  • Using the logged-out user will break mail for non-public installs, in the general case.
  • Using the omnipotent user will turn mailing lists into a gaping policy hole.
  • Using the actor will carry the issues in T6367 forward.

I think the cleanest solution here is to turn mailing lists into real users, similar to "Bot" users. These users would have all the restrictions that Bot users do, except that they would receive mail and they would be unable to use the Conduit API.

Then these users can be added to spaces and projects, included in policies, etc.

Some alternatives might be:

  • Generalize Viewer and let other objects be viewers: I think this is a grotesque amount of effort for basically no benefit.
  • Remove mailing lists entirely: I'd love to be able to do this but I think this functionality is important for too many installs.
  • Stop formally supporting them and offer some kind of hack-around: Arguable, but I think a reasonable hack-around is probably about the same amount of work as sort-of-reasonable support. Particularly, we need to provide a way to migrate, which is most of the work.

Related Objects

Event Timeline

epriestley claimed this task.
epriestley raised the priority of this task from to Normal.
epriestley updated the task description. (Show Details)
epriestley added projects: Mail, Mailing Lists.
epriestley merged a task: Restricted Maniphest Task.Jun 2 2015, 3:00 PM
epriestley merged a task: Restricted Maniphest Task.Jun 2 2015, 3:03 PM
epriestley added a subscriber: colegleason.
epriestley added a revision: Restricted Differential Revision.Jun 2 2015, 6:39 PM

D13124 shows up as Unknown Object (Differential Revision). for me. Something meta going on here?

It's in closed-source (Phacility) code, and makes the "import into" tools aware that they shouldn't try to import mailing lists.

(It's supposed to say "Restricted Revision" instead; there's a bug for that somewhere.)

I'm going to evaluate giving administrators access to the "Language" and "Email Preferences" panels if they aren't too much of a mess to implement the user/viewer split on, but I think that's all that remains here.

@epriestley the latter is particularly important for the FreeBSD case. Already users are getting annoyed at the sheer amount of email that phabricator generates, so having a way to minimize that for particular mailing lists would be great.

@klimek, heads up about these changes since I know you're a big mailing list user, too. I'll publish guidance for installs soon (likely in the "Upgrading" section of the weekly Changelog).

@epriestly - thx for the heads up. /me fears the next integrate ;)

(Note that this stuff isn't in HEAD yet, but will likely land today.)

See T8398 for any followup issues.