• Wordsmithing: the query is "LOCAL INFILE", not "INFILE LOCAL".

• Wordsmithing, the query is "LOCAL INFILE", not "INFILE LOCAL".

• I don't think MYSQLI_OPT_LOCAL_INFILE ever does anything, anywhere, ever.
• Since I think I have a plausible explanation that this is a simple bug (value gets overwritten by config value) with at least a tiny bit of supporting evidence, and it's reasonable to imagine it may be fixed in some future version of PHP/MySQLi, leave the call in anyway.
• Just document what's going on here more clearly.

Maybe another point in favor of this claim is that the option does not work is the behavior of this:

I think that maybe mysql_nonapi.c just overrides the conn->options() call? Near line 269 of PHP 7.2.3:

I can't get MYSQLI_OPT_LOCAL_INFILE to work on secure, either. I tried on secure001 and secure004 (where the database is not local). As far as I can tell, this option doesn't do anything, anywhere, ever? I'm going to look at the source and see if I can figure out what's going on, but I'll back it out of D19998 if I can't find some evidence that it's useful.

I'm unable to get the MySQLi option MYSQLI_OPT_LOCAL_INFILE to actually work. Here's the script I'm using:

It looks like we don't need to do anything about mysql on the CLI since this option is, thankfully, not enabled by default:

I changed course a bit here, let me know if this feels like we're on firmer ground?

They should [disable instead of delete], and I agree with your list of advantages ... I'll either do this in a followup or file a task for it depending on how ambitious I'm feeling.

• Keep --type with the current meaning: --type sms means "every SMS config, regardless of provider".
• Add --provider so you can kill one of your Duo providers or something, in a very complex world where your MFA setup is a big mess.
• Keep bin/auth list-factors, which spits out sms, totp, etc.
• Add bin/auth list-mfa-providers, which spits out PHID-FPRV-xxx Duo (Ops, DEPRECATED DO NOT USE), etc.

My naive suggestion is to make providers provider a "shortname" like sms, totp, etc, but I'm sure there's an obvious reason not to do that.

• When the mail body has a global default, make the reminder text link to it.

• Provide a hint that the way out for legitimate users is to do a password reset.

someone who hates dogs

I'm really going to miss this code:

I ran a query against a subset of instances to see if any instances had configured metamta.*.subject-prefix options.

When the time comes, this should almost certainly also handle contact numbers for non-email media (T920 / D19988).

• "Them email" may not be entirely grammatical.

• Use "Source" over "Target".

I'll probably hold this until after the release cut -- we have a lot of stuff in queue and the bug this fixes is very small/rare, I just have a personal vendetta against it.

Another possible thing is that sessions are long-lived and you only get force-MFA-gated at login, so an administrator might reconfigure MFA, think all the users are on the new stuff, and then learn that they a bunch weren't actually forced to switch to Duo or whatever yet since they're still on old sessions.

• Correct "factors types".

These answers are somewhat-theory for now since you can't actually disable providers yet, but:

Oh, I totally missed that feedback, I'll followup.

Some additional context -- normally, when we apply a transaction, we populate only the "new" value. So we pass an object like this into the Editor: