Change Details

PHI979 is a specific issue where we could use better instance controls (around worker count) in the short term. An alternative approach is to hard-coded `if ($instance === 'X') { ... }` for now. `admin` could also probably use more workers, I think we get saturated by backups occasionally. See PHI857, which wants support for serial queues in repository operations. See PHI989, which notes some consistency issues with certain datasource queries, particularly when some components are empty. SSH key handling (mostly in T13123) is fairly ripe. Related are these HackerOne reports, which are primarily just informative, but solid reports: - https://hackerone.com/reports/474897 - Weak SSH keys should be detected and rejected. - https://hackerone.com/reports/475126 - The SSH key "comment" field is exposed via the API, but it turns out that a whole lot of users put their entire personal diary into the "comment" field of their "public" keys. Phacility instances don't allow administrators to manage auth providers. This is good, but it also means that administrators can't manage MFA. We should either separate these permissions or maybe automatically create a TOTP MFA provider for now? PHI985 would like smarter block boundary detection (T11738) and "click to expand block". T13161 should generally get at least an initial pass. Change attributes (T784) could use a pass on at least the server side for PHI675, PHI1061, and the various other issues linked there. PHI1125 is hitting some issues with JIRA integration on a modern version of JIRA. PHI1127 has an instance rename request. We can likely ship instance renames in the next release.

PHI979 is a specific issue where we could use better instance controls (around worker count) in the short term. An alternative approach is to hard-coded `if ($instance === 'X') { ... }` for now. `admin` could also probably use more workers, I think we get saturated by backups occasionally. See PHI857, which wants support for serial queues in repository operations. See PHI989, which notes some consistency issues with certain datasource queries, particularly when some components are empty. SSH key handling (mostly in T13123) is fairly ripe. Related are these HackerOne reports, which are primarily just informative, but solid reports: - https://hackerone.com/reports/474897 - Weak SSH keys should be detected and rejected. - https://hackerone.com/reports/475126 - The SSH key "comment" field is exposed via the API, but it turns out that a whole lot of users put their entire personal diary into the "comment" field of their "public" keys. Phacility instances don't allow administrators to manage auth providers. This is good, but it also means that administrators can't manage MFA. We should either separate these permissions or maybe automatically create a TOTP MFA provider for now? PHI985 would like smarter block boundary detection (T11738) and "click to expand block". T13161 should generally get at least an initial pass. Change attributes (T784) could use a pass on at least the server side for PHI675, PHI1061, and the various other issues linked there. PHI1125 is hitting some issues with JIRA integration on a modern version of JIRA. PHI1127 has an instance rename request. We can likely ship instance renames in the next release. PHI1121 wants user/project import/sync. This can at least be planned more cohesively.

PHI979 is a specific issue where we could use better instance controls (around worker count) in the short term. An alternative approach is to hard-coded `if ($instance === 'X') { ... }` for now. `admin` could also probably use more workers, I think we get saturated by backups occasionally. See PHI857, which wants support for serial queues in repository operations. See PHI989, which notes some consistency issues with certain datasource queries, particularly when some components are empty. SSH key handling (mostly in T13123) is fairly ripe. Related are these HackerOne reports, which are primarily just informative, but solid reports: - https://hackerone.com/reports/474897 - Weak SSH keys should be detected and rejected. - https://hackerone.com/reports/475126 - The SSH key "comment" field is exposed via the API, but it turns out that a whole lot of users put their entire personal diary into the "comment" field of their "public" keys. Phacility instances don't allow administrators to manage auth providers. This is good, but it also means that administrators can't manage MFA. We should either separate these permissions or maybe automatically create a TOTP MFA provider for now? PHI985 would like smarter block boundary detection (T11738) and "click to expand block". T13161 should generally get at least an initial pass. Change attributes (T784) could use a pass on at least the server side for PHI675, PHI1061, and the various other issues linked there. PHI1125 is hitting some issues with JIRA integration on a modern version of JIRA. PHI1127 has an instance rename request. We can likely ship instance renames in the next release. PHI1121 wants user/project import/sync. This can at least be planned more cohesively.