Change Details

See PHI873, which opens a discussion around broader authentication and signatures. See PHI947, which would like a Herald filter which excludes personal rules owned by disabled users (these rules do not actually run, but appear in the "Active" list, which is misleading). See PHI958, which refines `diffusion.branchquery`. I'd like to prevent passwords where the password is a substring of any account or install identifier, or vice versa. (For example, if your username is `alincoln`, passwords `alincoln`, `lincoln`, and `alincoln1` would not be permitted.) This is primarily to stop occasional reports from HackerOne that this is a critical security issue. I don't think we can really stop determined users from selecting horrendous passwords or, say, tweeting their passwords, but we can stop researchers from reporting it. See T13215, which might be nice to take a look at since it's probably not terribly difficult. See PHI944, which has another large diff that's causing import problems. See PHI948, which reports some especially bad/confusing timeout behavior from Macros. See PHI911, which discusses an unintuitive resign-after-reject behavior. **Harbormaster** (NOTE) See Also: T13088 See PHI929, which requests that we actually use `arc.staging` in describing staging ref locations. Perhaps, see also T10093. See PHI927, which would like Harbormaster to have access to the `arc:onto` target branch. See PHI933, which requests "Author" for build plans and an "Author" object policy. But a more clever approach is a "Current Viewer" policy which automatically turns into a concrete policy when saved. **Drydock** (NOTE) See Also: T13073 See PHI885, which requests timeouts on `git fetch` during working copy construction. See PHI857, which wants support for serial queues in repository operations. **Repositories** See PHI943 and PHI889. One primitive we should clearly build in the short term is an intracluster sync log, since it would likely have helped with about 5 different issues by now. This log should, particularly, make fetch failures during sync more clear. See PHI930, which is approximately T10964. See PHI943. The `bin/repository thaw --promote` operation and/or the version bumping after a write can currently misbehave in the presence of disabled nodes with larger versions. When we increment the version, we should bump it past the largest version of any node, not just any enabled node. See PHI951. Beyond introducing a sync log, we should tighten up the timing reported by the existing pull/push logs. Notably, `hookTime` (time spent in commit hooks) and `subprocessTime` (time spent running the `git`/`hg`/etc subprocess) would have been useful in investigating this issue. See PHI943. The UI for managing cluster storage doesn't visually scale very well when you have a larger number of disabled nodes. At a minimum, better sorting would be helpful. **Database Connections** See PHI916. When resolving futures during builds, we should close connections if we believe we're going to be sitting there for a while. See PHI916. T11908 should move forward to the "migrate 700 callsites" stage, at least. --- //Resolved-ish// See PHI806. This is a sensitive request with moderate urgency. See PHI937, which identifies an issue with `packages(project)`. See PHI944, where an unusually shaped change is requiring a very large amount of memory to parse. See PHI936. We could smooth out some language on the Workboards "Point Limit" field when `maniphest.points` is not configured. In PHI930, we uncovered a translation string issue: ``` ./bin/phd log --id X Usage Exception: [Invalid Translation!] The "en_US" language data offers variant translations for the plurality or gender of argument 1, but the value for that argument is not an integer, PhutilNumber, or PhutilPerson (it is a value of type "string"). Raw input: <No daemon(s) with id(s) "%s" exist!>. ``` See PHI943. We should verify the modern behavior of `PhabricatorGlobalLock` in the presence of `KILL <id>` on the `GET_LOCK()` connection. I believe it is clear and explicit after D19702, which made the `catch (...)` more narrowly scoped. See PHI904 for a Windows escaping mess. See PHI841, which includes a request for richer `transaction.search` results for audits. See PHI886, which has some more Java syntax highlighter escaping issues. **Drydock** (NOTE) See Also: T13073 See PHI570, which identifies some possible fundamental logic issues in Drydock. See T13212, which requests an additional filter on Drydock Lease searches. See PHI570, which asks questions about claims in T12145. See PHI917, which discusses an issue where disabling bindings in Almanac should knock out Host resources. See PHI755, which could use verification around WorkingCopy blueprint selection.

See PHI873, which opens a discussion around broader authentication and signatures. See PHI947, which would like a Herald filter which excludes personal rules owned by disabled users (these rules do not actually run, but appear in the "Active" list, which is misleading). See PHI958, which refines `diffusion.branchquery`. I'd like to prevent passwords where the password is a substring of any account or install identifier, or vice versa. (For example, if your username is `alincoln`, passwords `alincoln`, `lincoln`, and `alincoln1` would not be permitted.) This is primarily to stop occasional reports from HackerOne that this is a critical security issue. I don't think we can really stop determined users from selecting horrendous passwords or, say, tweeting their passwords, but we can stop researchers from reporting it. See T13215, which might be nice to take a look at since it's probably not terribly difficult. See PHI944, which has another large diff that's causing import problems. See PHI948, which reports some especially bad/confusing timeout behavior from Macros. See PHI911, which discusses an unintuitive resign-after-reject behavior. **Harbormaster** (NOTE) See Also: T13088 See PHI929, which requests that we actually use `arc.staging` in describing staging ref locations. Perhaps, see also T10093. See PHI927, which would like Harbormaster to have access to the `arc:onto` target branch. See PHI933, which requests "Author" for build plans and an "Author" object policy. But a more clever approach is a "Current Viewer" policy which automatically turns into a concrete policy when saved. **Drydock** (NOTE) See Also: T13073 See PHI885, which requests timeouts on `git fetch` during working copy construction. See PHI857, which wants support for serial queues in repository operations. **Repositories** See PHI943 and PHI889. One primitive we should clearly build in the short term is an intracluster sync log, since it would likely have helped with about 5 different issues by now. This log should, particularly, make fetch failures during sync more clear. See PHI930, which is approximately T10964. See PHI943. The `bin/repository thaw --promote` operation and/or the version bumping after a write can currently misbehave in the presence of disabled nodes with larger versions. When we increment the version, we should bump it past the largest version of any node, not just any enabled node. See PHI951. Beyond introducing a sync log, we should tighten up the timing reported by the existing pull/push logs. Notably, `hookTime` (time spent in commit hooks) and `subprocessTime` (time spent running the `git`/`hg`/etc subprocess) would have been useful in investigating this issue. See PHI943. The UI for managing cluster storage doesn't visually scale very well when you have a larger number of disabled nodes. At a minimum, better sorting would be helpful. See PHI908 (et al?) which would like a maximum filesize limit for hosted repositories. **Database Connections** See PHI916. When resolving futures during builds, we should close connections if we believe we're going to be sitting there for a while. See PHI916. T11908 should move forward to the "migrate 700 callsites" stage, at least. --- //Resolved-ish// See PHI806. This is a sensitive request with moderate urgency. See PHI937, which identifies an issue with `packages(project)`. See PHI944, where an unusually shaped change is requiring a very large amount of memory to parse. See PHI936. We could smooth out some language on the Workboards "Point Limit" field when `maniphest.points` is not configured. In PHI930, we uncovered a translation string issue: ``` ./bin/phd log --id X Usage Exception: [Invalid Translation!] The "en_US" language data offers variant translations for the plurality or gender of argument 1, but the value for that argument is not an integer, PhutilNumber, or PhutilPerson (it is a value of type "string"). Raw input: <No daemon(s) with id(s) "%s" exist!>. ``` See PHI943. We should verify the modern behavior of `PhabricatorGlobalLock` in the presence of `KILL <id>` on the `GET_LOCK()` connection. I believe it is clear and explicit after D19702, which made the `catch (...)` more narrowly scoped. See PHI904 for a Windows escaping mess. See PHI841, which includes a request for richer `transaction.search` results for audits. See PHI886, which has some more Java syntax highlighter escaping issues. **Drydock** (NOTE) See Also: T13073 See PHI570, which identifies some possible fundamental logic issues in Drydock. See T13212, which requests an additional filter on Drydock Lease searches. See PHI570, which asks questions about claims in T12145. See PHI917, which discusses an issue where disabling bindings in Almanac should knock out Host resources. See PHI755, which could use verification around WorkingCopy blueprint selection.

See PHI873, which opens a discussion around broader authentication and signatures. See PHI947, which would like a Herald filter which excludes personal rules owned by disabled users (these rules do not actually run, but appear in the "Active" list, which is misleading). See PHI958, which refines `diffusion.branchquery`. I'd like to prevent passwords where the password is a substring of any account or install identifier, or vice versa. (For example, if your username is `alincoln`, passwords `alincoln`, `lincoln`, and `alincoln1` would not be permitted.) This is primarily to stop occasional reports from HackerOne that this is a critical security issue. I don't think we can really stop determined users from selecting horrendous passwords or, say, tweeting their passwords, but we can stop researchers from reporting it. See T13215, which might be nice to take a look at since it's probably not terribly difficult. See PHI944, which has another large diff that's causing import problems. See PHI948, which reports some especially bad/confusing timeout behavior from Macros. See PHI911, which discusses an unintuitive resign-after-reject behavior. **Harbormaster** (NOTE) See Also: T13088 See PHI929, which requests that we actually use `arc.staging` in describing staging ref locations. Perhaps, see also T10093. See PHI927, which would like Harbormaster to have access to the `arc:onto` target branch. See PHI933, which requests "Author" for build plans and an "Author" object policy. But a more clever approach is a "Current Viewer" policy which automatically turns into a concrete policy when saved. **Drydock** (NOTE) See Also: T13073 See PHI885, which requests timeouts on `git fetch` during working copy construction. See PHI857, which wants support for serial queues in repository operations. **Repositories** See PHI943 and PHI889. One primitive we should clearly build in the short term is an intracluster sync log, since it would likely have helped with about 5 different issues by now. This log should, particularly, make fetch failures during sync more clear. See PHI930, which is approximately T10964. See PHI943. The `bin/repository thaw --promote` operation and/or the version bumping after a write can currently misbehave in the presence of disabled nodes with larger versions. When we increment the version, we should bump it past the largest version of any node, not just any enabled node. See PHI951. Beyond introducing a sync log, we should tighten up the timing reported by the existing pull/push logs. Notably, `hookTime` (time spent in commit hooks) and `subprocessTime` (time spent running the `git`/`hg`/etc subprocess) would have been useful in investigating this issue. See PHI943. The UI for managing cluster storage doesn't visually scale very well when you have a larger number of disabled nodes. At a minimum, better sorting would be helpful. See PHI908 (et al?) which would like a maximum filesize limit for hosted repositories. **Database Connections** See PHI916. When resolving futures during builds, we should close connections if we believe we're going to be sitting there for a while. See PHI916. T11908 should move forward to the "migrate 700 callsites" stage, at least. --- //Resolved-ish// See PHI806. This is a sensitive request with moderate urgency. See PHI937, which identifies an issue with `packages(project)`. See PHI944, where an unusually shaped change is requiring a very large amount of memory to parse. See PHI936. We could smooth out some language on the Workboards "Point Limit" field when `maniphest.points` is not configured. In PHI930, we uncovered a translation string issue: ``` ./bin/phd log --id X Usage Exception: [Invalid Translation!] The "en_US" language data offers variant translations for the plurality or gender of argument 1, but the value for that argument is not an integer, PhutilNumber, or PhutilPerson (it is a value of type "string"). Raw input: <No daemon(s) with id(s) "%s" exist!>. ``` See PHI943. We should verify the modern behavior of `PhabricatorGlobalLock` in the presence of `KILL <id>` on the `GET_LOCK()` connection. I believe it is clear and explicit after D19702, which made the `catch (...)` more narrowly scoped. See PHI904 for a Windows escaping mess. See PHI841, which includes a request for richer `transaction.search` results for audits. See PHI886, which has some more Java syntax highlighter escaping issues. **Drydock** (NOTE) See Also: T13073 See PHI570, which identifies some possible fundamental logic issues in Drydock. See T13212, which requests an additional filter on Drydock Lease searches. See PHI570, which asks questions about claims in T12145. See PHI917, which discusses an issue where disabling bindings in Almanac should knock out Host resources. See PHI755, which could use verification around WorkingCopy blueprint selection.