PHI979 is a specific issue where we could use better instance controls (around worker count) in the short term. An alternative approach is to hard-coded `if ($instance === 'X') { ... }` for now. `admin` could also probably use more workers, I think we get saturated by backups occasionally.
See PHI857, which wants support for serial queues in repository operations.
See PHI989, which notes some consistency issues with certain datasource queries, particularly when some components are empty.
SSH key handling (mostly in T13123) is fairly ripe. Related are these HackerOne reports, which are primarily just informative, but solid reports:
- https://hackerone.com/reports/474897 - Weak SSH keys should be detected and rejected.
- https://hackerone.com/reports/475126 - The SSH key "comment" field is exposed via the API, but it turns out that a whole lot of users put their entire personal diary into the "comment" field of their "public" keys.
Phacility instances don't allow administrators to manage auth providers. This is good, but it also means that administrators can't manage MFA. We should either separate these permissions or maybe automatically create a TOTP MFA provider for now?
PHI985 would like smarter block boundary detection (T11738) and "click to expand block". T13161 should generally get at least an initial pass.
Change attributes (T784) could use a pass on at least the server side for PHI675, PHI1061, and the various other issues linked there.
PHI1121 wants user/project import/sync. This can at least be planned more cohesively.
PHI1118 hit an issue with "Audit Unreviewed Commits" not working as expected.
PHI1141 would like viability on T8092.
PHI1172 would like a revisit of "move project under another project", see T10350.
D20451 was incorrectly updated (with an empty diff) after being closed by the `stable`-promotion merge commit. This is not expected.
When a Phriction document is created, the first email about it has both the published document content //and// a fully-green diff. This is redundant and not useful.
When an object is hard-locked, we should prevent edits to comments on that object.
See PHI1231, which wants hacky/temporary access to Conduit coverage information until we find a way forward on T13125.
See <https://discourse.phabricator-community.org/t/query-for-differentials-with-no-reviewers/2751/>, which requests "No Reviewers" in Differential.
See PHI1268, with a max-width / layout issue in Diffusion readme files.
See <https://discourse.phabricator-community.org/t/fatal-error-in-pagination-in-drydock-resources-host-logs-all-logs/2735>, which identifies a pagination error in Drydock.