See PHI873, which opens a discussion around broader authentication and signatures.
See PHI911, which discusses an unintuitive resign-after-reject behavior.
See PHI857, which wants support for serial queues in repository operations.
---
// oof my bones //
I'd like to prevent passwords where the password is a substring of any account or install identifier, or vice versa. (For example, if your username is `alincoln`, passwords `alincoln`, `lincoln`, and `alincoln1` would not be permitted.) This is primarily to stop occasional reports from HackerOne that this is a critical security issue. I don't think we can really stop determined users from selecting horrendous passwords or, say, tweeting their passwords, but we can stop researchers from reporting it.
See PHI944, which has another large diff that's causing import problems.
See PHI948, which reports some especially bad/confusing timeout behavior from Macros.
See PHI939, which has a major aesthetic upgrade.
See PHI943 and PHI889. One primitive we should clearly build in the short term is an intracluster sync log, since it would likely have helped with about 5 different issues by now. This log should, particularly, make fetch failures during sync more clear.
See PHI943. The `bin/repository thaw --promote` operation and/or the version bumping after a write can currently misbehave in the presence of disabled nodes with larger versions. When we increment the version, we should bump it past the largest version of any node, not just any enabled node.
See PHI951. Beyond introducing a sync log, we should tighten up the timing reported by the existing pull/push logs. Notably, `hookTime` (time spent in commit hooks) and `subprocessTime` (time spent running the `git`/`hg`/etc subprocess) would have been useful in investigating this issue.
See PHI947, which would like a Herald filter which excludes personal rules owned by disabled users (these rules do not actually run, but appear in the "Active" list, which is misleading).
See PHI959, et al. We could easily add an `asChunks(...)` primitive to LiskMigrationIterator to give these kinds of migrations a ~100x boost, since they tend to be limited by per-query `INSERT` overhead (e.g., network round trip cost).
See PHI976, which is T8440.
See PHI977, which reports an overflow issue with hovercards that reference objects with long names.
See PHI970, which identifies an issue with `containerPHID` not being populated correctly on a subset of buildables.
See PHI958, which refines `diffusion.branchquery`.
See PHI975, which raises an issue with "Submit Quietly" button text in Differential being misleading when "Request Review" is in your action stack.
See PHI943. The UI for managing cluster storage doesn't visually scale very well when you have a larger number of disabled nodes. At a minimum, better sorting would be helpful.
See PHI885, which requests timeouts on `git fetch` during working copy construction.
See PHI980, which wants configurable permissions for creating custom forms.
See PHI916. When resolving futures during builds, we should close connections if we believe we're going to be sitting there for a while.
See PHI916. T11908 should move forward to the "migrate 700 callsites" stage, at least.
See PHI984, which wants `identifiers` for `diffusion.commit.search`.
See PHI908 (et al?) which would like a maximum filesize limit for hosted repositories.