Phorge

Public

• Join Room

Hi Phorge team, I'm having trouble verifying my email address. I get a message saying "Primary Email Unverified: Your primary email address is unverified. You will not be able to receive email until you verify it.", and when I click on the verify button on the email section of my profile settings I get a modal that asks "Send another copy of the verification email to $EMAIL?". Clicking "Send Email" on that modal doesn't seem to send me a verification email.

Sorry, looks like I had some mail config issues. Resolved now!

Do you happen to be using an Outlook email address? We’ve had issues with Outlook emails.

Not Outlook, but self-managed. PEBCAK error on my side.

There looks to be a 502 on the repository pages:

https://we.phorge.it/source/phorge/
https://we.phorge.it/source/arcanist/

Can still clone though

See T15090: CVE-2022-24765 - Multi-user Git Privilege Escalation

Ah thanks, got it ... So I have a branch locally called merging-upstream that I believe contains all the changes... What's a way to push it up?

I'm not sure actually... I believe the master branch is protected against direct pushes by H7 Guard Phorge Repo with Blessed Committers. @speck do you have any insight you can provide, as you did configure this rule?

Created this task to address: T15094: Catch up the master branch to upstream

I think the idea was to separate contributors allowing to land changes but not in the master/stable branches, allowing for further curation of the production branches

@dcog you also will need to update arcanist I think

@roguelazer Yep, I actually have that done as well... but will need a different strategy for presenting the changes for review and testing

Everytime I try to access a diffusion repo on this install I get 502 errors

Hey @MacFan4000, I raised a task (T15093: 502 Bad Gateway error when attempting to view repo info) which was closed in favour of T15090: CVE-2022-24765 - Multi-user Git Privilege Escalation. Seems related to underlying git config on Phorge's server.

FYI, after restarting the server on June 14, I forgot to restart the daemons, so there were no notifications and no feed updates until now.

Are we going to resolve these tasks:

We're actually pretty closed to completing T15006, and all the rest would be easier after that.

I'm going to update the server with lots of new commits and restart it now.

Ok, looks like it's up again - and the emails will not come from "Phorge" rather then "Phabricator" !

I am creating a Herald rule which auto-subscribe me to new tasks marked as High or Unbreak Now!.

@Cigaryno that file is restricted - can you make it visible/public please ?

@avivey Done

@Cigaryno thanks - these headers are a bit tricky to change, because people might be using them to filter emails. We'll have to think about a migration path for these things. It's mentioned in the fine-print of T15006.

Our first Phorge release has been created! See 2022 Week 37 for a list of changes, and see Blog Post: Going Public for information about our roadmap going forward.

FYI, the base changelog page at https://we.phorge.it/w/changelog/ still lists 2021 Week 99 (Future) instead of the new 2022 Week 37.

Fixed.

Should the 2021 at the top of the base changelog page be changed to 2022 as well?

Sure. It's September and my brain is still stuck in 2021....

No problem, thanks! :)

Can we add Google and/or GitHub as Auth providers?

I have a test dir for Phorge where I replaced ALL references to Phabricator with Phorge using the Find'nReplaceInFiles feature in my code editor. I maked sure to match the case and search for files named Phabricator to replace with Phorge.

Hello? :)

The visibility of O1: Blessed Committers is All Users, could Blessed Committers change it to public?

done

I will remove the Workboard and Subprojects tabs from Trusted Contributors because its a self-organizing group.

Can we split this room into general, support and requests rooms?

I don't think we have enough traffic for that yet.

I've created Object Name Prefixes / Monograms.

Could we change the default edit policy for Differential revisions to only allow its author and members for Trusted Contributors?

Please change the view policy for Security to public.

@Cigaryno - I've updated the view policy for Security.

I'm not sure if a default-edit-policy is even a thing in Differential? that sounds like a reasonable policy.

Yes, Maniphest supports using defualt edit policies. On this install, the good default edit policies for Maniphest and Differential is to only allow its author and members of Trusted Contributors.

hey! I can't find any info on installing this fork - the two links on the startpage give 404.

ah, you're right, these pages moved. I've updated the links.
The install guide is at https://we.phorge.it/book/phorge/article/installation_guide/ and the update-from-phabricator guide is at https://we.phorge.it/w/installation_and_setup/update_from_phabricator/ (We should add a link from the home page too).

I am changing the visibility of events to public. Also set the default view policy for events to public.

@Cigaryno Please don't. They include a link that could be used for spamming. We publish the meeting minutes publicly.

sure i will not

Could you undo the changes you made please?

yes

Thank you so much!

all changes were undone

Thank you!

Can we create a Maniphest form that will allow users to report bugs and then create a unique project for bug reports?

we talked about it, and for now we want users to use Ponder to ask questions, and if it's real bug, someone will make them "trusted contributor" or file the ticket directly.

Are we going to restrict the new security isssue form to members of Trusted Contributors?

When are we going to add OAuth providers?

The limit of the Latest Questions panel will be set to 5 to prevent flushing the homepage when there are a lot of questions.

Is it good to draft the starmap and then publish it once it is complete?

In the past, it was possible to format hyperlinks by surrounding the label with backtick characters:

Use [[ https://we.phorge.it/source/arcanist/ | `arc` ]] to create a Differential revision.

However

(Sorry, pressed the button precipitately.)

However, this functionality stopped working at some point after summer 2018; we only discovered it recently, after upgrading our instance.

~~ or ** can be used to format hyperlinks by surrounding the entire hyperlink, but backtick characters cannot work that way for obvious reasons.

- ~~[[ https://www.foo.bar | Scratched link ]]~~
- **[[ https://www.foo.bar | Bold link ]]**
- `[[ https://www.foo.bar | Fixed-width-font link ]]`  (not expected to work)
- [[ https://www.foo.bar | `Fixed-width-font link` ]]  (used to work in the past)

Output:

• Scratched link
• Bold link
• [[ https://www.foo.bar | Fixed-width-font link ]] (not expected to work)
• [[ https://www.foo.bar | Fixed-width-font link ]] (used to work in the past)

Questions:

• Is this a regression, or just undefined behavior that was never expected to work?
• Is it possible to use fixed-width fonts with hyperlinks in any other way?

I vaguely remember somebody talking about this "recently"...

Ok, so I've traced it to https://secure.phabricator.com/D20937 / https://hackerone.com/reports/758002

Thanks for looking into it. I'm inclined to agree; the name doesn't seem to be the problem, but the potential nested links. (Why wouldn't Evan spot that the label wasn't a problem, though.)

I filed a T15132 for this (and added you to Trusted Contributors)

Disable @jamesjoyce

Done.

Found spam by @johnmathew61, disable it.

Done, thanks.

Blessed Committers, please land D25058: Fix broken file PHID extraction that causes Pholio uploads to crash because I want to create a mock.