Page MenuHomePhorge
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Sun, May 4

valerio.bozzolan added a parent task for T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns: T15938: Understand if Diffusion public identities could be used to expand Calendar invitees.
Sun, May 4, 08:17 · Spam mitigation, Diffusion, Security

Mar 30 2025

aklapper added a comment to D25926: Make Diffusion repository management accessible to logged-out users.
In D25926#25147, @Cigaryno wrote:

But so far this is nothing meant to be hidden from users who can't edit the repo.

Mar 30 2025, 20:52 · User-Cigaryno, Diffusion
Cigaryno added a comment to D25926: Make Diffusion repository management accessible to logged-out users.
In D25926#25145, @aklapper wrote:

Socially I remain unconvinced about use cases. Implications are for example exposing hidden (or internal?) URIs under URIs or "Working Copy Status" stuff under Basics to the public. I just so far do not think it's a good idea.

Mar 30 2025, 20:44 · User-Cigaryno, Diffusion
aklapper added a comment to D25926: Make Diffusion repository management accessible to logged-out users.

Tested this locally; technically it looks correct to me.

Mar 30 2025, 20:42 · User-Cigaryno, Diffusion
aklapper updated the test plan for D25926: Make Diffusion repository management accessible to logged-out users.
Mar 30 2025, 20:41 · User-Cigaryno, Diffusion

Mar 29 2025

Cigaryno added a comment to D25926: Make Diffusion repository management accessible to logged-out users.
In D25926#25064, @aklapper wrote:

What is there to "further review"? It's two lines...

Mar 29 2025, 10:58 · User-Cigaryno, Diffusion
aklapper added a comment to D25926: Make Diffusion repository management accessible to logged-out users.

What is there to "further review"? It's two lines...

Mar 29 2025, 10:12 · User-Cigaryno, Diffusion
Cigaryno added a comment to D25926: Make Diffusion repository management accessible to logged-out users.

Can this be further reviewed?

Mar 29 2025, 09:24 · User-Cigaryno, Diffusion

Mar 26 2025

aklapper added a comment to D25926: Make Diffusion repository management accessible to logged-out users.
In D25926#24899, @Cigaryno wrote:

robots.txt can have the solution for that (see below).
[...]
For search engines, the solution is to add this to robots.txt:

In theory yes if everyone behaved. In practice, robots.txt is ignored and LLM/AI crawlers are ruthless. (For example, GNOME GitLab admins recently installed Anubis to run background checks on your machine.)

Mar 26 2025, 13:02 · User-Cigaryno, Diffusion
Cigaryno updated the test plan for D25926: Make Diffusion repository management accessible to logged-out users.
Mar 26 2025, 12:44 · User-Cigaryno, Diffusion
Cigaryno added a comment to D25926: Make Diffusion repository management accessible to logged-out users.
In D25926#24898, @valerio.bozzolan wrote:
  • more search engine rabbit holes (but maybe not that bad)

robots.txt can have the solution for that (see below).

Mar 26 2025, 12:41 · User-Cigaryno, Diffusion
valerio.bozzolan added a comment to D25926: Make Diffusion repository management accessible to logged-out users.

Uhm. Good points:

Mar 26 2025, 12:30 · User-Cigaryno, Diffusion
Cigaryno added a comment to D25926: Make Diffusion repository management accessible to logged-out users.
In D25926#24895, @aklapper wrote:

Why would a logged-out user (who does not want to or cannot create an account) want to know about Repository management log or Repository limits? I don't see how that's their business (or interest)?

Mar 26 2025, 12:29 · User-Cigaryno, Diffusion
aklapper added a comment to D25926: Make Diffusion repository management accessible to logged-out users.

Why would a logged-out user (who does not want to or cannot create an account) want to know about Repository management log or Repository limits? I don't see how that's their business (or interest)?

Mar 26 2025, 11:58 · User-Cigaryno, Diffusion
Cigaryno updated the summary of D25926: Make Diffusion repository management accessible to logged-out users.
Mar 26 2025, 11:16 · User-Cigaryno, Diffusion
Cigaryno added a comment to D25926: Make Diffusion repository management accessible to logged-out users.
In D25926#24890, @avivey wrote:

There might be some security implications to this.
Why is this needed?

Mar 26 2025, 11:09 · User-Cigaryno, Diffusion
avivey added a comment to D25926: Make Diffusion repository management accessible to logged-out users.

There might be some security implications to this.
Why is this needed?

Mar 26 2025, 10:11 · User-Cigaryno, Diffusion
Cigaryno requested review of D25926: Make Diffusion repository management accessible to logged-out users.
Mar 26 2025, 09:20 · User-Cigaryno, Diffusion

Mar 22 2025

valerio.bozzolan resigned from D25738: Avoid RuntimeException on "Skip past this commit" when commit still importing.

Marking as "probably my previous block is now nonsense - but still not reviewed sorry" asd

Mar 22 2025, 22:38 · Diffusion

Mar 20 2025

Cigaryno added a project to T15664: Bug: Unable to add an empty repository to an owners package: Owners.
Mar 20 2025, 14:39 · Owners, Bug Reports, Diffusion

Mar 11 2025

Ekubischta closed T15742: When creating a Diffusion Repo, add helpful text to each field as Resolved by committing rP5bd99a394aed: Add instructions to Create Repository form fields for Callsign and Short Name.
Mar 11 2025, 13:12 · UX, Diffusion

Mar 3 2025

aklapper updated the diff for D25738: Avoid RuntimeException on "Skip past this commit" when commit still importing.

rebase

Mar 3 2025, 09:36 · Diffusion
aklapper planned changes to D25738: Avoid RuntimeException on "Skip past this commit" when commit still importing.
Mar 3 2025, 09:35 · Diffusion

Feb 27 2025

valerio.bozzolan added a comment to T15526: Diffusion: Description and tags are not shown.

OK lol no, this has nothing to do with D25898. Need another task for the "Missing input descriptions"

Feb 27 2025, 17:39 · Diffusion, Good Starter Task, UX

Feb 26 2025

Ekubischta added a revision to T15742: When creating a Diffusion Repo, add helpful text to each field: D25898: Add instructions to Create Repository form fields for Callsign and Short Name.
Feb 26 2025, 23:19 · UX, Diffusion
Ekubischta added a comment to T15742: When creating a Diffusion Repo, add helpful text to each field.
For later
Feb 26 2025, 22:54 · UX, Diffusion

Feb 16 2025

Cigaryno changed the visibility for Q160: Is it possible to delete repositories as normal user?.
Feb 16 2025, 20:00 · Diffusion

Jan 17 2025

Cigaryno closed Q109: Multiple commits in one Audit? as resolved.
Jan 17 2025, 11:02 · Diffusion, Differential

Jan 15 2025

Cigaryno added a project to T15924: Commit feed body: it should probably show (part of) commit body: Feed.
Jan 15 2025, 19:48 · Feed, Discussion Needed, Diffusion
Cigaryno added a project to T15265: Exception when importing Mercurial repository with non-UTF-8 characters in filenames: Bug Reports.
Jan 15 2025, 19:42 · Bug Reports, Diffusion
Cigaryno moved T15526: Diffusion: Description and tags are not shown from Backlog to User Experience on the Good Starter Task board.
Jan 15 2025, 19:27 · Diffusion, Good Starter Task, UX

Dec 31 2024

Cigaryno edited projects for T15526: Diffusion: Description and tags are not shown, added: Diffusion; removed Auth.
Dec 31 2024, 12:37 · Diffusion, Good Starter Task, UX

Dec 29 2024

Cigaryno moved T15924: Commit feed body: it should probably show (part of) commit body from Backlog to Discussion Needed on the Diffusion board.
Dec 29 2024, 17:36 · Feed, Discussion Needed, Diffusion
Cigaryno added a project to T15664: Bug: Unable to add an empty repository to an owners package: Bug Reports.
Dec 29 2024, 17:35 · Owners, Bug Reports, Diffusion
Cigaryno moved T15670: Diffusion repository commits: avoid to be a black hole for webcrawlers from Backlog to Discussion Needed on the Diffusion board.
Dec 29 2024, 17:34 · Diffusion, Discussion Needed
Cigaryno moved T15280: Herald object Diffusion Commit: allow to add a Tag from Backlog to Feature Requests on the Diffusion board.
Dec 29 2024, 17:33 · User-valerio.bozzolan, Herald, Diffusion
Cigaryno added a project to D25738: Avoid RuntimeException on "Skip past this commit" when commit still importing: Diffusion.
Dec 29 2024, 16:45 · Diffusion
Cigaryno added a project to D25457: Update diffusion browse to generate Table of Contents when viewed as remarkup: Diffusion.
Dec 29 2024, 16:13 · Diffusion

Dec 28 2024

Cigaryno moved T15491: Add config option for default branch name from Backlog to Feature Requests on the Diffusion board.
Dec 28 2024, 19:27 · Good Starter Task, Feature Requests, Diffusion
Cigaryno moved T15892: Post-Commit Audit review: authors cannot "Raise Concern" from Backlog to Bug Reports on the Diffusion board.
Dec 28 2024, 19:26 · Discussion Needed, Bug Reports, Diffusion
Cigaryno moved T15556: Improve Diffusion identity reassignment propagation from Backlog to Bug Reports on the Diffusion board.
Dec 28 2024, 19:26 · Bug Reports, Diffusion
Cigaryno moved T15533: Bug: Unhandled Exception ("Exception") - Diff Parse Exception: Expected '\ No newline at end of file'. from Backlog to Bug Reports on the Diffusion board.
Dec 28 2024, 19:26 · Localization, Bug Reports, Diffusion
Cigaryno moved T15453: Diffusion: Create Identity form is incomplete from Backlog to Bug Reports on the Diffusion board.
Dec 28 2024, 19:26 · Bug Reports, Diffusion
Cigaryno added a project to T15670: Diffusion repository commits: avoid to be a black hole for webcrawlers: Diffusion.
Dec 28 2024, 18:40 · Diffusion, Discussion Needed
Cigaryno edited Description on Diffusion.
Dec 28 2024, 18:39

Dec 26 2024

Cigaryno moved T15491: Add config option for default branch name from Backlog to Feature Requests on the Good Starter Task board.
Dec 26 2024, 09:10 · Good Starter Task, Feature Requests, Diffusion

Dec 19 2024

Cigaryno moved T15892: Post-Commit Audit review: authors cannot "Raise Concern" from Backlog to Bug Reports on the Discussion Needed board.
Dec 19 2024, 07:33 · Discussion Needed, Bug Reports, Diffusion

Dec 11 2024

valerio.bozzolan changed the visibility for T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.
Dec 11 2024, 08:31 · Spam mitigation, Diffusion, Security
valerio.bozzolan closed T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns as Resolved by committing rP7429da91d293: Repository Identity "Automatically Detected User": don't trust unverified emails.
Dec 11 2024, 08:31 · Spam mitigation, Diffusion, Security
valerio.bozzolan closed T15966: Fix unit test PhabricatorChangeParserTestCase::testSubversionPartialParser for non-English terminals as Resolved by committing rP14fcf61a1eee: Fix Diffusion commands in non-English environments.
Dec 11 2024, 07:33 · Bug Reports, User-valerio.bozzolan, Diffusion
speck added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

Let’s do it

Dec 11 2024, 02:22 · Spam mitigation, Diffusion, Security

Dec 10 2024

20after4 added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

If there are no objections I would be happy to accept the diff. @speck are your concerns addressed or should we continue discussion / consider other options?

Dec 10 2024, 18:15 · Spam mitigation, Diffusion, Security
20after4 added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.
In T15965#20144, @valerio.bozzolan wrote:

What is changing is, that unverified email will not match your unverified email as default, so that should need these 2 clicks manual configs (or, find a way to verify the email)

Dec 10 2024, 18:10 · Spam mitigation, Diffusion, Security
valerio.bozzolan added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

Yep, manually setting your unverified (and not verifiable) email would still be possible 👍 just two clicks are needed from this kind of pages:

Dec 10 2024, 17:29 · Spam mitigation, Diffusion, Security
20after4 added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

Another edge case: Most of my contributions to Phorge happened as part of my work for Wikimedia. Those commits are under an email address that I no longer have access to, since I am no longer employed at the Wikimedia Foundation.

Dec 10 2024, 16:47 · Spam mitigation, Diffusion, Security
valerio.bozzolan added a project to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns: Spam mitigation.
Dec 10 2024, 13:54 · Spam mitigation, Diffusion, Security

Dec 9 2024

valerio.bozzolan renamed T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns from Repository Identity: it reads unverified emails, with spam concerns to Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.
Dec 9 2024, 08:56 · Spam mitigation, Diffusion, Security
valerio.bozzolan added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

Take for example this commit that has a default (empty) identity:

Dec 9 2024, 08:04 · Spam mitigation, Diffusion, Security
avivey added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

"Steal credit" might actually lead to a real issue: If a new user can get themselves identified as an old, trusted, user based on commit history, their changes might not be checked as rigorously by the rest of the team - similar to the XZ Utils backdoor issue, only faster.

Dec 9 2024, 07:56 · Spam mitigation, Diffusion, Security
valerio.bozzolan added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

Limitation: to steal a commit identity, it must be the default. Sorry I forgot to say.

Dec 9 2024, 07:33 · Spam mitigation, Diffusion, Security

Dec 8 2024

valerio.bozzolan added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.
In T15965#20052, @speck wrote:

What can a malicious user accomplish by claiming unverified email for commits?

Dec 8 2024, 18:25 · Spam mitigation, Diffusion, Security

Dec 7 2024

speck added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

What can a malicious user accomplish by claiming unverified email for commits? The idea outlined here sounds right but I’d like to understand what potential harm could be done on its current state, and also whether there’s any legitimate use case for the current behavior.

Dec 7 2024, 16:10 · Spam mitigation, Diffusion, Security

Dec 5 2024

valerio.bozzolan moved T15966: Fix unit test PhabricatorChangeParserTestCase::testSubversionPartialParser for non-English terminals from Backlog to PingDeath 🌚 on the User-valerio.bozzolan board.
Dec 5 2024, 15:44 · Bug Reports, User-valerio.bozzolan, Diffusion
valerio.bozzolan added a revision to T15966: Fix unit test PhabricatorChangeParserTestCase::testSubversionPartialParser for non-English terminals: D25846: Fix Diffusion commands in non-English environments.
Dec 5 2024, 15:43 · Bug Reports, User-valerio.bozzolan, Diffusion
valerio.bozzolan created T15966: Fix unit test PhabricatorChangeParserTestCase::testSubversionPartialParser for non-English terminals.
Dec 5 2024, 15:34 · Bug Reports, User-valerio.bozzolan, Diffusion
valerio.bozzolan claimed T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.
Dec 5 2024, 10:09 · Spam mitigation, Diffusion, Security
valerio.bozzolan raised the priority of T15556: Improve Diffusion identity reassignment propagation from Low to Normal.
Dec 5 2024, 08:21 · Bug Reports, Diffusion

Dec 4 2024

valerio.bozzolan closed T15964: "Delete Repository" button: it's a bit scaring (always active) as Resolved by committing rP48fd3f1c40de: Delete Repository button: disable if not admin, but show popup to all.
Dec 4 2024, 06:52 · UX, Diffusion

Dec 2 2024

valerio.bozzolan added a revision to T15964: "Delete Repository" button: it's a bit scaring (always active): D25843: Delete Repository button: disable if not admin, but show popup to all.
Dec 2 2024, 20:19 · UX, Diffusion
valerio.bozzolan added a project to T15964: "Delete Repository" button: it's a bit scaring (always active): UX.
Dec 2 2024, 20:15 · UX, Diffusion
valerio.bozzolan created T15964: "Delete Repository" button: it's a bit scaring (always active).
Dec 2 2024, 20:13 · UX, Diffusion
valerio.bozzolan added a project to T15742: When creating a Diffusion Repo, add helpful text to each field: UX.
Dec 2 2024, 17:37 · UX, Diffusion
reet- closed Q160: Is it possible to delete repositories as normal user? as resolved.
Dec 2 2024, 11:54 · Diffusion
reet- edited projects for Q160: Is it possible to delete repositories as normal user?, added: Diffusion; removed Phorge.
Dec 2 2024, 10:42 · Diffusion

Oct 8 2024

fgaz created T15946: Support downloading a compressed working copy (tar/zip) of a repository at a specific ref (commit, branch, or tag).
Oct 8 2024, 17:14 · Diffusion, Phorge

Sep 20 2024

valerio.bozzolan closed T15489: Diffusion commit feed: avoid to repeat the commit message twice as Resolved by committing rP9acdd888930e: Diffusion commit feed: fix commit title repeated twice.
Sep 20 2024, 01:58 · UX, User-valerio.bozzolan, Diffusion
valerio.bozzolan closed T15489: Diffusion commit feed: avoid to repeat the commit message twice, a subtask of T15924: Commit feed body: it should probably show (part of) commit body, as Resolved.
Sep 20 2024, 01:58 · Feed, Discussion Needed, Diffusion

Sep 14 2024

valerio.bozzolan moved T15489: Diffusion commit feed: avoid to repeat the commit message twice from Code Sprint Candidate to PingDeath 🌚 on the User-valerio.bozzolan board.
Sep 14 2024, 14:16 · UX, User-valerio.bozzolan, Diffusion
valerio.bozzolan added a revision to T15489: Diffusion commit feed: avoid to repeat the commit message twice: D25824: Diffusion commit feed: fix commit title repeated twice.
Sep 14 2024, 14:11 · UX, User-valerio.bozzolan, Diffusion
valerio.bozzolan claimed T15489: Diffusion commit feed: avoid to repeat the commit message twice.
Sep 14 2024, 13:54 · UX, User-valerio.bozzolan, Diffusion

Aug 24 2024

valerio.bozzolan closed T15612: Missing "Authored on" commit date for Subversion commits as Resolved by committing rPb02615bd5027: Subversion: fix empty "Authored on" date on commit pages.
Aug 24 2024, 13:34 · User-valerio.bozzolan, Diffusion, Bug Reports

Aug 23 2024

aklapper renamed T15612: Missing "Authored on" commit date for Subversion commits from Missing subversion commit information to Missing "Authored on" commit date for Subversion commits.
Aug 23 2024, 18:30 · User-valerio.bozzolan, Diffusion, Bug Reports

Aug 21 2024

valerio.bozzolan added a subtask for T15924: Commit feed body: it should probably show (part of) commit body: T15489: Diffusion commit feed: avoid to repeat the commit message twice.
Aug 21 2024, 18:34 · Feed, Discussion Needed, Diffusion
valerio.bozzolan added a parent task for T15489: Diffusion commit feed: avoid to repeat the commit message twice: T15924: Commit feed body: it should probably show (part of) commit body.
Aug 21 2024, 18:34 · UX, User-valerio.bozzolan, Diffusion
valerio.bozzolan created T15924: Commit feed body: it should probably show (part of) commit body.
Aug 21 2024, 18:33 · Feed, Discussion Needed, Diffusion
valerio.bozzolan added a comment to T15489: Diffusion commit feed: avoid to repeat the commit message twice.

I personally prefer option 1, so, removing the duplicate body. So there is more creative space to then add a more useful body in the future.

Aug 21 2024, 18:25 · UX, User-valerio.bozzolan, Diffusion
valerio.bozzolan moved T15612: Missing "Authored on" commit date for Subversion commits from Backlog to PingDeath 🌚 on the User-valerio.bozzolan board.
Aug 21 2024, 13:33 · User-valerio.bozzolan, Diffusion, Bug Reports
valerio.bozzolan claimed T15612: Missing "Authored on" commit date for Subversion commits.
Aug 21 2024, 13:33 · User-valerio.bozzolan, Diffusion, Bug Reports
valerio.bozzolan added a revision to T15612: Missing "Authored on" commit date for Subversion commits: D25796: Subversion: fix empty "Authored on" date on commit pages.
Aug 21 2024, 13:33 · User-valerio.bozzolan, Diffusion, Bug Reports
valerio.bozzolan edited projects for T15612: Missing "Authored on" commit date for Subversion commits, added: Diffusion; removed Phorge.

This is becoming quite frustrating in my workplace in Torino. Let's start immersion mode.

Aug 21 2024, 13:29 · User-valerio.bozzolan, Diffusion, Bug Reports

Aug 9 2024

valerio.bozzolan moved T15256: Diffusion file: add a way to copy permalink from PingDeath 🌚 to Code Sprint Candidate on the User-valerio.bozzolan board.
Aug 9 2024, 20:49 · User-valerio.bozzolan, Diffusion

Aug 8 2024

valerio.bozzolan added a comment to T15909: Absence of "git-http-backend" in Debian default PATH.

At the moment we have a multi-thread command existence checker, and it early dies if a command is not existing.

Aug 8 2024, 16:41 · Diffusion
valerio.bozzolan created T15909: Absence of "git-http-backend" in Debian default PATH.
Aug 8 2024, 16:23 · Diffusion

Jul 24 2024

valerio.bozzolan created T15892: Post-Commit Audit review: authors cannot "Raise Concern".
Jul 24 2024, 09:27 · Discussion Needed, Bug Reports, Diffusion

Jun 8 2024

pppery added projects to T15790: Exception creating a "Diffusion Raw Commits" Dashboard query panel: Dashboards, Diffusion.
Jun 8 2024, 23:58 · Diffusion, Dashboards

May 10 2024

valerio.bozzolan added projects to T15453: Diffusion: Create Identity form is incomplete: Diffusion, Bug Reports.
May 10 2024, 05:38 · Bug Reports, Diffusion

Apr 3 2024

nicodoggie updated the question details for Q124: [bug] Diffusion Commit History CommandException on git 2.42.
Apr 3 2024, 08:57 · Diffusion
nicodoggie asked Q124: [bug] Diffusion Commit History CommandException on git 2.42.
Apr 3 2024, 08:54 · Diffusion

Apr 2 2024

bekay closed T15728: Repo home view and browse view share the same menu tab as Resolved by committing rPba835fe0eced: Seperate repository home and browse view in tab menu.
Apr 2 2024, 13:56 · Discussion Needed, Diffusion

Mar 1 2024

aklapper added a comment to T15664: Bug: Unable to add an empty repository to an owners package.

Cannot reproduce (or I misunderstand the steps):

  1. Created https://github.com/aklapper/emptyrepository for testing
  2. Went to phorge.localhost/diffusion/edit/form/default/?vcs=git and created emptyRepo.
  3. Went to http://phorge.localhost/diffusion/26/uri/edit/208/ and set URI's I/O Type to Read Only
  4. Went to http://phorge.localhost/diffusion/26/uri/edit/ and set URI to https://github.com/aklapper/emptyrepository and I/O Type to Mirror
  5. Went to http://phorge.localhost/owners/paths/1/ , edited/removed existing path by setting it to: Include R26 emptyRepo / , and clicked "Save Paths"
Mar 1 2024, 12:46 · Owners, Bug Reports, Diffusion
Next
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0