Adding for refs https://discourse.phabricator-community.org/t/arc-blind-trusting-domains-and-cert-errors/4980/4
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Oct 26 2021
Oct 25 2021
I would use arc diff
@Labricator Could you propose and submit a revision?
Oct 21 2021
I feel like this is a good change. I do not see any security vulnerabilities that could be introduced by this..
Oct 16 2021
In T15006#1429, @speck wrote:I can provide more information later this weekend but I think it would help if we set up a virtual meeting with anyone interested in helping to get this done.
Yes - I could have some availability - Normally evenings (US Central Time) -
Oct 15 2021
@speck What can I help with here? - Are we waiting on upstream for anything currently?
Oct 14 2021
Could you describe in more detail what this change is doing? - Because I am not familiar with celerity, I did read through https://secure.phabricator.com/book/phabdev/article/celerity/ for some background.
Oct 13 2021
@Leon95 - I think this revision will be approved with just including the webkit alternate -
In D25015#826, @speck wrote:I think that makes sense. Could you make a task to address this so we don’t lose track of it? Then let’s get this landed.
In D25023#827, @speck wrote:Because of security issues related to this I’d like to have a verification of this type of change since this inherently defines the trust used by arc.
Maybe 2 core members independently verify the these certificate changes? Is there an fast way to verify the individual certs changed here?
Things seem wildly inconsistent for this particular css string https://we.phorge.it/source/phorge/browse/master/?grep=user-select
In D25022#774, @bekay wrote:Then maybe just show the monogram when logged in.
I feel like we should move translation to a new revision, so we can move forward with this one.
I tested this revision on Edge just to make sure there were no negative side effects - No issues to report.
Oct 12 2021
Oct 11 2021
I am not seeing this behavior. (Using Edge)
Oct 6 2021
Oct 4 2021
Sep 30 2021
Sep 26 2021
In D25022#768, @speck wrote:Thinking about this a little more it could be intentional for these to not have monograms displayed in the page title. Tasks, Revisions, etc. are more meant to be directed to internal users of the system while Phame blog posts may also be directed to external users where a monogram might be more confusing. What do you think?
Sep 24 2021
Sep 23 2021
Referencing this "short" discussion that I remember from Discourse
Sep 22 2021
Is it possible to pick a branching off point?
Isn't Centos End of Life soon?
Sep 17 2021
The Herald rule should be project specific. If X happens then move task to Project->Column
Jul 26 2021
Jul 25 2021
Jul 7 2021
I think both solutions work well
Jun 29 2021
Jun 26 2021
There's also the point of users being used to arc land pushing code from their machine, so switching its behavior to delivering different code could have adverse UX.
diff breaks master after rebase
@speck A possible path forward here - We will end up with new revisions, but that is good!
Jun 25 2021
D25012 solves it, but I wonder if we should just exclude it from the "type": "text" linters
We could move this from the global exclude to just the specific linters (like the txt linter, etc.) - That would be a reasonable request
In T15021#564, @avivey wrote:There might be a way to explicitly define it as generated, which (used to) exclude it from lint.
In D25002#410, @avivey wrote:
Could we...
Jun 24 2021
What can I do to Help? -
A few final thoughts here as well
I second everything @speck says here.
Jun 23 2021
I feel we should revert this change from master and back into a revision
I have a lot of concerns about what is happening with these Harbormaster updates. I believe them to be good strategy, and should be welcomed, however..............
Jun 22 2021
T15011 discusses some of this...
Jun 21 2021
Jun 20 2021
In T15014#446, @speck wrote:I created Release Process in our internals wiki to start the documentation on what the release process would look like, based on some of those commented. As we flesh out the plan I’d like to update that.
One thing to consider are installs where the database is being queried outside of Phabricator - anyone doing data analytics or other tooling that interacts with the database directly would be affected by this change.
Jun 19 2021
In D25006#220, @deadalnix wrote:
My only concern here is that technically this introduces issues for any user install that already contains an untracked package support/aphlict/server/package-lock.json
hmm - I cannot land this revision?
Will need this accepted again by Blessed Committers
Updating revision
In D25004#152, @deadalnix wrote:Without package-lock.json, it is not possible to deploy a consistent set of dependencies resolution - they might change any time any one publishes a new package, which creates a lot of problems for reproducibility.
Test and Lint coverage?
In D25003#134, @speck wrote:@Ekubischta it looks like @chris added you - could you verify your email? I'm also thinking anyone in the "security" or "blessed" groups should turn on MFA as well.
Jun 18 2021
@speck @avivey Can you add me as a Blessed Committers ??
What happens if
Refs the discussion here T15011#386 and Aphlict
In T15011#390, @speck wrote:
The documentation for installing Aphlict instructs you to npm install ws in the support/aphlict/server/ folder but it looks since that documentation was written newer versions of node/npm will write out package-lock.json which the repository is not setup to ignore. We'll need to add that file to the .gitignore file I think.
This and D25001: T15006: Update .arcconfig to point to we.phorge.it are duplicates. I tried to land it this morning but ran into issues with the land process that I didn't have time to work out
A few things @willson556
In T15011#370, @willson556 wrote:I actually started on a VSCode Devcontainer based solution on my GitHub: https://github.com/willson556/phorge-devcontainer
It is working pretty well with notifications and repository hosting both configured out of the box. My only concern with the config at the moment is that it's very much setup for development -- we would want to clearly document that it is not to be used as a starting point for a production docker-compose setup!
Any feedback would be appreciated!
In T15011#363, @speck wrote:We should consider a Vagrantfile in place of docker containers. I think it will be more approachable to newcomers having a single VM with all the services/configurations setup compared to managing multiple containers.
Separately, developing on Windows has its own complications