We should abandon this revision as secure has already updated their pem - see https://lch.lcdevops.com/rLCARCANIST13d3a3c3b100979c34dda261fe21253e3571bc46

• ran arc liberate

Here is the commit that introduced this

This looks pretty great! - I think T15030 is the general covering task for Extensions

I can confirm as well that I have never received an email from phorge / phabricator on my email which isn't "outlook.com" but is an office 365 email account

This is what the README says - And maybe we should remove support for the default.pem altogether? (But, possibly leave support for custom.pem)

Adding for refs https://discourse.phabricator-community.org/t/arc-blind-trusting-domains-and-cert-errors/4980/4

I would use arc diff

@Labricator Could you propose and submit a revision?

I feel like this is a good change. I do not see any security vulnerabilities that could be introduced by this..

In T15006#1429, @speck wrote:

I can provide more information later this weekend but I think it would help if we set up a virtual meeting with anyone interested in helping to get this done.

Yes - I could have some availability - Normally evenings (US Central Time) -

@speck What can I help with here? - Are we waiting on upstream for anything currently?

Could you describe in more detail what this change is doing? - Because I am not familiar with celerity, I did read through https://secure.phabricator.com/book/phabdev/article/celerity/ for some background.

@Leon95 - I think this revision will be approved with just including the webkit alternate -

In D25015#826, @speck wrote:

I think that makes sense. Could you make a task to address this so we don’t lose track of it? Then let’s get this landed.

In D25023#827, @speck wrote:

Because of security issues related to this I’d like to have a verification of this type of change since this inherently defines the trust used by arc.

Maybe 2 core members independently verify the these certificate changes? Is there an fast way to verify the individual certs changed here?

Things seem wildly inconsistent for this particular css string https://we.phorge.it/source/phorge/browse/master/?grep=user-select

In D25022#774, @bekay wrote:

Then maybe just show the monogram when logged in.

I feel like we should move translation to a new revision, so we can move forward with this one.

I tested this revision on Edge just to make sure there were no negative side effects - No issues to report.

I am not seeing this behavior. (Using Edge)

This is a duplicate of T15051 and potentially solved with D25023

In D25022#768, @speck wrote:

Thinking about this a little more it could be intentional for these to not have monograms displayed in the page title. Tasks, Revisions, etc. are more meant to be directed to internal users of the system while Phame blog posts may also be directed to external users where a monogram might be more confusing. What do you think?

Referencing this "short" discussion that I remember from Discourse

Is it possible to pick a branching off point?

Isn't Centos End of Life soon?

The Herald rule should be project specific. If X happens then move task to Project->Column

I think both solutions work well

There's also the point of users being used to arc land pushing code from their machine, so switching its behavior to delivering different code could have adverse UX.

diff breaks master after rebase

@speck A possible path forward here - We will end up with new revisions, but that is good!

D25012 solves it, but I wonder if we should just exclude it from the "type": "text" linters

We could move this from the global exclude to just the specific linters (like the txt linter, etc.) - That would be a reasonable request

In T15021#564, @avivey wrote:

There might be a way to explicitly define it as generated, which (used to) exclude it from lint.

In D25002#410, @avivey wrote:

Could we...

What can I do to Help? -

A few final thoughts here as well

I second everything @speck says here.

Cool script @avivey! - I ran it (see P2) and see that we have a large task at hand...

I feel we should revert this change from master and back into a revision

I have a lot of concerns about what is happening with these Harbormaster updates. I believe them to be good strategy, and should be welcomed, however..............

T15011 discusses some of this...

In T15014#446, @speck wrote:

I created Release Process in our internals wiki to start the documentation on what the release process would look like, based on some of those commented. As we flesh out the plan I’d like to update that.

One thing to consider are installs where the database is being queried outside of Phabricator - anyone doing data analytics or other tooling that interacts with the database directly would be affected by this change.

In D25006#220, @deadalnix wrote:

My only concern here is that technically this introduces issues for any user install that already contains an untracked package support/aphlict/server/package-lock.json

hmm - I cannot land this revision?

Will need this accepted again by Blessed Committers

Updating revision

In D25004#152, @deadalnix wrote:

Without package-lock.json, it is not possible to deploy a consistent set of dependencies resolution - they might change any time any one publishes a new package, which creates a lot of problems for reproducibility.

Test and Lint coverage?

In D25003#134, @speck wrote:

@Ekubischta it looks like @chris added you - could you verify your email? I'm also thinking anyone in the "security" or "blessed" groups should turn on MFA as well.

@speck @avivey Can you add me as a Blessed Committers ??

What happens if

Refs the discussion here T15011#386 and Aphlict

In T15011#390, @speck wrote:

The documentation for installing Aphlict instructs you to npm install ws in the support/aphlict/server/ folder but it looks since that documentation was written newer versions of node/npm will write out package-lock.json which the repository is not setup to ignore. We'll need to add that file to the .gitignore file I think.

In D25003#88, @speck wrote:

This and D25001: T15006: Update .arcconfig to point to we.phorge.it are duplicates. I tried to land it this morning but ran into issues with the land process that I didn't have time to work out