Fix line length
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Apr 24 2022
celerity map
Does anyone else feel that this is not a good idea? Seems like the consensus here is that it's at least acceptable if not desirable to have.
I did a bit of digging through the source code and it looks like tokens are implemented in an incredibly generic way, such that it wouldn't be at all difficult to add tokens to comments. I think the hardest part will be integrating it with the UI.
In T15090#2141, @avivey wrote:In T15090#2123, @Matthew wrote:@avivey Would it make sense to add a public announcement to Diviner or Phiction? Or perhaps we use Phame for this use case (Create a "Security Incidents" blog)? I always think of a task as an actionable item, whereas we would want this to exist forever.
Yes, probably. "Announcements"-style thing
Apr 22 2022
@speck Would it be totally unreasonable to instead do:
Apr 20 2022
As of right now, we have made no changes to the database and other "internals" - our work has been focused on rebranding as "Phabricator" is a trademarked name. For this reason, a rough migration path would be to check out the master branch of rP, copy the config directory from Phabricator to Phorge, and then point Phorge to your Phabricator database. I have tested it myself locally and it appears to work, however; if you have any issues feel free to ask a question on Ponder here and we can get back to you!
translations,The rebranding approach of changing the pht() keys will invalidate a lot of existing translations. Investigate if there are ways to avoid this.
We are now at a decision point where we either install Phorge from Scratch or migrate Phabricator to Phorge.
There is quite a bit of text that is setup like this:
pht( 'blah blah blah %s blah blah'. 'blah blah Phabricator blah %s'. 'blah blah.', $var1, $var2);
Created {D25036}
Apr 19 2022
This is a direct result of T15090: CVE-2022-24765 - Multi-user Git Privilege Escalation - confirmed in the Nginx error logs:
STDERR fatal: unsafe repository ('/var/repo/1' is owned by someone else) To add an exception for this directory, call:
As I started to thinking about the script to process the pht() files, it hit me that converting something something like:
FYI, it seemed that the issue with the wiki preview loading may be been related to tagging names... if the tags are removed, the preview loads
Hmm, possibly depending on how it's hosted? What I saw when that CVE was announced on a local instance and on secure. was like the below screenshot, where the repo page was still visible but file structure and recent commits were b0rked:
Related to T15090: CVE-2022-24765 - Multi-user Git Privilege Escalation perhaps? Revisions are stored in the database that's why they're viewable, but the main repository page requires a call to git.
@dtf I've added you to the Trusted Contributors project, so you should be able to edit the page now.
(I am unable to edit the document directly, would someone with the right permissions mind adding this to the agenda please?)
Apr 18 2022
In T15090#2123, @Matthew wrote:
That's intentional (upstream) because it's very hard to make any actual attack with this information can't be made without it.
Apr 17 2022
Note: reporter exploited without permission
Apr 16 2022
In T15090#2127, @Matthew wrote:In T15090#2126, @golyalpha wrote:apparently, Ubuntu maintainers have backported a patch for the older version of git in 20.04 LTS, downgrading to version 1:2.25.1-1ubuntu3 seems to be a temporary workaround, losing the following patches:
I don't think having people downgrade is a good idea. I think we should probably cherry-pick Evan's fix from upstream into the phorge codebase.
Apr 15 2022
In T15090#2126, @golyalpha wrote:apparently, Ubuntu maintainers have backported a patch for the older version of git in 20.04 LTS, downgrading to version 1:2.25.1-1ubuntu3 seems to be a temporary workaround, losing the following patches:
ahh, I was wondering why my Phorge install suddenly broke - seems to be the case here too
Apr 14 2022
We need to cherry-pick and import the changes Evan made into the Phorge repository as well...
Apr 13 2022
err, I was trying to put it out as a Security PSA, so I clicked "Create security task" which I guess is the opposite of a PSA...
Apr 11 2022
I'm setting the "Moderate" policy on Ponder to Trusted Contributors and I'll add a link to Ponder from the default home page.
Apr 9 2022
Some initial findings on Rector...
Apr 6 2022
Apr 5 2022
As discussed in {E2}, we might add temporary banners to Diviner to state that we are rebranding. This would allow some time for us to handle the code rebrand and address the underlying Diviner issues before we edit everything twice.
As discussed in {E2}, we will be implementing this to control spam for now. If this doesn't work, we will revisit this discussion.
In T15012#1283, @MacFan4000 wrote:I will note that also the tech docs aren’t fully generated since there should be docs for most of the phorge/phabricator classes. Also the arcanist docs aren’t generated at all.
Apr 4 2022
Alright, I've just went through a similar process - they apparently have changed their process a little but there still is a form to fill out: https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wfname=capsub&productkey=edfsmsbl3 (you need a Microsoft Account to fill it out, but they'll contact you on the contact email you give in the form)
Apr 3 2022
Apr 2 2022
Apr 1 2022
Reordering milestones is convenient when you want to treat milestones as workflow steps rather than sequential numerical versions.
Mar 31 2022
In T15082#2028, @golyalpha wrote:epriestley was very much against this idea but wikimedia's users loved it.
Do we have epristley's reasoning as to why he was against this? Might help in deciding about including this patch in Phorge.