In T15043#1618, @20after4 wrote:

I didn't know columns could be deleted... I thought they were only ever hidden.

I didn't know columns could be deleted... I thought they were only ever hidden.

I'd definitely love to see this later. I MIGHT be able to get to this later.

In T15045#1613, @goddenrich wrote:

Is there an update on this? we would love to see this feature soon

Is there an update on this? we would love to see this feature soon

This looks pretty great! - I think T15030 is the general covering task for Extensions

Thanks -- I'm curious as to what makes this not particularly suitable for development, though?

Although there's merit to the "zero, one, infinity" rule, it might not be the best option here. If something goes wrong and $err happens to always be falsy, this will end up in an infinite loop instead of giving a clear error message. There is probably a reasonable finite value (that's greater than 4) which can be chosen as the limit to the number of attempts.

Thanks for the ping, @MacFan4000. I am in and out because this is my last full-time semester, but I do see the room and have been checking in on it.

We had a similar issue with Microsoft email on our own custom mail server. Microsoft delivers mail for several domains from the same email service, so this similarly affects email from outlook.com, hotmail.com, live.com and msn.com. See https://postmaster.live.com/pm/policies.aspx for details.

This is likely related more to the configuration of the email server. Outlook is very picky, and as far as I know, checks the headers for all of the following:

I can confirm as well that I have never received an email from phorge / phabricator on my email which isn't "outlook.com" but is an office 365 email account

Do you have any additional repro steps? Mail config will be specific to the Phab/Phorge install. If this is specific to our Phorge installation, yeah... it's sucky. We self-host our email server and that means we're subject to all of the arcane and mystic requirements there. As far as we can tell, it's set up as correctly as is possible (SPF, DKIM, DMARC all configured correctly; domain is old enough that it doesn't negatively impact our trust scores; etc.). (A current spam test result for reference.)

@valerio.bozzolan Fancy seeing you here. I'm Void from your phabricator instance.

In T15033#1512, @golyalpha wrote:

Yes, that's why I'm saying "yeah, great idea, let's do this, but let's also create a config toggle so that it can be disabled for people and orgs who don't need it".

Please revert this @chris

In T15033#1516, @gadgetsteve wrote:

@golyalpha As my current employer is one of the largish companies, (50,000+ international employees), but not primarily software focused we have all been given GDPR awareness training but do not have a general, all employees, GDPR statement available nor a standard text or set of texts to use.
When I was deploying a Phabricator instance I actually had to come up with the wording myself and then get it approved by the legal & compliance team - my biggest hurdle was convincing them of the required data retention period - they were much more used to systems such as payroll & HR where records are only retained for a fixed number of years after the period of employment as demanded by things like the local tax regulations and the idea that due to legal liability, etc., we needed to retain the information for the full life of the product being developed and possibly beyond if components were reused.

@dcog Just:

In T15033#1516, @gadgetsteve wrote:

@golyalpha As my current employer is one of the largish companies, (50,000+ international employees), but not primarily software focused we have all been given GDPR awareness training but do not have a general, all employees, GDPR statement available nor a standard text or set of texts to use.
When I was deploying a Phabricator instance I actually had to come up with the wording myself and then get it approved by the legal & compliance team - my biggest hurdle was convincing them of the required data retention period - they were much more used to systems such as payroll & HR where records are only retained for a fixed number of years after the period of employment as demanded by things like the local tax regulations and the idea that due to legal liability, etc., we needed to retain the information for the full life of the product being developed and possibly beyond if components were reused.

@golyalpha As my current employer is one of the largish companies, (50,000+ international employees), but not primarily software focused we have all been given GDPR awareness training but do not have a general, all employees, GDPR statement available nor a standard text or set of texts to use.
When I was deploying a Phabricator instance I actually had to come up with the wording myself and then get it approved by the legal & compliance team - my biggest hurdle was convincing them of the required data retention period - they were much more used to systems such as payroll & HR where records are only retained for a fixed number of years after the period of employment as demanded by things like the local tax regulations and the idea that due to legal liability, etc., we needed to retain the information for the full life of the product being developed and possibly beyond if components were reused.

I18n is also fairly important from the point of view that citizens in certain jurisdictions are basically legally immune against documents written in a language different from the official language of their jurisdiction, so, +1 on that.

Would it worth considering having multiple versions available with which is displayed determined by locale & language selection, (I18n & I10n). Then places with specific legislation could display the boilerplate or customised version and places without could, potentially, mention it with a link rather than having a specific sign-off and also linguistic problems could be addressed by the instance maintainer(s).

@Labricator Definitely - as potentially contributors can be from anywhere in the world, including places with GDPR or equivalent legislation. (Note that I am In Wales, UK so would be covered). I am reasonably sure, not a lawyer remember, the legislation is written in such a way that you can't get away with things like "the data is stored somewhere without DGPR so it doesn't apply", etc.

Yes, that's why I'm saying "yeah, great idea, let's do this, but let's also create a config toggle so that it can be disabled for people and orgs who don't need it".

What about the public versions? It still should have a GDPR notification.

Yes, the GDPR notice must inform about each and every purpose specifically. But it must do so only once - that can be at sign up.

The EU & UK GDPR provisions are very specific that each data gathering application must inform the user:

It's not just visual - I'm actually unable to open the individual tasks.

+1 to removing default.pem
/shrug on keeping custom.pem

This is what the README says - And maybe we should remove support for the default.pem altogether? (But, possibly leave support for custom.pem)

What was the original rationale behind shipping a certificate bundle with Arcanist? It may be better to rely on the system certificate bundle instead (that also tends to have certificates from, for example, internal company issuers as well).

A perfect example of "hard to see" things in dark mode

Definitely a good idea for anyone who wants to run Phorge in EU/UK or work with EU/UK contributors. Though it really is only necessary for the signup page - individual repositories really only have to worry about CLAs (if relevant).

Adding for refs https://discourse.phabricator-community.org/t/arc-blind-trusting-domains-and-cert-errors/4980/4

I would use arc diff

I’d definitely try, but it depends if we are using GitHub or command line git.

@Labricator Could you propose and submit a revision?

Any progress on this? Consensus?

Wouldn't this be a subtask of Legal? If admin has access to shell and/or PII, then this would be something for legal stuff.

I'd definitely recommend this change. Although I am not the best with legal mumbo jumbo, this would definitely be a must-have.

A member of Trusted Contributors will land it for you.

@speck thanks, how do I land the change?

@speck I can’t get you added as you aren’t currently authenticated with NickServ.

Thank you for going through to make these all consistent!

Thanks for setting this up. I would like to be a group contact for the room.

Thank you for submitting this change!

I feel like this is a good change. I do not see any security vulnerabilities that could be introduced by this..

In T15035#1445, @MacFan4000 wrote:

So, I sent a community registration ticket back in July,and never heard back. They say they have a backlog. I think though it would be easier if we do a project registration and have it be done by somebody who can verify that they represent Phorge. (either through a file on the web root or else DNS)

Great, thanks for the info.