Page MenuHomePhorge
Projects Diffusion

DiffusionProject
ActivePublic
Watch Project

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

Tasks related about Diffusion, where are hosted repositories.

For now, use this tag for Audit-related tasks.

Recent Activity
View All

Fri, Jan 17

Cigaryno closed Q109: Multiple commits in one Audit? as resolved.
Fri, Jan 17, 11:02 · Diffusion, Differential

Wed, Jan 15

Cigaryno added a project to T15924: Commit feed body: it should probably show (part of) commit body: Feed.
Wed, Jan 15, 19:48 · Feed, Discussion Needed, Diffusion
Cigaryno added a project to T15265: Exception when importing Mercurial repository with non-UTF-8 characters in filenames: Bug Reports.
Wed, Jan 15, 19:42 · Bug Reports, Diffusion
Cigaryno moved T15526: Diffusion: Description and tags are not shown from Backlog to User Experience on the Good Starter Task board.
Wed, Jan 15, 19:27 · Diffusion, Good Starter Task, UX

Tue, Dec 31

Cigaryno edited projects for T15526: Diffusion: Description and tags are not shown, added: Diffusion; removed Auth.
Tue, Dec 31, 12:37 · Diffusion, Good Starter Task, UX

Dec 29 2024

Cigaryno moved T15924: Commit feed body: it should probably show (part of) commit body from Backlog to Discussion Needed on the Diffusion board.
Dec 29 2024, 17:36 · Feed, Discussion Needed, Diffusion
Cigaryno added a project to T15664: Bug: Unable to add an empty repository to an owners package: Bug Reports.
Dec 29 2024, 17:35 · Bug Reports, Diffusion
Cigaryno moved T15670: Diffusion repository commits: avoid to be a black hole for webcrawlers from Backlog to Discussion Needed on the Diffusion board.
Dec 29 2024, 17:34 · Diffusion, Discussion Needed
Cigaryno moved T15280: Herald object Diffusion Commit: allow to add a Tag from Backlog to Feature Requests on the Diffusion board.
Dec 29 2024, 17:33 · User-valerio.bozzolan, Herald, Diffusion
Cigaryno added a project to D25738: Avoid RuntimeException on "Skip past this commit" when commit still importing: Diffusion.
Dec 29 2024, 16:45 · Diffusion
Cigaryno added a project to D25457: Update diffusion browse to generate Table of Contents when viewed as remarkup: Diffusion.
Dec 29 2024, 16:13 · Diffusion

Dec 28 2024

Cigaryno moved T15491: Add config option for default branch name from Backlog to Feature Requests on the Diffusion board.
Dec 28 2024, 19:27 · Good Starter Task, Feature Requests, Diffusion
Cigaryno moved T15892: Post-Commit Audit review: authors cannot "Raise Concern" from Backlog to Bug Reports on the Diffusion board.
Dec 28 2024, 19:26 · Discussion Needed, Bug Reports, Diffusion
Cigaryno moved T15556: Improve Diffusion identity reassignment propagation from Backlog to Bug Reports on the Diffusion board.
Dec 28 2024, 19:26 · Bug Reports, Diffusion
Cigaryno moved T15533: Bug: Unhandled Exception ("Exception") - Diff Parse Exception: Expected '\ No newline at end of file'. from Backlog to Bug Reports on the Diffusion board.
Dec 28 2024, 19:26 · Localization, Bug Reports, Diffusion
Cigaryno moved T15453: Diffusion: Create Identity form is incomplete from Backlog to Bug Reports on the Diffusion board.
Dec 28 2024, 19:26 · Bug Reports, Diffusion
Cigaryno added a project to T15670: Diffusion repository commits: avoid to be a black hole for webcrawlers: Diffusion.
Dec 28 2024, 18:40 · Diffusion, Discussion Needed
Cigaryno edited Description on Diffusion.
Dec 28 2024, 18:39

Dec 26 2024

Cigaryno moved T15491: Add config option for default branch name from Backlog to Feature Requests on the Good Starter Task board.
Dec 26 2024, 09:10 · Good Starter Task, Feature Requests, Diffusion

Dec 19 2024

Cigaryno moved T15892: Post-Commit Audit review: authors cannot "Raise Concern" from Backlog to Bug Reports on the Discussion Needed board.
Dec 19 2024, 07:33 · Discussion Needed, Bug Reports, Diffusion

Dec 11 2024

valerio.bozzolan changed the visibility for T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.
Dec 11 2024, 08:31 · Spam mitigation, Diffusion, Security
valerio.bozzolan closed T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns as Resolved by committing rP7429da91d293: Repository Identity "Automatically Detected User": don't trust unverified emails.
Dec 11 2024, 08:31 · Spam mitigation, Diffusion, Security
valerio.bozzolan closed T15966: Fix unit test PhabricatorChangeParserTestCase::testSubversionPartialParser for non-English terminals as Resolved by committing rP14fcf61a1eee: Fix Diffusion commands in non-English environments.
Dec 11 2024, 07:33 · Bug Reports, User-valerio.bozzolan, Diffusion
speck added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

Let’s do it

Dec 11 2024, 02:22 · Spam mitigation, Diffusion, Security

Dec 10 2024

20after4 added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

If there are no objections I would be happy to accept the diff. @speck are your concerns addressed or should we continue discussion / consider other options?

Dec 10 2024, 18:15 · Spam mitigation, Diffusion, Security
20after4 added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.
In T15965#20144, @valerio.bozzolan wrote:

What is changing is, that unverified email will not match your unverified email as default, so that should need these 2 clicks manual configs (or, find a way to verify the email)

Dec 10 2024, 18:10 · Spam mitigation, Diffusion, Security
valerio.bozzolan added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

Yep, manually setting your unverified (and not verifiable) email would still be possible 👍 just two clicks are needed from this kind of pages:

Dec 10 2024, 17:29 · Spam mitigation, Diffusion, Security
20after4 added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

Another edge case: Most of my contributions to Phorge happened as part of my work for Wikimedia. Those commits are under an email address that I no longer have access to, since I am no longer employed at the Wikimedia Foundation.

Dec 10 2024, 16:47 · Spam mitigation, Diffusion, Security
valerio.bozzolan added a project to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns: Spam mitigation.
Dec 10 2024, 13:54 · Spam mitigation, Diffusion, Security

Dec 9 2024

valerio.bozzolan renamed T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns from Repository Identity: it reads unverified emails, with spam concerns to Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.
Dec 9 2024, 08:56 · Spam mitigation, Diffusion, Security
valerio.bozzolan added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

Take for example this commit that has a default (empty) identity:

Dec 9 2024, 08:04 · Spam mitigation, Diffusion, Security
avivey added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

"Steal credit" might actually lead to a real issue: If a new user can get themselves identified as an old, trusted, user based on commit history, their changes might not be checked as rigorously by the rest of the team - similar to the XZ Utils backdoor issue, only faster.

Dec 9 2024, 07:56 · Spam mitigation, Diffusion, Security
valerio.bozzolan added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

Limitation: to steal a commit identity, it must be the default. Sorry I forgot to say.

Dec 9 2024, 07:33 · Spam mitigation, Diffusion, Security

Dec 8 2024

valerio.bozzolan added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.
In T15965#20052, @speck wrote:

What can a malicious user accomplish by claiming unverified email for commits?

Dec 8 2024, 18:25 · Spam mitigation, Diffusion, Security

Dec 7 2024

speck added a comment to T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.

What can a malicious user accomplish by claiming unverified email for commits? The idea outlined here sounds right but I’d like to understand what potential harm could be done on its current state, and also whether there’s any legitimate use case for the current behavior.

Dec 7 2024, 16:10 · Spam mitigation, Diffusion, Security

Dec 5 2024

valerio.bozzolan moved T15966: Fix unit test PhabricatorChangeParserTestCase::testSubversionPartialParser for non-English terminals from Backlog to PingDeath 🌚 on the User-valerio.bozzolan board.
Dec 5 2024, 15:44 · Bug Reports, User-valerio.bozzolan, Diffusion
valerio.bozzolan added a revision to T15966: Fix unit test PhabricatorChangeParserTestCase::testSubversionPartialParser for non-English terminals: D25846: Fix Diffusion commands in non-English environments.
Dec 5 2024, 15:43 · Bug Reports, User-valerio.bozzolan, Diffusion
valerio.bozzolan created T15966: Fix unit test PhabricatorChangeParserTestCase::testSubversionPartialParser for non-English terminals.
Dec 5 2024, 15:34 · Bug Reports, User-valerio.bozzolan, Diffusion
valerio.bozzolan claimed T15965: Repository Identity "Automatically Detected User": it reads unverified emails, with spam concerns.
Dec 5 2024, 10:09 · Spam mitigation, Diffusion, Security
valerio.bozzolan raised the priority of T15556: Improve Diffusion identity reassignment propagation from Low to Normal.
Dec 5 2024, 08:21 · Bug Reports, Diffusion

Dec 4 2024

valerio.bozzolan closed T15964: "Delete Repository" button: it's a bit scaring (always active) as Resolved by committing rP48fd3f1c40de: Delete Repository button: disable if not admin, but show popup to all.
Dec 4 2024, 06:52 · UX, Diffusion

Dec 2 2024

valerio.bozzolan added a revision to T15964: "Delete Repository" button: it's a bit scaring (always active): D25843: Delete Repository button: disable if not admin, but show popup to all.
Dec 2 2024, 20:19 · UX, Diffusion
valerio.bozzolan added a project to T15964: "Delete Repository" button: it's a bit scaring (always active): UX.
Dec 2 2024, 20:15 · UX, Diffusion
valerio.bozzolan created T15964: "Delete Repository" button: it's a bit scaring (always active).
Dec 2 2024, 20:13 · UX, Diffusion
valerio.bozzolan added a project to T15742: When creating a Diffusion Repo, add helpful text to each field: UX.
Dec 2 2024, 17:37 · UX, Diffusion

Oct 8 2024

fgaz created T15946: Support downloading a compressed working copy (tar/zip) of a repository at a specific ref (commit, branch, or tag).
Oct 8 2024, 17:14 · Diffusion, Phorge

Sep 20 2024

valerio.bozzolan closed T15489: Diffusion commit feed: avoid to repeat the commit message twice as Resolved by committing rP9acdd888930e: Diffusion commit feed: fix commit title repeated twice.
Sep 20 2024, 01:58 · UX, User-valerio.bozzolan, Diffusion
valerio.bozzolan closed T15489: Diffusion commit feed: avoid to repeat the commit message twice, a subtask of T15924: Commit feed body: it should probably show (part of) commit body, as Resolved.
Sep 20 2024, 01:58 · Feed, Discussion Needed, Diffusion

Sep 14 2024

valerio.bozzolan moved T15489: Diffusion commit feed: avoid to repeat the commit message twice from Code Sprint Candidate to PingDeath 🌚 on the User-valerio.bozzolan board.
Sep 14 2024, 14:16 · UX, User-valerio.bozzolan, Diffusion
valerio.bozzolan added a revision to T15489: Diffusion commit feed: avoid to repeat the commit message twice: D25824: Diffusion commit feed: fix commit title repeated twice.
Sep 14 2024, 14:11 · UX, User-valerio.bozzolan, Diffusion
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0