[03:04:12] 10Phabricator: investigate hiding the policy controls for phabricator projects. - https://phabricator.wikimedia.org/T120903#2062383 (10mmodell) 5Open>3Resolved [10:24:37] andre__: hola! Do we happen to have any doc / fine manual to disclose a security task ? [10:24:48] I had https://phabricator.wikimedia.org/T128058 filled. Maybe removing #security is enough [10:33:20] good question. No docs that I knew about :) [10:34:07] and things got more confusing now, with a Security acl tag, a Security dropdown, and Visible To/Editable By policy fields. Meh. [10:55:00] andre__: and I dont think i can change the visible/editable policy [10:55:39] if I click on the custom policy link at the top of https://phabricator.wikimedia.org/T128058 [10:55:47] it states it is in S1 public and everyone can see it .. [10:56:33] oh there is a space [10:56:36] and then a policy bah [10:58:37] Can you remove the "Security" tag and reset the "Security dropdown" to default? Would be worth a try :) [11:48:44] andre__: the security drop down is gray :( [11:49:12] and if I drop the Security project, an herald rule bring it back :D [12:00:52] Ah. Probably only some folks can publish (reset the restrictions) I guess [14:28:13] hashar: in all honestly the move a private task to public process has been 'ask csteipp' [14:28:39] he has been the arbitrator of such things [14:29:54] chasemp: we used to have a category "software security bug" which we can disclose ourselves [14:30:04] or maybe it was "private bug [14:30:19] when you say disclose what do you mean? [14:30:24] make it public [14:30:28] ok yeah [14:30:32] I can't remember the old interface but we had three options [14:30:46] right, but you need the ability to modify policy to do it from a techical perspective [14:30:48] 1) public 2) super protected task 3) other security tasks [14:30:50] but the process I meant was [14:30:53] ask csteipp [14:30:59] with the later being disclosable easily [14:31:13] it actually never would [14:31:15] it would stop enforcing it [14:31:20] bu tit wouldn't modify teh policy [14:31:24] OHHHHHH [14:31:37] so maybe the tasks I disclosed are still private / restricted hehe [14:31:41] hence my confusion [14:31:46] very possible [14:31:55] going private for security is very easy [14:32:03] gong back public required more oversight [14:32:09] yup [14:32:09] that was the agreed upon ...stalemate :) [14:32:32] the only reason I create security tasks are to update Jenkins anyway so it is not a big lost if it is not public [15:46:49] 10Phabricator, 10Phlogiston↝Technical Debt: Phabricator dump used by Phlogiston should be updated when Phabricator is upgraded - https://phabricator.wikimedia.org/T125698#2063592 (10JAufrecht) [15:46:52] 10Phabricator, 13Patch-For-Review: Phabricator data dump didn't run Thursday night (Feb 18 2016) - https://phabricator.wikimedia.org/T127524#2063589 (10JAufrecht) 5Resolved>3Open Not sure if that was the final commit to production, and if it was in time to catch the nightly job, but the current dump is sti... [16:42:58] 10Phabricator, 10Analytics-Tech-community-metrics: Metrics for Maniphest - https://phabricator.wikimedia.org/T28#2063832 (10Lcanasdiaz) [17:14:42] there is now a new link on tasks to "protect as security issue" which will escalate a task if you find one that isn't set up correctly. To create a private task initially, use the 'report security bug' form [17:15:03] if you need specific policy template I can create a custom form for you [17:15:15] hashar chasemp ^ [17:24:57] twentyafterfour: I think he was looking for teh opposite, the de-escalation procedure [17:25:24] chasemp: we don't have that, currently, but it would be easy to add [17:25:57] I could add a link to "make this task public" which would wipe out all the policy and reset it to view=public / edit=all users [17:26:22] I'm not sure who should have the authority to do that though. [17:26:32] it would depend on the policy it's resetting I guess [17:28:07] yeah [17:28:13] thus far it's been...csteipp [17:29:21] since the existing policy controls are fairly easy to use it doesn't seem like a huge deal but it would certainly be more convenient to have a button to do it [18:30:16] 10Phabricator: Redirect Dispenser's TS email / Phabricator merge - https://phabricator.wikimedia.org/T126751#2064278 (10Aklapper) 5Open>3declined No news; assuming this has been supported out by the reporter [18:40:24] 10Phabricator, 13Patch-For-Review: Phabricator data dump didn't run Thursday night (Feb 18 2016) - https://phabricator.wikimedia.org/T127524#2064281 (10mmodell) That commit still hasn't been deployed. [19:15:16] andre__, it looks like mpopov was using acl*fundraising_research_policy_admins rights to hide some of those discovery tasks? [19:16:40] We'd need to ask mpopov for that... but something weird, yeah [19:18:18] Can you see what space that went into? [19:18:49] (and also doesn't know how to use them properly) [19:19:25] I don't want to get into trouble over this myself, but a phabricator admin should probably ask them about it [19:19:35] mpopov did fr work at one point, but I have no idea if that's related to this or not [19:19:43] one point = late last year [19:20:14] so not properly offboarded? [19:20:48] discovery loaned him to fr for a few weeks [19:21:14] best to check with him on the specific question, but I figured a bit of context might help frame that conversation [19:22:57] thanks meeple27 [19:32:25] andre__, I really think we should be able to see what space something was moved to [19:51:15] Throw in a proposal task - there might be pros and cons [19:51:32] For supersecret projects where even the name is secret it might not work. The question is if they exist. [19:51:45] (also a question for the customers of upstream) [19:54:32] No, they absolutely do not exist in Wikimedia. [19:54:52] This goes back to the Space description vs. content visibility debate [19:55:19] I know :-/ [19:57:20] We can suggest a separate policy for viewing space name/description to appease upstream [19:57:26] Ideally it would be hard-coded 'public' but whatever [20:01:51] 10Phabricator, 10Phabricator-Upstream: Separate Space description/name visibility from content visibility - https://phabricator.wikimedia.org/T128121#2064526 (10Krenair) [20:03:13] 10Phabricator, 10Phabricator-Upstream: Separate Space description/name visibility from content visibility - https://phabricator.wikimedia.org/T128121#2064538 (10Krenair) [20:03:16] andre__, done ^ [20:09:58] thanks [21:46:21] 10Phabricator, 7Documentation: Update our Spaces/ACL related Phabricator documentation after T120013 - https://phabricator.wikimedia.org/T127346#2064871 (10mmodell) p:5Triage>3Normal [21:47:41] Has anyone figured out how to configure a phab project to have the "open tasks" link on the left side menu like a user's profile page still has? [21:48:13] I really don't want to make project boards for some of the projects I take care of [21:58:07] I feel like there was a task about this [22:16:29] 10Phabricator, 6Team-Practices: Collect use cases for project/sub-project/milestone - https://phabricator.wikimedia.org/T128136#2065028 (10JAufrecht) [22:24:06] bd808: you just add a custom link using "manage" -> "edit menu" -> "configure:add link" [22:24:29] I should just make an extension for it instead of having to manually link to the search [22:55:33] twentyafterfour: thanks. I'll give it a try