[00:07:10] greg-g, FWIW I disagree with "and the best person to deploy it is the person who wrote it, thus..." [00:07:23] because the operations team must be able to accept changes from people without root [00:07:45] with as much review as they'd give to a fellow team member [00:08:47] (if not, see https://phabricator.wikimedia.org/T78768 ) [00:50:29] Krenair: sure, I was just relaying their reasoning, as best as I understand it [00:56:02] So we figured out that the way to people to security bugs is to make it not a security bug? ;) [00:56:32] legoktm: yep! [00:56:39] the way to people to security bugs, legoktm? [00:58:06] to add people :P [00:59:02] Honestly the Phabricator migration has mostly been great. [00:59:12] But the way is handles our private ticket situation is just... [00:59:25] Appalling. [00:59:59] Hopefully twentyafterfour's refactor of the custom plugin we have to use (!) will fix things. [01:42:36] <^d> twentyafterfour: Do we have a way to track specific things we want to pull in on our next phab code update? Or is it just a new tag from master-ish? [01:51:48] 3Phabricator: https://phabricator.wikimedia.org/p/rtimport/ times out - https://phabricator.wikimedia.org/T85046#937476 (10TTO) 3NEW [01:53:06] 3Phabricator: https://phabricator.wikimedia.org/p/rtimport/ times out - https://phabricator.wikimedia.org/T85046#937483 (10Chad) WFM, hmm. [01:53:59] <^d> For the record, tick functions are a little freaky. [01:58:19] ^d: we generally just plan to pull master or a specific revision and then tag it in our own repo [01:58:59] our production is just sync'd to a tag that we specify in puppet ... so we create a new release by pulling it into our repo and tagging, then updating the puppet module to point to the new tag [02:00:41] <^d> Yeah, I had seen the puppet bits. So if something got into master today it'd likely be in the next pull? [02:00:53] ^d: you could file a ticket and CC chasemp + myself, if you need something specific... [02:01:08] but yes if it's in master then it should get included the next time we update [02:01:24] <^d> evan and btrahan fixed our "commits don't show up for non-admins" today [02:01:32] but if there isn't demand for it we won't necessarily update weekly... [02:02:43] so making a ticket probably isn't a bad idea [02:04:02] <^d> filing. [02:05:35] 3Phabricator: Pull in ac73b2b from upstream - https://phabricator.wikimedia.org/T85047#937488 (10Chad) 3NEW [02:05:56] 3Phabricator, Phabricator.org: Do not send emails when importing changes to Diffusion - https://phabricator.wikimedia.org/T78154#837052 (10Chad) [02:06:16] <^d> T85047 filed. [02:07:15] 3Phabricator: Pull in ac73b2b from upstream - https://phabricator.wikimedia.org/T85047#937488 (10Chad) [[ https://secure.phabricator.com/rP8ac73b2bf351fa06e7be0971c138406e8a3bee48 | This is the commit ]] [02:08:02] <^d> twentyafterfour: tldr: diffusion and differential were fighting for access control of the diff objects. Differential won and since we don't use it, boom. [02:08:36] ^d: yeah I saw that discussion in the #phabricator channel [02:10:09] <^d> Glad it was easily fixable. It sounded way worse when he described it :) [02:11:02] Anyone know how WMF handles security announcements from upstream projects? [02:12:17] <^d> Usually someone brings it up on ops list or security@ alias, then it's assessed and fixed as needed. [02:12:22] <^d> Like most security issues. [02:13:26] Oh right. [02:13:36] So who monitors what? [02:13:49] There must be a wiki page on this somewhere. [02:14:14] <^d> I think some of the ops members are on some of the disclosure lists. [02:14:28] <^d> I know for a fact that Chris is and keeps an eye out for relevant CVEs. [02:15:22] That sounds ... well, concerning [02:16:23] If I link you to a report in PM, are you able to check to see if it's known by WMF? [02:17:10] <^d> I can see if it's in Phab from RT (I think) or if it's been discussed recently on the ops list, yes. [02:31:19] Krenair, it should probably be listed at https://www.mediawiki.org/wiki/Upstream_projects#Components (?) but the "main contact" responsibilities/obligations aren't specified. [02:31:42] So it turns out the one I'm looking at is not known to WMF. [02:32:02] Despite us, you know, relying on the security of it. Oops. [02:32:34] anyway hopefully this one is being sorted now, but this sort of thing really needs to be organised [02:33:23] I'll PM you about your message, quiddity [03:17:08] 3RT-Migration, operations: Migrate RT to Phabricator - https://phabricator.wikimedia.org/T38#937542 (10jeremyb) (re hw-decommission queue) >>! In T38#850184, @Dzahn wrote: > do you still see it? how about we just move all the tickets from there to core-ops before import and done? I can see tickets like https:... [03:39:01] 3Project-Management: "changed Security from none to none." - https://phabricator.wikimedia.org/T479#937546 (10jeremyb) [04:08:03] 3Phabricator: https://phabricator.wikimedia.org/p/rtimport/ times out - https://phabricator.wikimedia.org/T85046#937563 (10TTO) Strange. It's been behaving consistently this way for me for the past few days. I checked again just now and got the same error. Maybe because you're in the WMF office, and I'm on the... [04:28:10] 3Phabricator: https://phabricator.wikimedia.org/p/rtimport/ times out - https://phabricator.wikimedia.org/T85046#937591 (10Krenair) I can reproduce this issue. [04:43:29] 3Phabricator: https://phabricator.wikimedia.org/p/rtimport/ times out - https://phabricator.wikimedia.org/T85046#937606 (10TTO) [04:49:51] 3Phabricator: https://phabricator.wikimedia.org/p/rtimport/ times out - https://phabricator.wikimedia.org/T85046#937607 (10jeremyb-phone) Makes sense that it would be different each time because it's not an exception. it's just the state when a timer happened to run out. I can repro on one account but not the o... [05:00:01] 3Phabricator: https://phabricator.wikimedia.org/p/rtimport/ times out - https://phabricator.wikimedia.org/T85046#937609 (10Chad) >>! In T85046#937563, @TTO wrote: > Maybe because you're in the WMF office, and I'm on the other side of the world? Although I don't know how that would affect a server timeout... Nop... [13:21:55] 3Phabricator.org: Footer (font color vs background color) is hard to read - https://phabricator.wikimedia.org/T628#937766 (10Qgil) In less than four hours after the task was created, upstream maintainers merged a patch darkening the text of the footer. It also worth mentioning that they have also darkened the te... [13:23:21] 3Phabricator.org: Footer (font color vs background color) is hard to read - https://phabricator.wikimedia.org/T628#937767 (10Qgil) 5Open>3Resolved a:3Qgil [13:23:43] 3Phabricator: Next Phabricator upgrade on YYYY-MM-DD (to be defined) - https://phabricator.wikimedia.org/T78243#937769 (10Qgil) [13:23:57] 3Phabricator: Next Phabricator upgrade on YYYY-MM-DD (to be defined) - https://phabricator.wikimedia.org/T78243#840609 (10Qgil) [13:24:11] 3Phabricator.org: Footer (font color vs background color) is hard to read - https://phabricator.wikimedia.org/T628#10333 (10Qgil) [13:26:41] 3Phabricator.org, Phabricator: Do not send emails when importing changes to Diffusion - https://phabricator.wikimedia.org/T78154#937782 (10Qgil) [13:28:12] 3Phabricator: Pull in ac73b2b from upstream - https://phabricator.wikimedia.org/T85047#937783 (10Qgil) I'm assuming that this fix will be deployed in our next upgrade? Setting T78243 as blocker, please undo if you have other plans. [13:28:21] 3Phabricator: Pull in ac73b2b from upstream - https://phabricator.wikimedia.org/T85047#937787 (10Qgil) [15:11:28] 3Phabricator: Pull in ac73b2b from upstream - https://phabricator.wikimedia.org/T85047#937819 (10Qgil) p:5Triage>3Normal [15:18:51] 3Phabricator: https://phabricator.wikimedia.org/p/rtimport/ times out - https://phabricator.wikimedia.org/T85046#937828 (10Qgil) p:5Triage>3Low Most of the actions rtimport made were on objects that are visible for wmf-nda only. If you happen to be in that group, rendering the list of actions is trivial, but... [15:22:53] 3Phabricator: Cannot send comments in via email for restricted tasks I receive updates for via email - https://phabricator.wikimedia.org/T85006#937833 (10Qgil) [15:27:35] 3Phabricator: Cannot send comments in via email for restricted tasks I receive updates for via email - https://phabricator.wikimedia.org/T85006#937836 (10Qgil) 5Open>3declined a:3Qgil @jeremyb has proven in T84818#936727 that users with web access to a task can reply to it via email. It makes sense that a... [15:33:53] 3§ Phabricator-Sprint-Extension, Phabricator: https://phabricator.wikimedia.org/tag/XXX/board/ times out - https://phabricator.wikimedia.org/T78208#937852 (10Qgil) So... it is unclear to me what is missing here to have the links fixed. As of today, they still don't work. Is there a Gerrit change somewhere that n... [21:01:09] 3Phabricator.org: Footer (font color vs background color) is hard to read - https://phabricator.wikimedia.org/T628#937964 (10Isarra) Again, sorry about that. Thank you to everyone who took the time to comment and work on getting this issue improved. [21:35:52] 3RT-Migration: Only first requestor of RT tickets with several requestors got migrated to Phab task author - https://phabricator.wikimedia.org/T84828#937997 (10Aklapper) Number of affected tickets is actually smaller as I had also included the Procurement and Domains queues, and some tickets got closed as resolv... [21:36:34] 3RT-Migration: Only first requestor of RT tickets with several requestors got migrated to Phab task author - https://phabricator.wikimedia.org/T84828#937999 (10Aklapper) [23:00:53] 3Phabricator.org: Restrict access to comment removal - https://phabricator.wikimedia.org/T1185#938047 (10Aklapper) : Getting a list of users and how many comments they have removed. >>! In T1185#935819, @Qgil wrote: > A couple of ideas: > > * If the "This comment was removed by" text is indexed (and I'm...