Page MenuHomePhabricator

"Security" field is invisible, but still exists, and the value can't be changed, causing Herald problems
Closed, ResolvedPublic


The "Security" field is now invisible for some reason (no idea why, I haven't seen this mentioned anywhere), but it clearly still exists, and the value can't be changed (since it's invisible in the editor too).

Task T153217 (which is public) has this field set, and because of this, H173 is removing @Poyekhali as subscriber from that task.

See Also: T153455: Author cannot edit their Herald rule anymore if condition includes custom field which has been deactivated in the meantime

Event Timeline

Ping @mmodell to change the security from Software security bug to none on that task. That'd solve the issue.

If I edit the task I can see the field, but I can't modify it. Maybe somebody from Security is able to do so too.

The security field no longer serves any purpose. We should just disable to associated herald rules.

The security field no longer serves any purpose. We should just disable to associated herald rules.

H1 was already disabled, H141 is still active.

Another problem caused by this: the incorrect Security project can't be removed from T161403 after someone vandalized it by clicking "Protect as security issue".

Yeah. I'm also puzzled by what Matmarex reported. :-(

H141 is blocking that. On the other hand, we may have Security tasks without Security, so we can:

  • a) Disable H141, and have Security-Issues without Security or
  • b) Enable changing this field at forms again, which would show this field for some people, or
  • c) Make an edit-war with herald: H141 does only remove Security the first time, so if you remove it twice, you "win", that's why @matmarex failed to remove it, but @Paladox was able to do it.

Since the Security tag doesn't have any real meaning to the software (and never has) we should probably just stop fooling ourselves and remove the herald rule.

@mmodell: I'm afraid I don't understand the full implications here as I'm pretty lost in Phab's Security infrastructure now, so if you think so feel free to go ahead.

(Related random thoughts: Another example I don't know how to fix. And in the user gets unsubscribed due to poor H173.)

ok I changed the security policy defaults on the security bug form, now the herald rule isn't needed (and I have disabled it.)

As a consequence, when a security task is made public, the default policy will be removed and the users mentioned in H173 will be once again allowed to see/subscribe to the task.

mmodell claimed this task.

@Aklapper: you should be able to edit the policy on tasks if you weren't previously.