Обсуждение: Early December Commitfest app release
Hi all, I'll deploy a new commitfest app release to prod somewhere early december. The changes are: 1. Add a "Requeue CFBot" button to the patch page when logged in 2. Allow using all the filtering (by tag/author/etc) on the global search page too 3. Make user dropdowns searchable when not logged in 4. Fix a few typos As always, feedback is welcome. You can see the changes live here: https://commitfest-test.postgresql.org/ (username and password are "pgtest")
Вложения
On Tue, Nov 11, 2025 at 2:12 AM Jelte Fennema-Nio <me@jeltef.nl> wrote: > 3. Make user dropdowns searchable when not logged in Adding Magnus -- Magnus, do you remember the rationale for re-adding this protection back in 6ff8c6a52? Does it still apply? --Jacob
On Wed, Nov 12, 2025, 22:48 Jacob Champion <jacob.champion@enterprisedb.com> wrote:
On Tue, Nov 11, 2025 at 2:12 AM Jelte Fennema-Nio <me@jeltef.nl> wrote:
> 3. Make user dropdowns searchable when not logged in
Adding Magnus -- Magnus, do you remember the rationale for re-adding
this protection back in 6ff8c6a52? Does it still apply?
Yes, IIRC we had security complaints about people being able to enumerate all users without being logged in. Since it's not just users who submitted any data, it was enough to just having clicked a link once...
If it was restricted to only show those that had actually submitted into it would've probably been considered OK - but at the time it was not considered to be worth the effort to split those up.
/Magnus
On Sat, Nov 15, 2025, 07:05 Magnus Hagander <magnus@hagander.net> wrote:
Yes, IIRC we had security complaints about people being able to enumerate all users without being logged in. Since it's not just users who submitted any data, it was enough to just having clicked a link once...
I think the "without being logged in" is a pretty tiny hurdle for anyone interested in this data. It's trivial to create one. IMO pretending that locking it down behind a login improves security/privacy is actively unhelpful to anyone worried about that. And at the same time it breaks the experience for non-logged in users, without letting them know that they should log in.
I'm kinda curious who's actually worried about that data being public though. It's only names and usernames.
If it was restricted to only show those that had actually submitted into it would've probably been considered OK - but at the time it was not considered to be worth the effort to split those up.
I might just go and do that.