Early December Commitfest app release
Hi all,
I'll deploy a new commitfest app release to prod somewhere early
december. The changes are:
1. Add a "Requeue CFBot" button to the patch page when logged in
2. Allow using all the filtering (by tag/author/etc) on the global
search page too
3. Make user dropdowns searchable when not logged in
4. Fix a few typos
As always, feedback is welcome. You can see the changes live here:
https://commitfest-test.postgresql.org/ (username and password are "pgtest")
On Tue, Nov 11, 2025 at 2:12 AM Jelte Fennema-Nio <me@jeltef.nl> wrote:
3. Make user dropdowns searchable when not logged in
Adding Magnus -- Magnus, do you remember the rationale for re-adding
this protection back in 6ff8c6a52? Does it still apply?
--Jacob
On Wed, Nov 12, 2025, 22:48 Jacob Champion <jacob.champion@enterprisedb.com>
wrote:
On Tue, Nov 11, 2025 at 2:12 AM Jelte Fennema-Nio <me@jeltef.nl> wrote:
3. Make user dropdowns searchable when not logged in
Adding Magnus -- Magnus, do you remember the rationale for re-adding
this protection back in 6ff8c6a52? Does it still apply?
Yes, IIRC we had security complaints about people being able to enumerate
all users without being logged in. Since it's not just users who submitted
any data, it was enough to just having clicked a link once...
If it was restricted to only show those that had actually submitted into it
would've probably been considered OK - but at the time it was not
considered to be worth the effort to split those up.
/Magnus
Show quoted text
On Sat, Nov 15, 2025, 07:05 Magnus Hagander <magnus@hagander.net> wrote:
Yes, IIRC we had security complaints about people being able to enumerate
all users without being logged in. Since it's not just users who submitted
any data, it was enough to just having clicked a link once...
I think the "without being logged in" is a pretty tiny hurdle for anyone
interested in this data. It's trivial to create one. IMO pretending that
locking it down behind a login improves security/privacy is actively
unhelpful to anyone worried about that. And at the same time it breaks the
experience for non-logged in users, without letting them know that they
should log in.
I'm kinda curious who's actually worried about that data being public
though. It's only names and usernames.
If it was restricted to only show those that had actually submitted into it
would've probably been considered OK - but at the time it was not
considered to be worth the effort to split those up.
I might just go and do that.
Show quoted text
On Sat, Nov 15, 2025, 17:36 Jelte Fennema-Nio <me@jeltef.nl> wrote:
On Sat, Nov 15, 2025, 07:05 Magnus Hagander <magnus@hagander.net> wrote:
Yes, IIRC we had security complaints about people being able to enumerate
all users without being logged in. Since it's not just users who submitted
any data, it was enough to just having clicked a link once...I think the "without being logged in" is a pretty tiny hurdle for anyone
interested in this data. It's trivial to create one. IMO pretending that
locking it down behind a login improves security/privacy is actively
unhelpful to anyone worried about that. And at the same time it breaks the
experience for non-logged in users, without letting them know that they
should log in.
Agreed in principle, but it does make it a lot easier for scrapers. And I
think that was the main concern at the time (it's been a while so my memory
could be off on the details of course).
I'm kinda curious who's actually worried about that data being public
though. It's only names and usernames.
Again with the bad memory, but could it be that it at one point included
emails, and we have independently changed that?
If it was restricted to only show those that had actually submitted into
it would've probably been considered OK - but at the time it was not
considered to be worth the effort to split those up.I might just go and do that.
I think that would remove the whole argument so yeah if that ends up not
being too hard it's probably the easiest way out.
/Magnus
On Sat, 15 Nov 2025 at 14:05, Magnus Hagander <magnus@hagander.net> wrote:
If it was restricted to only show those that had actually submitted into it would've probably been considered OK - but at the time it was not considered to be worth the effort to split those up.
I did this now:
https://github.com/postgres/pgcommitfest/commit/9c2e63d83ea6be4cd8554016980aee1b1e798ad5
Only downside is that this didn't work for the fancy new global
search. So I made that page login-only completely. Given it should
only be used by power users that seems acceptable.
On Sun, 30 Nov 2025 at 23:57, Jelte Fennema-Nio <me@jeltef.nl> wrote:
On Sat, 15 Nov 2025 at 14:05, Magnus Hagander <magnus@hagander.net> wrote:
If it was restricted to only show those that had actually submitted into
it would've probably been considered OK - but at the time it was not
considered to be worth the effort to split those up.I did this now:
https://github.com/postgres/pgcommitfest/commit/9c2e63d83ea6be4cd8554016980aee1b1e798ad5
Only downside is that this didn't work for the fancy new global
search. So I made that page login-only completely. Given it should
only be used by power users that seems acceptable.
Seems perfectly reasonable -- I'd expect anybody who works on that stuff
with any form of regularity to already be logged in, so I don't think it'll
add any substantial friction.
Thanks!
//Magnus
On Tue, 11 Nov 2025 at 11:12, Jelte Fennema-Nio <me@jeltef.nl> wrote:
1. Add a "Requeue CFBot" button to the patch page when logged in
2. Allow using all the filtering (by tag/author/etc) on the global
search page too
3. Make user dropdowns searchable when not logged in
4. Fix a few typos
This is deployed to prod now