Re: Early December Commitfest app release

2025-12-01 Thread Magnus Hagander
On Sun, 30 Nov 2025 at 23:57, Jelte Fennema-Nio wrote: > On Sat, 15 Nov 2025 at 14:05, Magnus Hagander wrote: > > If it was restricted to only show those that had actually submitted into > it would've probably been considered OK - but at the time it was not > considered to be worth the effort to

Re: Early December Commitfest app release

2025-11-30 Thread Jelte Fennema-Nio
On Sat, 15 Nov 2025 at 14:05, Magnus Hagander wrote: > If it was restricted to only show those that had actually submitted into it > would've probably been considered OK - but at the time it was not considered > to be worth the effort to split those up. I did this now: https://github.com/postgr

Re: Early December Commitfest app release

2025-11-15 Thread Magnus Hagander
On Sat, Nov 15, 2025, 17:36 Jelte Fennema-Nio wrote: > On Sat, Nov 15, 2025, 07:05 Magnus Hagander wrote: > >> Yes, IIRC we had security complaints about people being able to enumerate >> all users without being logged in. Since it's not just users who submitted >> any data, it was enough to jus

Re: Early December Commitfest app release

2025-11-15 Thread Jelte Fennema-Nio
On Sat, Nov 15, 2025, 07:05 Magnus Hagander wrote: > Yes, IIRC we had security complaints about people being able to enumerate > all users without being logged in. Since it's not just users who submitted > any data, it was enough to just having clicked a link once... > I think the "without being

Re: Early December Commitfest app release

2025-11-15 Thread Magnus Hagander
On Wed, Nov 12, 2025, 22:48 Jacob Champion wrote: > On Tue, Nov 11, 2025 at 2:12 AM Jelte Fennema-Nio wrote: > > 3. Make user dropdowns searchable when not logged in > > Adding Magnus -- Magnus, do you remember the rationale for re-adding > this protection back in 6ff8c6a52? Does it still apply?

Re: Early December Commitfest app release

2025-11-12 Thread Jacob Champion
On Tue, Nov 11, 2025 at 2:12 AM Jelte Fennema-Nio wrote: > 3. Make user dropdowns searchable when not logged in Adding Magnus -- Magnus, do you remember the rationale for re-adding this protection back in 6ff8c6a52? Does it still apply? --Jacob