commits  

Messages by Date

• 2026/03/12 (tooling-trusted-releases) 01/01: #765: use safe values for distribution params arm
• 2026/03/12 (tooling-trusted-releases) 01/01: #765: use safe values for distribution params arm
• 2026/03/12 (tooling-trusted-releases) branch arm updated (b2fd75de -> 4bac0ea9) arm
• 2026/03/12 (tooling-trusted-releases) branch arm updated (16386f54 -> b2fd75de) arm
• 2026/03/12 (tooling-trusted-releases) 01/01: #765: usafe safe values for distribution params arm
• 2026/03/12 (tooling-trusted-releases) branch arm updated: #765: usafe safe values for distribution params arm
• 2026/03/11 (tooling-trusted-releases) 01/01: Adding docs for cascading; fixes #517 akm
• 2026/03/11 (tooling-trusted-releases) branch document-cascades-517 created (now 86089205) akm
• 2026/03/11 (tooling-trusted-releases) branch main updated (50979b02 -> cdf4ce7d) sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Allow binary suffixes on archive roots sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated (996965f6 -> 50979b02) sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Classify binary files from infix and suffix filename components sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated (afc8c087 -> 996965f6) sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated (0150111c -> afc8c087) sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated (7c8efdd4 -> 0150111c) sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Make e2e voting tests more reliable sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated (47a304da -> 7c8efdd4) sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Set length limits on reads of KEYS, LICENSE, and NOTICE files sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated (e4f18ee6 -> 47a304da) sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Remove Referrer-Policy, which is now set in the frontend proxy sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated (952b889a -> e4f18ee6) sbp
• 2026/03/11 (tooling-trusted-releases) branch dependabot/uv/aiofiles-25.1.0 deleted (was adfedf2a) github-bot
• 2026/03/11 (tooling-trusted-releases) branch dependabot/uv/aiosmtplib-5.1.0 deleted (was c67a04cb) github-bot
• 2026/03/11 (tooling-trusted-releases) branch dependabot/uv/email-validator-2.3.0 deleted (was e9603ba9) github-bot
• 2026/03/11 (tooling-trusted-releases) branch dependabot/uv/rich-14.3.3 deleted (was 101d01c7) github-bot
• 2026/03/11 (tooling-trusted-releases) branch dependabot/uv/ldap3-2.10.2rc3 deleted (was 119b9b5c) github-bot
• 2026/03/11 (tooling-trusted-releases) branch main updated (aee82146 -> 952b889a) sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Ensure that emails cannot contain null bytes sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated (54e6af48 -> aee82146) sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated (c550a9d4 -> 54e6af48) sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Remove unnecessary archive integrity checks sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated (93da3dcf -> c550a9d4) sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Give each check its own version number for result cache key construction sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated (4d725a75 -> 93da3dcf) sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Update major versions of dependencies sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Remove the unused field to rename a file when uploading sbp
• 2026/03/11 (tooling-trusted-releases) branch dependabot/uv/aiofiles-25.1.0 updated (236b15e2 -> adfedf2a) github-bot
• 2026/03/11 (tooling-trusted-releases) branch dependabot/uv/rich-14.3.3 updated (b94cb858 -> 101d01c7) github-bot
• 2026/03/11 (tooling-trusted-releases) branch dependabot/uv/aiosmtplib-5.1.0 updated (c77fd9f0 -> c67a04cb) github-bot
• 2026/03/11 (tooling-trusted-releases) branch dependabot/uv/ldap3-2.10.2rc3 updated (2901a425 -> 119b9b5c) github-bot
• 2026/03/11 (tooling-trusted-releases) 01/01: Bump email-validator from 2.2.0 to 2.3.0 github-bot
• 2026/03/11 (tooling-trusted-releases) branch main updated (6d713f4e -> 4d725a75) sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Make compose tests more durable sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated (7ff06690 -> c550a9d4) sbp
• 2026/03/11 (tooling-trusted-releases) 01/03: Update dependencies sbp
• 2026/03/11 (tooling-trusted-releases) 02/03: Fix and improve email validation sbp
• 2026/03/11 (tooling-trusted-releases) 03/03: Remove headers that are now set in the frontend proxy sbp
• 2026/03/11 (tooling-trusted-releases) branch arm updated: #671 - validate https scheme for github oidc arm
• 2026/03/11 (tooling-trusted-releases) branch arm updated (ecdc80cc -> 6d713f4e) arm
• 2026/03/11 (tooling-trusted-releases) branch main updated: #671 - validate trusted domains for JWKS URI arm
• 2026/03/11 (tooling-trusted-releases) 01/01: #671 - validate trusted domains for JWKS URI arm
• 2026/03/11 (tooling-trusted-releases) 01/03: Make the revision number optional in the form to add ignores sbp
• 2026/03/11 (tooling-trusted-releases) 02/03: Update dependencies sbp
• 2026/03/11 (tooling-trusted-releases) branch arm updated (0e4e94a7 -> ecdc80cc) arm
• 2026/03/11 (tooling-trusted-releases) branch main updated (33c74c7a -> 8b2dbcdb) sbp
• 2026/03/11 (tooling-trusted-releases) 03/03: Fix and improve email validation sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated (c85b530b -> 7ff06690) sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated: Remove OSCP stapling wave
• 2026/03/11 (tooling-trusted-releases) branch main updated (645aefb0 -> b0643597) sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated (b69e8055 -> 645aefb0) sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated (be6c4bfc -> b69e8055) sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Update dependencies sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated (3313c3a1 -> be6c4bfc) sbp
• 2026/03/11 (tooling-trusted-releases) branch arm updated: #671 - validate trusted domains for JWKS URI arm
• 2026/03/11 (tooling-trusted-releases) branch main updated (6b9e41ac -> 3313c3a1) sbp
• 2026/03/11 (tooling-trusted-releases) branch dependabot/uv/email-validator-2.3.0 created (now 5041c173) github-bot
• 2026/03/11 (tooling-trusted-releases) branch dependabot/uv/aiofiles-25.1.0 created (now 236b15e2) github-bot
• 2026/03/11 (tooling-trusted-releases) branch dependabot/uv/aiosmtplib-5.1.0 created (now c77fd9f0) github-bot
• 2026/03/11 (tooling-trusted-releases) branch dependabot/uv/rich-14.3.3 created (now b94cb858) github-bot
• 2026/03/11 (tooling-trusted-releases) 06/06: Make the revision number optional in the form to add ignores sbp
• 2026/03/11 (tooling-trusted-releases) 01/06: Use extracted archives in license header checks sbp
• 2026/03/11 (tooling-trusted-releases) 04/06: Require a CSRF token on all forms sbp
• 2026/03/11 (tooling-trusted-releases) 02/06: Use extracted archives for source tree comparison checks sbp
• 2026/03/11 (tooling-trusted-releases) 03/06: Add audit guidance about empty form CSRF protection sbp
• 2026/03/11 (tooling-trusted-releases) 05/06: Use extracted archive trees in RAT checks sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated (f453b04b -> 8d01b275) sbp
• 2026/03/11 (tooling-trusted-releases) branch dave2wave-patch-1 deleted (was aa8bd5d0) sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated: Add support for pyproject.toml and Docker in Dependabot (#857) sbp
• 2026/03/11 (tooling-trusted-releases) branch dave2wave-patch-1 updated (7e67a15b -> aa8bd5d0) sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated (78bf4740 -> 7dd2a2be) arm
• 2026/03/11 (tooling-trusted-releases) 01/02: Validate user ID of PATs on JWT usage arm
• 2026/03/11 (tooling-trusted-releases) 02/02: Change gh slug for Maven distributions arm
• 2026/03/11 (tooling-trusted-releases) branch arm updated (70a48069 -> 7dd2a2be) arm
• 2026/03/11 (tooling-trusted-releases) branch main updated (03067776 -> 78bf4740) sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Use extracted archive trees in RAT checks sbp
• 2026/03/11 (tooling-actions) branch main updated: Rename slug to mavencentral arm
• 2026/03/11 (tooling-trusted-releases) 01/02: Validate user ID of PATs on JWT usage arm
• 2026/03/11 (tooling-trusted-releases) branch arm updated (8fbe527c -> 70a48069) arm
• 2026/03/11 (tooling-trusted-releases) 02/02: Change gh slug for Maven distributions arm
• 2026/03/11 (tooling-actions) branch main updated: Poll Central API for status and report errors arm
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Require a CSRF token on all forms sbp
• 2026/03/11 (tooling-trusted-releases) branch main updated (33721288 -> 03067776) sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Add audit guidance about empty form CSRF protection sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Use extracted archives for source tree comparison checks sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Use extracted archives in license header checks sbp
• 2026/03/11 (tooling-actions) branch main updated: Take out profiles, they created an issue arm
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Add unit tests for license file checks sbp
• 2026/03/11 (tooling-actions) branch main updated: Rename central ID arm
• 2026/03/11 (tooling-trusted-releases) branch sbp updated: Use extracted archives in license file checks sbp
• 2026/03/11 (tooling-trusted-releases) branch sbp updated (ced33ae5 -> 33721288) sbp
• 2026/03/11 (tooling-actions) branch main updated: Try redirecting to Central arm
• 2026/03/11 (tooling-actions) branch main updated: Try to make sure njord plugin is installed arm
• 2026/03/11 (tooling-actions) 01/01: Actually use CP in publish arm
• 2026/03/11 (tooling-actions) branch main updated (5df10cc -> 73168e9) arm
• 2026/03/11 (tooling-actions) branch main updated: Actually use CP in publish arm
• 2026/03/11 (tooling-actions) branch main updated: Fix publisher settings arm
• 2026/03/10 (tooling-trusted-releases) branch dave2wave-patch-1 created (now 7e67a15b) wave
• 2026/03/10 (tooling-trusted-releases) branch version-comment-710 deleted (was 31c84149) akm
• 2026/03/10 (tooling-trusted-releases) 01/01: Add support for pyproject.toml and Docker in Dependabot wave
• 2026/03/10 (tooling-trusted-releases) branch main updated: Added comment; fixes #710 (#856) akm
• 2026/03/10 (tooling-trusted-releases) branch version-comment-710 created (now 31c84149) akm
• 2026/03/10 (tooling-trusted-releases) 01/01: Added comment; fixes #710 akm
• 2026/03/10 (tooling-trusted-releases) branch ldap-search-limited-attributes deleted (was cfa8ea36) wave
• 2026/03/10 (tooling-trusted-releases) branch relpath-docs-721 deleted (was 3f8ef5cd) akm
• 2026/03/10 (tooling-trusted-releases) branch main updated: Adding to docs; fixes #721 (#854) akm
• 2026/03/10 (tooling-trusted-releases) branch fix-case-in-docs deleted (was c9d5f93c) wave
• 2026/03/10 (tooling-trusted-releases) branch main updated: Fix title case (#855) wave
• 2026/03/10 (tooling-trusted-releases) branch relpath-docs-721 updated (f8ae462a -> 3f8ef5cd) akm
• 2026/03/10 (tooling-trusted-releases) 01/01: Fix title case wave
• 2026/03/10 (tooling-trusted-releases) branch fix-case-in-docs created (now c9d5f93c) wave
• 2026/03/10 (tooling-trusted-releases) branch svn-import-comment-662 deleted (was 04f806da) akm
• 2026/03/10 (tooling-trusted-releases) branch main updated: Adding comment for domain checking; fixes #662 (#853) akm
• 2026/03/10 (tooling-trusted-releases) 01/01: Adding to docs; fixes #721 akm
• 2026/03/10 (tooling-trusted-releases) branch relpath-docs-721 created (now f8ae462a) akm
• 2026/03/10 (tooling-trusted-releases) branch svn-import-comment-662 updated (4d26a38d -> 04f806da) akm
• 2026/03/10 (tooling-trusted-releases) branch main updated: Add padding on table cells wave
• 2026/03/10 (tooling-trusted-releases) 01/01: Adding comment for domain checking; fixes #662 akm
• 2026/03/10 (tooling-trusted-releases) branch svn-import-comment-662 created (now 4d26a38d) akm
• 2026/03/10 (tooling-trusted-releases) branch main updated: Add TLS security configuration docs (#852) wave
• 2026/03/10 (tooling-trusted-releases) branch add-ls-config-docs deleted (was fc97a0bd) wave
• 2026/03/10 (tooling-trusted-releases) branch main updated (65a03fbf -> ced33ae5) sbp
• 2026/03/10 (tooling-trusted-releases) branch sbp updated: Use GFM instead of CommonMark Markdown for the documentation sbp
• 2026/03/10 (tooling-trusted-releases) branch add-ls-config-docs updated: Clean up the linkage wave
• 2026/03/10 (tooling-trusted-releases) branch add-ls-config-docs updated: Update next section link in input-validation.md wave
• 2026/03/10 (tooling-trusted-releases) branch add-ls-config-docs updated: Create TLS security configuration documentation wave
• 2026/03/10 (tooling-trusted-releases) branch add-ls-config-docs created (now 65a03fbf) wave
• 2026/03/10 (tooling-trusted-releases) branch main updated (b280bcf1 -> 65a03fbf) sbp
• 2026/03/10 (tooling-trusted-releases) branch sbp updated: Check .zip structure using the extracted files only sbp
• 2026/03/10 (tooling-trusted-releases) branch main updated (d5047c89 -> b280bcf1) sbp
• 2026/03/10 (tooling-trusted-releases) branch sbp updated (5d6a978e -> b280bcf1) sbp
• 2026/03/10 (tooling-trusted-releases) 01/01: Check .tar.gz structure using the extracted files only sbp
• 2026/03/10 (tooling-actions) 01/01: Fix name of workflow arm
• 2026/03/10 (tooling-actions) branch main updated (0373712 -> 9c213fb) arm
• 2026/03/10 (tooling-trusted-releases) branch arm updated: Validate user ID of PATs on JWT usage arm
• 2026/03/10 (tooling-trusted-releases) 01/01: Drop file_name field in upload files wave
• 2026/03/10 (tooling-trusted-releases) branch comment-out-file_name-in-uploads created (now dfc70f75) wave
• 2026/03/10 (tooling-trusted-releases) branch main updated (85f9e894 -> d5047c89) arm
• 2026/03/10 (tooling-actions) branch main updated: Update maven central distribution for ntb files arm
• 2026/03/10 (tooling-trusted-releases) branch arm updated: Disable automated staging distributions for alpha. Filter automated distributions to only support Maven Central for now. arm
• 2026/03/10 (tooling-trusted-releases) branch main updated (21a8560c -> 85f9e894) arm
• 2026/03/10 (tooling-trusted-releases) branch arm updated: #698 - Hide JWT after 60s arm
• 2026/03/10 (tooling-trusted-releases) branch main updated (1a549cbf -> 21a8560c) arm
• 2026/03/10 (tooling-trusted-releases) branch arm updated: Remove ability to push custom args into GH workflows - unnecessary. Closes #771 arm
• 2026/03/10 (tooling-trusted-releases) branch main updated (c80e8e81 -> 1a549cbf) arm
• 2026/03/10 (tooling-trusted-releases) branch arm updated (a81c982c -> 1a549cbf) arm
• 2026/03/10 (tooling-trusted-releases) 01/01: #643 - Add safe.RevisionNumber and utilise unsafe.UnsafeStr for remaining str types. arm
• 2026/03/09 (tooling-trusted-releases) branch document-public-API-endpoints-660 deleted (was a894e756) wave
• 2026/03/09 (tooling-trusted-releases) branch main updated: Adding docs about public API endpoints; fixes #660 (#849) wave
• 2026/03/09 (tooling-trusted-releases) branch document-public-API-endpoints-660 updated (a35f21f3 -> a894e756) akm
• 2026/03/09 (tooling-trusted-releases) branch document-public-API-endpoints-660 updated (e411317c -> a35f21f3) akm
• 2026/03/09 (tooling-trusted-releases) branch document-public-API-endpoints-660 created (now e411317c) akm
• 2026/03/09 (tooling-trusted-releases) 01/01: Adding docs about public API endpoints; fixes #660 akm
• 2026/03/09 (tooling-trusted-releases) branch document-auth-bypass-659 deleted (was 748e1f23) wave
• 2026/03/09 (tooling-trusted-releases) branch main updated: Adding docs for auth bypass; fixes #659 (#848) wave
• 2026/03/09 (tooling-trusted-releases) 01/01: Adding docs for auth bypass; fixes #659 akm
• 2026/03/09 (tooling-trusted-releases) branch document-auth-bypass-659 created (now 748e1f23) akm
• 2026/03/09 (tooling-trusted-releases) branch public-download-comment-665 deleted (was f11c6341) wave
• 2026/03/09 (tooling-trusted-releases) branch main updated: Adding comment about public download of release files; fixes #665 (#846) wave
• 2026/03/09 (tooling-trusted-releases) branch main updated: Adding comments for key and token deletion; fixes #664 (#847) wave
• 2026/03/09 (tooling-trusted-releases) branch token-deletion-comment-664 deleted (was d2415e27) wave
• 2026/03/09 (tooling-trusted-releases) branch message-sending-comment-670 deleted (was 21140868) wave
• 2026/03/09 (tooling-trusted-releases) branch main updated: Adding comment about sending mail to other committees; fixes #670 (#845) wave
• 2026/03/09 (tooling-trusted-releases) branch ssh-comment-674 deleted (was f936db9c) wave
• 2026/03/09 (tooling-trusted-releases) branch main updated: Adding comment; fixes #674 (#844) wave
• 2026/03/09 (tooling-trusted-releases) 01/01: Adding comments for key and token deletion; fixes #664 akm
• 2026/03/09 (tooling-trusted-releases) branch token-deletion-comment-664 created (now d2415e27) akm
• 2026/03/09 (tooling-trusted-releases) 01/01: Adding comment about public download of release files; fixes #665 akm
• 2026/03/09 (tooling-trusted-releases) branch public-download-comment-665 created (now f11c6341) akm
• 2026/03/09 (tooling-trusted-releases) 01/01: Adding comment about sending mail to other committees; fixes #670 akm
• 2026/03/09 (tooling-trusted-releases) branch message-sending-comment-670 created (now 21140868) akm
• 2026/03/09 (tooling-trusted-releases) branch ssh-comment-674 created (now f936db9c) akm
• 2026/03/09 (tooling-trusted-releases) 01/01: Adding comment; fixes #674 akm
• 2026/03/09 (tooling-trusted-releases) branch dependabot/github_actions/astral-sh/setup-uv-7.3.1 created (now 8b88fd49) github-bot
• 2026/03/09 (tooling-releases-client) branch dependabot/github_actions/astral-sh/setup-uv-7.3.0 deleted (was 4b3f130) github-bot
• 2026/03/09 (tooling-releases-client) branch dependabot/github_actions/astral-sh/setup-uv-7.3.1 created (now c1c5b79) github-bot
• 2026/03/09 (tooling-trusted-releases) 01/01: #643 - Add safe.RevisionNumber and utilise unsafe.UnsafeStr for remaining str types. arm
• 2026/03/09 (tooling-trusted-releases) branch arm updated (a72a347a -> a81c982c) arm
• 2026/03/09 (tooling-trusted-releases) branch arm updated: #643 - Add safe.RevisionNumber and utilise unsafe.UnsafeStr for remaining str types. arm
• 2026/03/09 (tooling-trusted-releases) branch main updated (498bc10e -> 5fb88cfc) arm
• 2026/03/09 (tooling-trusted-releases) branch arm updated: Use PAT hash as part of issued JWT. Closes #828. arm
• 2026/03/09 (tooling-trusted-releases) branch main updated (8fd6be8a -> 498bc10e) arm
• 2026/03/09 (tooling-trusted-releases) branch arm updated: Wrap safe types in str before starting SVN import. Closes #838 arm
• 2026/03/09 (tooling-trusted-releases) branch main updated (5d6a978e -> 8fd6be8a) arm
• 2026/03/09 (tooling-trusted-releases) branch arm updated (eadf18d4 -> 8fd6be8a) arm
• 2026/03/09 (tooling-trusted-releases) 01/01: Use release name from URL and compare to the form to ensure no malicious/accidental use. Closes #655 arm
• 2026/03/08 (tooling-trusted-releases) branch main updated (b5222e27 -> 5d6a978e) sbp
• 2026/03/08 (tooling-trusted-releases) branch sbp updated: Additionally detect source files by stem infix sbp
• 2026/03/08 (tooling-trusted-releases) branch main updated (769e6257 -> b5222e27) sbp
• 2026/03/08 (tooling-trusted-releases) branch sbp updated: Detect source archives by stem suffix sbp
• 2026/03/08 (tooling-trusted-releases) branch main updated (de57b293 -> 769e6257) sbp

• Earlier messages
• Later messages