dev
Thread
Date
Earlier messages
Later messages
Messages by Thread
Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases)
via GitHub
Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases)
via GitHub
Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases)
via GitHub
Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases)
via GitHub
Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases)
via GitHub
[I] Remove release from SVN import options (tooling-trusted-releases)
via GitHub
Re: [I] Remove release from SVN import options (tooling-trusted-releases)
via GitHub
[PR] clarify ASF distribution vs third party channels (tooling-trusted-releases)
via GitHub
Re: [PR] clarify ASF distribution vs third party channels (tooling-trusted-releases)
via GitHub
Re: [PR] clarify ASF distribution vs third party channels (tooling-trusted-releases)
via GitHub
[I] Update docs with relpath (tooling-trusted-releases)
via GitHub
Re: [I] Update docs with relpath (tooling-trusted-releases)
via GitHub
Re: [I] Update docs with relpath (tooling-trusted-releases)
via GitHub
[I] Use continuation passing style for creating new revisions (tooling-trusted-releases)
via GitHub
Re: [I] Use continuation passing style for creating new revisions (tooling-trusted-releases)
via GitHub
Re: [I] Use continuation passing style for creating new revisions (tooling-trusted-releases)
via GitHub
[I] Ensure that tasks themselves are cached as well as task results (tooling-trusted-releases)
via GitHub
Re: [I] Ensure that tasks themselves are cached as well as task results (tooling-trusted-releases)
via GitHub
Re: [I] Ensure that tasks themselves are cached as well as task results (tooling-trusted-releases)
via GitHub
Re: [I] Ensure that tasks themselves are cached as well as task results (tooling-trusted-releases)
via GitHub
[PR] Use the intersection of algorithms from asyncssh and ssh-audit (tooling-trusted-releases)
via GitHub
Re: [PR] Use the intersection of algorithms from asyncssh and ssh-audit (tooling-trusted-releases)
via GitHub
Re: [PR] Use the intersection of algorithms from asyncssh and ssh-audit (tooling-trusted-releases)
via GitHub
Re: [PR] Use the intersection of algorithms from asyncssh and ssh-audit (tooling-trusted-releases)
via GitHub
[PR] #677 - Add explicit ciphers, kex and mac algorithms. (tooling-trusted-releases)
via GitHub
Re: [PR] #677 - Add explicit ciphers, kex and mac algorithms. (tooling-trusted-releases)
via GitHub
Re: [PR] #677 - Add explicit ciphers, kex and mac algorithms. (tooling-trusted-releases)
via GitHub
[I] Verify all DistributionPlatform template URLs use HTTPS (tooling-trusted-releases)
via GitHub
Re: [I] Verify all DistributionPlatform template URLs use HTTPS (tooling-trusted-releases)
via GitHub
Re: [I] Verify all DistributionPlatform template URLs use HTTPS (tooling-trusted-releases)
via GitHub
[I] Add explicit TLS configuration to LDAP connections in `atr/ldap.py` (tooling-trusted-releases)
via GitHub
Re: [I] Add explicit TLS configuration to LDAP connections in `atr/ldap.py` (tooling-trusted-releases)
via GitHub
[I] Add TLS enforcement to download shell script in `atr/static/sh/download-urls.sh` (tooling-trusted-releases)
via GitHub
Re: [I] Add TLS enforcement to download shell script in `atr/static/sh/download-urls.sh` (tooling-trusted-releases)
via GitHub
Re: [I] Add TLS enforcement to download shell script in `atr/static/sh/download-urls.sh` (tooling-trusted-releases)
via GitHub
Re: [I] Add TLS enforcement to download shell script in `atr/static/sh/download-urls.sh` (tooling-trusted-releases)
via GitHub
Re: [I] Add TLS enforcement to download shell script in `atr/static/sh/download-urls.sh` (tooling-trusted-releases)
via GitHub
[I] Enforce HTTPS-only for SVN PubSub listener URL in `atr/svn/pubsub.py` (tooling-trusted-releases)
via GitHub
Re: [I] Enforce HTTPS-only for SVN PubSub listener URL in `atr/svn/pubsub.py` (tooling-trusted-releases)
via GitHub
Re: [I] Enforce HTTPS-only for SVN PubSub listener URL in `atr/svn/pubsub.py` (tooling-trusted-releases)
via GitHub
Re: [I] Enforce HTTPS-only for SVN PubSub listener URL in `atr/svn/pubsub.py` (tooling-trusted-releases)
via GitHub
[I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases)
via GitHub
Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases)
via GitHub
Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases)
via GitHub
Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases)
via GitHub
Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases)
via GitHub
Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases)
via GitHub
Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases)
via GitHub
[I] Add STARTTLS initiation to SMTP mail relay in `atr/mail.py` (tooling-trusted-releases)
via GitHub
Re: [I] Add STARTTLS initiation to SMTP mail relay in `atr/mail.py` (tooling-trusted-releases)
via GitHub
[I] Add explicit SCM path rejection to `_validate_relpath_string` (tooling-trusted-releases)
via GitHub
Re: [I] Add explicit SCM path rejection to `_validate_relpath_string` (tooling-trusted-releases)
via GitHub
Re: [I] Add explicit SCM path rejection to `_validate_relpath_string` (tooling-trusted-releases)
via GitHub
[I] Document OAuth architecture and ASVS V10.4.x delegation (tooling-trusted-releases)
via GitHub
Re: [I] Document OAuth architecture and ASVS V10.4.x delegation (tooling-trusted-releases)
via GitHub
[I] Replace `assert` with explicit error handling in OAuth callback (a.k.a. document no -O flag usage) (tooling-trusted-releases)
via GitHub
Re: [I] Replace `assert` with explicit error handling in OAuth callback (a.k.a. document no -O flag usage) (tooling-trusted-releases)
via GitHub
Re: [I] Replace `assert` with explicit error handling in OAuth callback (a.k.a. document no -O flag usage) (tooling-trusted-releases)
via GitHub
Re: [I] Replace `assert` with explicit error handling in OAuth callback (a.k.a. document no -O flag usage) (tooling-trusted-releases)
via GitHub
Re: [I] Replace `assert` with explicit error handling in OAuth callback (a.k.a. document no -O flag usage) (tooling-trusted-releases)
via GitHub
Re: [I] Replace `assert` with explicit error handling in OAuth callback (a.k.a. document no -O flag usage) (tooling-trusted-releases)
via GitHub
Re: [I] Replace `assert` with explicit error handling in OAuth callback (a.k.a. document no -O flag usage) (tooling-trusted-releases)
via GitHub
[I] Document approved cryptographic algorithms for the project (tooling-trusted-releases)
via GitHub
Re: [I] Document approved cryptographic algorithms for the project (tooling-trusted-releases)
via GitHub
[I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases)
via GitHub
Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases)
via GitHub
Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases)
via GitHub
Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases)
via GitHub
[I] SSH server: Configure explicit cipher suites, KEX, and MAC algorithms (tooling-trusted-releases)
via GitHub
Re: [I] SSH server: Configure explicit cipher suites, KEX, and MAC algorithms (tooling-trusted-releases)
via GitHub
Re: [I] SSH server: Configure explicit cipher suites, KEX, and MAC algorithms (tooling-trusted-releases)
via GitHub
[I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases)
via GitHub
Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases)
via GitHub
Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases)
via GitHub
Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases)
via GitHub
Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases)
via GitHub
Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases)
via GitHub
Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases)
via GitHub
[I] Add `nbf` (not-before) claim to internally issued JWTs (tooling-trusted-releases)
via GitHub
Re: [I] Add `nbf` (not-before) claim to internally issued JWTs (tooling-trusted-releases)
via GitHub
[I] Add not-before validation for SSH workflow keys (tooling-trusted-releases)
via GitHub
Re: [I] Add not-before validation for SSH workflow keys (tooling-trusted-releases)
via GitHub
[I] Explicitly reject JWTs containing `jku`, `x5u`, or `jwk` headers (tooling-trusted-releases)
via GitHub
Re: [I] Explicitly reject JWTs containing `jku`, `x5u`, or `jwk` headers (tooling-trusted-releases)
via GitHub
[I] Mark `unverified_header_and_payload` as internal and add security warnings (tooling-trusted-releases)
via GitHub
Re: [I] Mark `unverified_header_and_payload` as internal and add security warnings (tooling-trusted-releases)
via GitHub
[I] Validate JWKS URI against allowlist in GitHub OIDC flow (tooling-trusted-releases)
via GitHub
Re: [I] Validate JWKS URI against allowlist in GitHub OIDC flow (tooling-trusted-releases)
via GitHub
[I] Message sending lacks committee-scoped recipient validation (tooling-trusted-releases)
via GitHub
Re: [I] Message sending lacks committee-scoped recipient validation (tooling-trusted-releases)
via GitHub
[I] Error message says "create" instead of "delete" in `release_delete` (tooling-trusted-releases)
via GitHub
Re: [I] Error message says "create" instead of "delete" in `release_delete` (tooling-trusted-releases)
via GitHub
[I] Incomplete committee validation in project deletion (tooling-trusted-releases)
via GitHub
Re: [I] Incomplete committee validation in project deletion (tooling-trusted-releases)
via GitHub
Re: [I] Incomplete committee validation in project deletion (tooling-trusted-releases)
via GitHub
[I] URL/form parameter mismatch in project category endpoints (tooling-trusted-releases)
via GitHub
[I] Admin override access lacks persistent audit logging (tooling-trusted-releases)
via GitHub
Re: [I] Admin override access lacks persistent audit logging (tooling-trusted-releases)
via GitHub
Re: [I] Admin override access lacks persistent audit logging (tooling-trusted-releases)
via GitHub
Re: [I] Admin override access lacks persistent audit logging (tooling-trusted-releases)
via GitHub
[I] Public download access to draft/pre-release artifacts (tooling-trusted-releases)
via GitHub
Re: [I] Public download access to draft/pre-release artifacts (tooling-trusted-releases)
via GitHub
[I] Token deletion missing ownership validation (tooling-trusted-releases)
via GitHub
Re: [I] Token deletion missing ownership validation (tooling-trusted-releases)
via GitHub
[I] SVN import accepts arbitrary URLs without validation (SSRF) (tooling-trusted-releases)
via GitHub
Re: [I] SVN import accepts arbitrary URLs without validation (SSRF) (tooling-trusted-releases)
via GitHub
[I] Missing authorization on SBOM endpoints (tooling-trusted-releases)
via GitHub
Re: [I] Missing authorization on SBOM endpoints (tooling-trusted-releases)
via GitHub
Re: [I] Missing authorization on SBOM endpoints (tooling-trusted-releases)
via GitHub
[I] Missing authorization on public API check results (tooling-trusted-releases)
via GitHub
Re: [I] Missing authorization on public API check results (tooling-trusted-releases)
via GitHub
Re: [I] Missing authorization on public API check results (tooling-trusted-releases)
via GitHub
Re: [I] Missing authorization on public API check results (tooling-trusted-releases)
via GitHub
[I] Test mode authorization bypass allows all users test committee access (tooling-trusted-releases)
via GitHub
Re: [I] Test mode authorization bypass allows all users test committee access (tooling-trusted-releases)
via GitHub
Re: [I] Test mode authorization bypass allows all users test committee access (tooling-trusted-releases)
via GitHub
Re: [I] Test mode authorization bypass allows all users test committee access (tooling-trusted-releases)
via GitHub
[I] Task worker executes with stale authorization (TOCTOU) (tooling-trusted-releases)
via GitHub
Re: [I] Task worker executes with stale authorization (TOCTOU) (tooling-trusted-releases)
via GitHub
Re: [I] Task worker executes with stale authorization (TOCTOU) (tooling-trusted-releases)
via GitHub
Re: [I] Task worker executes with stale authorization (TOCTOU) (tooling-trusted-releases)
via GitHub
[I] Task worker executes with stale authorization (TOCTOU) (tooling-trusted-releases)
via GitHub
Re: [I] Task worker executes with stale authorization (TOCTOU) (tooling-trusted-releases)
via GitHub
[I] Storage layer accepts arbitrary user IDs for SSH key and PAT creation (tooling-trusted-releases)
via GitHub
Re: [I] Storage layer accepts arbitrary user IDs for SSH key and PAT creation (tooling-trusted-releases)
via GitHub
Re: [I] Storage layer accepts arbitrary user IDs for SSH key and PAT creation (tooling-trusted-releases)
via GitHub
[I] Missing `session.check_access()` in multiple route handlers (tooling-trusted-releases)
via GitHub
Re: [I] Missing `session.check_access()` in multiple route handlers (tooling-trusted-releases)
via GitHub
Re: [I] Missing `session.check_access()` in multiple route handlers (tooling-trusted-releases)
via GitHub
Re: [I] Missing `session.check_access()` in multiple route handlers (tooling-trusted-releases)
via GitHub
Re: [I] Missing `session.check_access()` in multiple route handlers (tooling-trusted-releases)
via GitHub
Re: [I] Missing `session.check_access()` in multiple route handlers (tooling-trusted-releases)
via GitHub
[I] IDOR in distribution delete — missing `check_access()` and form/URL parameter mismatch (tooling-trusted-releases)
via GitHub
Re: [I] IDOR in distribution delete — missing `check_access()` and form/URL parameter mismatch (tooling-trusted-releases)
via GitHub
Re: [I] IDOR in distribution delete — missing `check_access()` and form/URL parameter mismatch (tooling-trusted-releases)
via GitHub
[I] User impersonation via email sender bypass in message.py (tooling-trusted-releases)
via GitHub
Re: [I] User impersonation via email sender bypass in message.py (tooling-trusted-releases)
via GitHub
[PR] Bump astral-sh/setup-uv from 7.2.0 to 7.3.0 (tooling-trusted-releases)
via GitHub
Re: [PR] Bump astral-sh/setup-uv from 7.2.0 to 7.3.0 (tooling-trusted-releases)
via GitHub
[PR] Bump astral-sh/setup-uv from 6.4.3 to 7.3.0 (tooling-releases-client)
via GitHub
Re: [PR] Bump astral-sh/setup-uv from 6.4.3 to 7.3.0 (tooling-releases-client)
via GitHub
Re: [PR] Bump astral-sh/setup-uv from 6.4.3 to 7.3.0 (tooling-releases-client)
via GitHub
[PR] Added merge logging to track file changes (tooling-trusted-releases)
via GitHub
Re: [PR] Added merge logging to track file changes (tooling-trusted-releases)
via GitHub
Re: [PR] Added merge logging to track file changes (tooling-trusted-releases)
via GitHub
Re: [PR] Added merge logging to track file changes (tooling-trusted-releases)
via GitHub
[I] Setup svn credentials to commit to dist/release (tooling-trusted-releases)
via GitHub
Re: [I] Setup svn credentials to commit to dist/release (tooling-trusted-releases)
via GitHub
Re: [I] Setup svn credentials to commit to dist/release (tooling-trusted-releases)
via GitHub
Re: [I] Setup svn credentials to commit to dist/release (tooling-trusted-releases)
via GitHub
Re: [I] Setup svn credentials to commit to dist/release (tooling-trusted-releases)
via GitHub
Re: [I] Setup svn credentials to commit to dist/release (tooling-trusted-releases)
via GitHub
Re: [I] Setup svn credentials to commit to dist/release (tooling-trusted-releases)
via GitHub
[PR] link to svn:dist, not any svn (tooling-trusted-releases)
via GitHub
Re: [PR] link to svn:dist, not any svn (tooling-trusted-releases)
via GitHub
Re: [PR] link to svn:dist, not any svn (tooling-trusted-releases)
via GitHub
Re: [PR] link to svn:dist, not any svn (tooling-trusted-releases)
via GitHub
[PR] clarify: svn:dist not done by ATR yet (tooling-trusted-releases)
via GitHub
Re: [PR] clarify: svn:dist not done by ATR yet (tooling-trusted-releases)
via GitHub
Re: [PR] clarify: svn:dist not done by ATR yet (tooling-trusted-releases)
via GitHub
Re: [PR] clarify: svn:dist not done by ATR yet (tooling-trusted-releases)
via GitHub
[GH] clarify: svn:dist not done by ATR yet (tooling-trusted-releases)
via GitHub
Re: [PR] clarify: svn:dist not done by ATR yet (tooling-trusted-releases)
via GitHub
Re: [PR] clarify: svn:dist not done by ATR yet (tooling-trusted-releases)
via GitHub
[PR] add API and link to svn:dist area (tooling-trusted-releases)
via GitHub
Re: [PR] add API and link to svn:dist area (tooling-trusted-releases)
via GitHub
[I] Classify archives as source by default, and use more advanced classifiers (tooling-trusted-releases)
via GitHub
Re: [I] Classify archives as source by default, and use more advanced classifiers (tooling-trusted-releases)
via GitHub
Re: [I] Classify archives as source by default, and use more advanced classifiers (tooling-trusted-releases)
via GitHub
Re: [I] Classify archives as source by default, and use more advanced classifiers (tooling-trusted-releases)
via GitHub
Re: [I] Classify archives as source by default, and use more advanced classifiers (tooling-trusted-releases)
via GitHub
Re: [I] Classify archives as source by default, and use more advanced classifiers (tooling-trusted-releases)
via GitHub
Re: [I] Classify archives as source by default, and use more advanced classifiers (tooling-trusted-releases)
via GitHub
Re: [I] Classify archives as source by default, and use more advanced classifiers (tooling-trusted-releases)
via GitHub
Re: [I] Classify archives as source by default, and use more advanced classifiers (tooling-trusted-releases)
via GitHub
[PR] Invalidate PATs; fixes #598 (tooling-trusted-releases)
via GitHub
[GH] Invalidate PATs; fixes #598 (tooling-trusted-releases)
via GitHub
Re: [PR] Invalidate PATs; fixes #598 (tooling-trusted-releases)
via GitHub
Re: [PR] Invalidate PATs; fixes #598 (tooling-trusted-releases)
via GitHub
Re: [PR] Invalidate PATs; fixes #598 (tooling-trusted-releases)
via GitHub
[I] Record 3-way merge metadata (tooling-trusted-releases)
via GitHub
Re: [I] Record 3-way merge metadata (tooling-trusted-releases)
via GitHub
Re: [I] Record 3-way merge metadata (tooling-trusted-releases)
via GitHub
Re: [I] Record 3-way merge metadata (tooling-trusted-releases)
via GitHub
Re: [I] Record 3-way merge metadata (tooling-trusted-releases)
via GitHub
[I] Update `cryptography` in asfpy due to CVE-2026-26007 (tooling-trusted-releases)
via GitHub
Re: [I] Update `cryptography` in asfpy due to CVE-2026-26007 (tooling-trusted-releases)
via GitHub
Re: [I] Update `cryptography` in asfpy due to CVE-2026-26007 (tooling-trusted-releases)
via GitHub
Re: [I] Update `cryptography` in asfpy due to CVE-2026-26007 (tooling-trusted-releases)
via GitHub
Re: [I] Update `cryptography` in asfpy due to CVE-2026-26007 (tooling-trusted-releases)
via GitHub
Re: [I] Update `cryptography` in asfpy due to CVE-2026-26007 (tooling-trusted-releases)
via GitHub
[I] Add and use exploratory taint tracking types (tooling-trusted-releases)
via GitHub
Re: [I] Add and use exploratory taint tracking types (tooling-trusted-releases)
via GitHub
Re: [I] Add and use exploratory taint tracking types (tooling-trusted-releases)
via GitHub
Re: [I] Add and use exploratory taint tracking types (tooling-trusted-releases)
via GitHub
Re: [I] Add and use exploratory taint tracking types (tooling-trusted-releases)
via GitHub
Re: [I] Add and use exploratory taint tracking types (tooling-trusted-releases)
via GitHub
Re: [I] Add and use exploratory taint tracking types (tooling-trusted-releases)
via GitHub
Re: [I] Add and use exploratory taint tracking types (tooling-trusted-releases)
via GitHub
[I] Make filename and path validation stricter, and duplicate at point of use (tooling-trusted-releases)
via GitHub
Earlier messages
Later messages