security-discuss  

Messages by Thread

• New CISA SBOM requirements for public comment Craig Russell
  • Re: New CISA SBOM requirements for public comment Arnout Engelen
• SBOM tooling CVE handling Craig Russell
  • Re: SBOM tooling CVE handling Dominik Psenner
  • Re: SBOM tooling CVE handling Dave Fisher
  • Re: SBOM tooling CVE handling Piotr P. Karwasz
  • Re: SBOM tooling CVE handling Gary Gregory
  • Re: SBOM tooling CVE handling Jarek Potiuk
• CFP Community Over Code NA Mike Drob
  • Re: CFP Community Over Code NA Jarek Potiuk
• Security Track at the Community Over Code NA ? Jarek Potiuk
  • Re: Security Track at the Community Over Code NA ? Mike Drob
  • Re: Security Track at the Community Over Code NA ? Jarek Potiuk
  • Re: Security Track at the Community Over Code NA ? Christopher Schultz
  • Re: Security Track at the Community Over Code NA ? Jarek Potiuk
  • Re: Security Track at the Community Over Code NA ? Mike Drob
  • Re: Security Track at the Community Over Code NA ? Jarek Potiuk
• Legal implications of publishing VEX files Piotr P. Karwasz
  • Re: Legal implications of publishing VEX files Arnout Engelen
  • Re: Legal implications of publishing VEX files Piotr P. Karwasz
  • Re: Legal implications of publishing VEX files Jarek Potiuk
  • Re: Legal implications of publishing VEX files Olle E. Johansson
  • Re: Legal implications of publishing VEX files Piotr P. Karwasz
  • Re: Legal implications of publishing VEX files Gary Gregory
  • Re: Legal implications of publishing VEX files Gary Gregory
  • Re: Legal implications of publishing VEX files Piotr P. Karwasz
  • Re: Legal implications of publishing VEX files Gary Gregory
  • Re: Legal implications of publishing VEX files Piotr P. Karwasz
  • Re: Legal implications of publishing VEX files Jarek Potiuk
  • Re: Legal implications of publishing VEX files Piotr P. Karwasz
  • Re: Legal implications of publishing VEX files Piotr P. Karwasz
  • Re: Legal implications of publishing VEX files Jarek Potiuk
  • Re: Legal implications of publishing VEX files Dirk-Willem van Gulik
  • Re: Legal implications of publishing VEX files Jarek Potiuk
  • Re: Legal implications of publishing VEX files Gilles Sadowski
  • Re: Legal implications of publishing VEX files Jarek Potiuk
  • Re: Legal implications of publishing VEX files Mark Thomas
  • Re: Legal implications of publishing VEX files Jarek Potiuk
  • Re: Legal implications of publishing VEX files Jarek Potiuk
  • Re: Legal implications of publishing VEX files Jarek Potiuk
  • Re: Legal implications of publishing VEX files Lars Francke
  • Re: Legal implications of publishing VEX files Piotr P. Karwasz
  • Re: Legal implications of publishing VEX files Jarek Potiuk
  • Re: Legal implications of publishing VEX files Arnout Engelen
  • Re: Legal implications of publishing VEX files Piotr P. Karwasz
  • Re: Legal implications of publishing VEX files Piotr P. Karwasz
  • Re: Legal implications of publishing VEX files Jarek Potiuk
  • Re: Legal implications of publishing VEX files Jarek Potiuk
  • Re: Legal implications of publishing VEX files Piotr P. Karwasz
  • Re: Legal implications of publishing VEX files Mark J Cox
• Struts / CVE-2024-53677 Dirk-Willem van Gulik
  • Re: Struts / CVE-2024-53677 Jarek Potiuk
  • Re: Struts / CVE-2024-53677 Arnout Engelen
  • AW: Struts / CVE-2024-53677 s.goetz
  • Re: Struts / CVE-2024-53677 Mads Toftum
  • Re: Struts / CVE-2024-53677 Lukasz Lenart
• [DISCUSS] Funnding available for security for individual maintainers (follow up from last infra roundtable) Jarek Potiuk
  • Re: [DISCUSS] Funnding available for security for individual maintainers (follow up from last infra roundtable) Jarek Potiuk
• SBOM for existing project: DB JDO Craig Russell
  • Re: SBOM for existing project: DB JDO Jarek Potiuk
  • Re: SBOM for existing project: DB JDO Piotr P. Karwasz
  • Re: SBOM for existing project: DB JDO Lars Francke
  • Re: SBOM for existing project: DB JDO Arnout Engelen
• Problems with `@community` lists Piotr P. Karwasz
  • Re: Problems with `@community` lists Arnout Engelen
  • Re: Problems with `@community` lists Dirk-Willem van Gulik
  • Re: Problems with `@community` lists Dominik Psenner
  • Re: Problems with `@community` lists Olle E. Johansson
  • Re: Problems with `@community` lists Piotr P. Karwasz
• SBOM repository & graph Arnout Engelen
  • Re: SBOM repository & graph Andrea Cosentino
  • Re: SBOM repository & graph Jarek Potiuk
  • Re: SBOM repository & graph Gary Gregory
  • Re: SBOM repository & graph Arnout Engelen
  • Re: SBOM repository & graph Piotr P. Karwasz
  • Re: SBOM repository & graph Gary Gregory
  • Re: SBOM repository & graph Jarek Potiuk
  • Re: SBOM repository & graph Arnout Engelen
  • Re: SBOM repository & graph Jarek Potiuk
  • Re: SBOM repository & graph Lars Francke
  • Re: SBOM repository & graph Piotr P. Karwasz
  • Re: SBOM repository & graph Arnout Engelen
  • Re: SBOM repository & graph Jarek Potiuk
  • Re: SBOM repository & graph Lars Francke
  • Re: SBOM repository & graph Gary Gregory
  • Re: SBOM repository & graph Herve Boutemy
  • Re: SBOM repository & graph Arnout Engelen
  • Re: SBOM repository & graph Paul King
  • Re: SBOM repository & graph Arnout Engelen
  • Re: SBOM repository & graph Gilles Sadowski
  • Re: SBOM repository & graph Herve Boutemy
• Working list of recommendations for projects Christopher Schultz
  • Re: Working list of recommendations for projects Mark J Cox
  • Re: Working list of recommendations for projects Lars Francke
  • Re: Working list of recommendations for projects Christopher Schultz
  • Re: Working list of recommendations for projects Jarek Potiuk
  • Re: Working list of recommendations for projects Mark J Cox
  • Re: Working list of recommendations for projects Brian Demers
  • Re: Working list of recommendations for projects Jarek Potiuk
  • Re: Working list of recommendations for projects Christopher Schultz
  • Re: Working list of recommendations for projects Christopher Schultz
  • Re: Working list of recommendations for projects Piotr P. Karwasz
  • Re: Working list of recommendations for projects Gilles Sadowski
  • Re: Working list of recommendations for projects Jarek Potiuk
  • Re: Working list of recommendations for projects Piotr P. Karwasz
  • Re: Working list of recommendations for projects Gilles Sadowski
  • Re: Working list of recommendations for projects Piotr P. Karwasz
  • Re: Working list of recommendations for projects Dominik Psenner
  • Re: Working list of recommendations for projects Gilles Sadowski
  • Re: Working list of recommendations for projects Gary Gregory
  • Re: Working list of recommendations for projects Dominik Psenner
  • Re: Working list of recommendations for projects Piotr P. Karwasz
  • Re: Working list of recommendations for projects Gilles Sadowski
  • Re: Working list of recommendations for projects Jarek Potiuk
• Projects struggling to response to vulnerability reports Mark Thomas
  • Re: Projects struggling to response to vulnerability reports Jeff Jirsa
  • Re: Projects struggling to response to vulnerability reports Andrea Cosentino
  • Re: Projects struggling to response to vulnerability reports Arnout Engelen
  • Re: Projects struggling to response to vulnerability reports Jarek Potiuk
• Vulnerabilities in projects in / heading to the attic Mark Thomas
  • Re: Vulnerabilities in projects in / heading to the attic Gilles Sadowski
  • Re: Vulnerabilities in projects in / heading to the attic Mark Thomas
  • Re: Vulnerabilities in projects in / heading to the attic PJ Fanning
  • Re: Vulnerabilities in projects in / heading to the attic Gary Gregory
  • Re: Vulnerabilities in projects in / heading to the attic Phil Steitz
  • Re: Vulnerabilities in projects in / heading to the attic Jarek Potiuk
  • Re: Vulnerabilities in projects in / heading to the attic Mike Drob
  • Re: Vulnerabilities in projects in / heading to the attic Jarek Potiuk
  • Re: Vulnerabilities in projects in / heading to the attic Christopher Schultz
  • Re: Vulnerabilities in projects in / heading to the attic Jarek Potiuk
  • Re: Vulnerabilities in projects in / heading to the attic Christopher Schultz
  • Re: Vulnerabilities in projects in / heading to the attic Arnout Engelen
  • Re: Vulnerabilities in projects in / heading to the attic Jarek Potiuk
• PMC contact lists Mark Thomas
  • Re: PMC contact lists Gary Gregory
  • Re: PMC contact lists Mark Thomas
  • Re: PMC contact lists Gary Gregory
  • Re: PMC contact lists Jeff Jirsa
  • Re: PMC contact lists Dominik Psenner
  • Re: PMC contact lists Christopher Schultz
  • Re: PMC contact lists Shawn McKinney
  • Re: PMC contact lists Gary Gregory
  • Re: PMC contact lists Jarek Potiuk
  • Re: PMC contact lists Dominik Psenner
  • Re: PMC contact lists Gary Gregory
  • Re: PMC contact lists Mark Thomas
  • Re: PMC contact lists Christopher Schultz
  • Re: PMC contact lists Piotr P. Karwasz
• Tomcat security model Mark Thomas
  • Re: Tomcat security model Jarek Potiuk
  • Re: Tomcat security model Mark Thomas
• Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
  • Re: Using Github Actions Trusted Publisher for PyPI releases ? Mark Thomas
  • Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
  • Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
  • Re: Using Github Actions Trusted Publisher for PyPI releases ? Gary Gregory
  • Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
  • Re: Using Github Actions Trusted Publisher for PyPI releases ? Piotr P. Karwasz
  • Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
  • Re: Using Github Actions Trusted Publisher for PyPI releases ? Greg Stein
  • Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
  • Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
  • Re: Using Github Actions Trusted Publisher for PyPI releases ? Dave Fisher
  • Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
• Pixee AI Mike Drob
  • Re: Pixee AI Roman Shaposhnik
• Re: Siren by OpenSSF Arnout Engelen
  • Re: Siren by OpenSSF Jarek Potiuk
• Re: Vulnerability found in your website ! Apache Security Team
• Re: Package URLs for Apache Tomcat distributions von Loewenstein, Jan
  • Re: Package URLs for Apache Tomcat distributions Piotr P. Karwasz
  • Re: Package URLs for Apache Tomcat distributions Arnout Engelen
  • Re: Package URLs for Apache Tomcat distributions Lars Francke
  • Re: Package URLs for Apache Tomcat distributions von Loewenstein, Jan
• Fwd: Board report for this month (draft) Dirk-Willem van Gulik
• XZ, covert actions, Industry limits - drugs-smuggling Dirk-Willem van Gulik
• Binary blobs in source trees Mike Drob
  • Re: Binary blobs in source trees Gary Gregory
  • Re: Binary blobs in source trees Nick Wellnhofer
  • Re: Binary blobs in source trees Dominik Psenner
  • Re: Binary blobs in source trees Dirk-Willem van Gulik
  • Re: Binary blobs in source trees Gary Gregory
  • Re: Binary blobs in source trees Graham Leggett
  • Re: Binary blobs in source trees Dirk-Willem van Gulik
  • Re: Binary blobs in source trees Emmanuel Lécharny
  • Re: Binary blobs in source trees Jarek Potiuk
  • Re: Binary blobs in source trees Gary Gregory
  • Re: Binary blobs in source trees Stefan Bodewig
  • Re: Binary blobs in source trees Emmanuel Lécharny
  • Re: Binary blobs in source trees Stefan Bodewig
  • Re: Binary blobs in source trees giovanni
  • Re: Binary blobs in source trees Graham Leggett
  • Re: Binary blobs in source trees Stefan Bodewig
  • Re: Binary blobs in source trees Brian Demers
• [DISCUSS] Should we update our policies to include source provenance check Jarek Potiuk
  • Re: [DISCUSS] Should we update our policies to include source provenance check sebb
  • Re: [DISCUSS] Should we update our policies to include source provenance check Jarek Potiuk
  • AW: [DISCUSS] Should we update our policies to include source provenance check Christofer Dutz
  • Re: [DISCUSS] Should we update our policies to include source provenance check sebb
  • Re: [DISCUSS] Should we update our policies to include source provenance check Mark Thomas

• Earlier messages