security-discuss  

Messages by Date

• 2025/08/28 Re: New CISA SBOM requirements for public comment Arnout Engelen
• 2025/08/27 New CISA SBOM requirements for public comment Craig Russell
• 2025/03/20 Re: SBOM tooling CVE handling Jarek Potiuk
• 2025/03/20 Re: SBOM tooling CVE handling Gary Gregory
• 2025/03/20 Re: SBOM tooling CVE handling Piotr P. Karwasz
• 2025/03/19 Re: SBOM tooling CVE handling Dave Fisher
• 2025/03/19 Re: SBOM tooling CVE handling Dominik Psenner
• 2025/03/19 SBOM tooling CVE handling Craig Russell
• 2025/03/13 Re: CFP Community Over Code NA Jarek Potiuk
• 2025/03/12 CFP Community Over Code NA Mike Drob
• 2025/02/14 Re: Security Track at the Community Over Code NA ? Jarek Potiuk
• 2025/02/14 Re: Security Track at the Community Over Code NA ? Mike Drob
• 2025/02/14 Re: Security Track at the Community Over Code NA ? Jarek Potiuk
• 2025/02/11 Re: Security Track at the Community Over Code NA ? Christopher Schultz
• 2025/02/11 Re: Security Track at the Community Over Code NA ? Jarek Potiuk
• 2025/02/11 Re: Security Track at the Community Over Code NA ? Mike Drob
• 2025/02/11 Security Track at the Community Over Code NA ? Jarek Potiuk
• 2025/02/10 Re: PMC contact lists Christopher Schultz
• 2025/02/07 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/07 Re: Legal implications of publishing VEX files Gary Gregory
• 2025/02/07 Re: Legal implications of publishing VEX files Olle E. Johansson
• 2025/02/07 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/07 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/06 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/06 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/06 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/06 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/06 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/06 Re: Legal implications of publishing VEX files Arnout Engelen
• 2025/02/06 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/06 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/06 Re: Legal implications of publishing VEX files Mark J Cox
• 2025/02/06 Re: Legal implications of publishing VEX files Lars Francke
• 2025/02/06 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/06 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/06 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/06 Re: Legal implications of publishing VEX files Mark Thomas
• 2025/02/05 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/05 Re: Legal implications of publishing VEX files Gilles Sadowski
• 2025/02/05 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/05 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/05 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/05 Re: Legal implications of publishing VEX files Dirk-Willem van Gulik
• 2025/02/05 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/05 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/05 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/05 Re: Legal implications of publishing VEX files Gary Gregory
• 2025/02/05 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/05 Re: Legal implications of publishing VEX files Gary Gregory
• 2025/02/05 Re: Legal implications of publishing VEX files Arnout Engelen
• 2025/02/05 Legal implications of publishing VEX files Piotr P. Karwasz
• 2024/12/24 Re: Struts / CVE-2024-53677 Lukasz Lenart
• 2024/12/19 Re: Struts / CVE-2024-53677 Mads Toftum
• 2024/12/19 AW: Struts / CVE-2024-53677 s.goetz
• 2024/12/19 Re: Struts / CVE-2024-53677 Arnout Engelen
• 2024/12/19 Re: Struts / CVE-2024-53677 Jarek Potiuk
• 2024/12/18 Struts / CVE-2024-53677 Dirk-Willem van Gulik
• 2024/11/19 Re: [DISCUSS] Funnding available for security for individual maintainers (follow up from last infra roundtable) Jarek Potiuk
• 2024/11/16 [DISCUSS] Funnding available for security for individual maintainers (follow up from last infra roundtable) Jarek Potiuk
• 2024/11/07 Re: SBOM for existing project: DB JDO Arnout Engelen
• 2024/11/07 Re: SBOM for existing project: DB JDO Lars Francke
• 2024/11/06 Re: SBOM for existing project: DB JDO Piotr P. Karwasz
• 2024/11/06 Re: SBOM for existing project: DB JDO Jarek Potiuk
• 2024/11/06 SBOM for existing project: DB JDO Craig Russell
• 2024/10/31 Re: Problems with `@community` lists Olle E. Johansson
• 2024/10/30 Re: Problems with `@community` lists Piotr P. Karwasz
• 2024/10/30 Re: Problems with `@community` lists Dominik Psenner
• 2024/10/30 Re: Problems with `@community` lists Arnout Engelen
• 2024/10/30 Re: Problems with `@community` lists Dirk-Willem van Gulik
• 2024/10/30 Problems with `@community` lists Piotr P. Karwasz
• 2024/10/29 Re: SBOM repository & graph Gilles Sadowski
• 2024/10/29 Re: SBOM repository & graph Arnout Engelen
• 2024/10/29 Re: SBOM repository & graph Arnout Engelen
• 2024/10/28 Re: SBOM repository & graph Herve Boutemy
• 2024/10/27 Re: SBOM repository & graph Paul King
• 2024/10/27 Re: SBOM repository & graph Herve Boutemy
• 2024/10/24 Re: SBOM repository & graph Piotr P. Karwasz
• 2024/10/22 Re: SBOM repository & graph Jarek Potiuk
• 2024/10/22 Re: SBOM repository & graph Arnout Engelen
• 2024/10/22 Re: SBOM repository & graph Gary Gregory
• 2024/10/22 Re: SBOM repository & graph Lars Francke
• 2024/10/22 Re: SBOM repository & graph Jarek Potiuk
• 2024/10/22 Re: SBOM repository & graph Arnout Engelen
• 2024/10/22 Re: SBOM repository & graph Lars Francke
• 2024/10/22 Re: SBOM repository & graph Jarek Potiuk
• 2024/10/22 Re: SBOM repository & graph Gary Gregory
• 2024/10/22 Re: SBOM repository & graph Piotr P. Karwasz
• 2024/10/22 Re: Vulnerabilities in projects in / heading to the attic Jarek Potiuk
• 2024/10/22 Re: Vulnerabilities in projects in / heading to the attic Arnout Engelen
• 2024/10/22 Re: SBOM repository & graph Arnout Engelen
• 2024/10/21 Re: SBOM repository & graph Gary Gregory
• 2024/10/21 Re: SBOM repository & graph Jarek Potiuk
• 2024/10/21 Re: SBOM repository & graph Andrea Cosentino
• 2024/10/21 SBOM repository & graph Arnout Engelen
• 2024/10/17 Re: Working list of recommendations for projects Jarek Potiuk
• 2024/10/17 Re: Working list of recommendations for projects Gilles Sadowski
• 2024/10/17 Re: Working list of recommendations for projects Piotr P. Karwasz
• 2024/10/16 Re: Working list of recommendations for projects Dominik Psenner
• 2024/10/16 Re: Working list of recommendations for projects Gary Gregory
• 2024/10/16 Re: Working list of recommendations for projects Gilles Sadowski
• 2024/10/16 Re: Working list of recommendations for projects Dominik Psenner
• 2024/10/16 Re: Working list of recommendations for projects Piotr P. Karwasz
• 2024/10/16 Re: Working list of recommendations for projects Gilles Sadowski
• 2024/10/16 Re: Working list of recommendations for projects Piotr P. Karwasz
• 2024/10/16 Re: Working list of recommendations for projects Jarek Potiuk
• 2024/10/16 Re: Working list of recommendations for projects Gilles Sadowski
• 2024/10/15 Re: Working list of recommendations for projects Piotr P. Karwasz
• 2024/10/15 Re: Working list of recommendations for projects Christopher Schultz
• 2024/10/15 Re: Vulnerabilities in projects in / heading to the attic Christopher Schultz
• 2024/10/15 Re: Working list of recommendations for projects Jarek Potiuk
• 2024/10/15 Re: Working list of recommendations for projects Brian Demers
• 2024/10/15 Re: Working list of recommendations for projects Mark J Cox
• 2024/10/14 Re: Working list of recommendations for projects Jarek Potiuk
• 2024/10/14 Re: Vulnerabilities in projects in / heading to the attic Jarek Potiuk
• 2024/10/14 Re: Vulnerabilities in projects in / heading to the attic Christopher Schultz
• 2024/10/13 Re: Vulnerabilities in projects in / heading to the attic Jarek Potiuk
• 2024/10/11 Re: Projects struggling to response to vulnerability reports Jarek Potiuk
• 2024/10/11 Re: PMC contact lists Mark Thomas
• 2024/10/11 Re: PMC contact lists Gary Gregory
• 2024/10/11 Re: PMC contact lists Dominik Psenner
• 2024/10/11 Re: PMC contact lists Jarek Potiuk
• 2024/10/11 Re: PMC contact lists Gary Gregory
• 2024/10/11 Re: PMC contact lists Shawn McKinney
• 2024/10/11 Re: Projects struggling to response to vulnerability reports Arnout Engelen
• 2024/10/10 Re: Vulnerabilities in projects in / heading to the attic Mike Drob
• 2024/10/10 Re: Vulnerabilities in projects in / heading to the attic Jarek Potiuk
• 2024/10/10 Re: Vulnerabilities in projects in / heading to the attic Phil Steitz
• 2024/10/10 Re: PMC contact lists Christopher Schultz
• 2024/10/10 Re: PMC contact lists Dominik Psenner
• 2024/10/10 Re: PMC contact lists Piotr P. Karwasz
• 2024/10/10 Re: Vulnerabilities in projects in / heading to the attic PJ Fanning
• 2024/10/10 Re: Working list of recommendations for projects Christopher Schultz
• 2024/10/10 Re: Working list of recommendations for projects Christopher Schultz
• 2024/10/10 Re: Projects struggling to response to vulnerability reports Andrea Cosentino
• 2024/10/10 Re: PMC contact lists Jeff Jirsa
• 2024/10/10 Re: Projects struggling to response to vulnerability reports Jeff Jirsa
• 2024/10/10 Re: Working list of recommendations for projects Lars Francke
• 2024/10/10 Re: Working list of recommendations for projects Mark J Cox
• 2024/10/10 Re: PMC contact lists Gary Gregory
• 2024/10/10 Working list of recommendations for projects Christopher Schultz
• 2024/10/10 Re: Vulnerabilities in projects in / heading to the attic Mark Thomas
• 2024/10/10 Re: PMC contact lists Mark Thomas
• 2024/10/10 Projects struggling to response to vulnerability reports Mark Thomas
• 2024/10/10 Re: Vulnerabilities in projects in / heading to the attic Gary Gregory
• 2024/10/10 Re: PMC contact lists Gary Gregory
• 2024/10/10 Re: Vulnerabilities in projects in / heading to the attic Gilles Sadowski
• 2024/10/10 Vulnerabilities in projects in / heading to the attic Mark Thomas
• 2024/10/10 PMC contact lists Mark Thomas
• 2024/09/03 Re: Tomcat security model Mark Thomas
• 2024/09/02 Re: Tomcat security model Jarek Potiuk
• 2024/08/29 Tomcat security model Mark Thomas
• 2024/06/25 Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
• 2024/06/25 Re: Using Github Actions Trusted Publisher for PyPI releases ? Dave Fisher
• 2024/06/25 Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
• 2024/06/20 Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
• 2024/06/20 Re: Using Github Actions Trusted Publisher for PyPI releases ? Greg Stein
• 2024/06/20 Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
• 2024/06/20 Re: Using Github Actions Trusted Publisher for PyPI releases ? Piotr P. Karwasz
• 2024/06/20 Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
• 2024/06/20 Re: Using Github Actions Trusted Publisher for PyPI releases ? Gary Gregory
• 2024/06/20 Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
• 2024/06/14 Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
• 2024/06/14 Re: Using Github Actions Trusted Publisher for PyPI releases ? Mark Thomas
• 2024/06/14 Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
• 2024/05/29 Re: Pixee AI Roman Shaposhnik
• 2024/05/29 Pixee AI Mike Drob
• 2024/05/29 Re: Siren by OpenSSF Jarek Potiuk
• 2024/05/29 Re: Siren by OpenSSF Arnout Engelen
• 2024/05/03 Re: Package URLs for Apache Tomcat distributions von Loewenstein, Jan
• 2024/05/03 Re: Package URLs for Apache Tomcat distributions Lars Francke
• 2024/05/03 Re: Package URLs for Apache Tomcat distributions Arnout Engelen
• 2024/04/25 Re: Vulnerability found in your website ! Apache Security Team
• 2024/04/16 Re: Package URLs for Apache Tomcat distributions Piotr P. Karwasz
• 2024/04/15 Re: Package URLs for Apache Tomcat distributions von Loewenstein, Jan
• 2024/04/09 Fwd: Board report for this month (draft) Dirk-Willem van Gulik
• 2024/04/04 Re: Binary blobs in source trees Brian Demers
• 2024/04/04 Re: Binary blobs in source trees Emmanuel Lécharny
• 2024/04/04 Re: Binary blobs in source trees Stefan Bodewig
• 2024/04/04 Re: Binary blobs in source trees Stefan Bodewig
• 2024/04/04 Re: Binary blobs in source trees Graham Leggett
• 2024/04/04 Re: Binary blobs in source trees giovanni
• 2024/04/04 Re: Binary blobs in source trees Stefan Bodewig
• 2024/04/03 Re: Binary blobs in source trees Gary Gregory
• 2024/04/03 Re: Binary blobs in source trees Jarek Potiuk
• 2024/04/03 Re: Binary blobs in source trees Emmanuel Lécharny
• 2024/04/03 Re: Binary blobs in source trees Dirk-Willem van Gulik
• 2024/04/03 Re: Binary blobs in source trees Graham Leggett
• 2024/04/02 Re: Binary blobs in source trees Gary Gregory
• 2024/04/02 XZ, covert actions, Industry limits - drugs-smuggling Dirk-Willem van Gulik
• 2024/04/02 Re: Binary blobs in source trees Dirk-Willem van Gulik
• 2024/04/02 Re: Binary blobs in source trees Dominik Psenner
• 2024/04/02 Re: Binary blobs in source trees Nick Wellnhofer
• 2024/04/02 Re: Binary blobs in source trees Gary Gregory
• 2024/04/02 Binary blobs in source trees Mike Drob
• 2024/04/02 Re: [DISCUSS] Should we update our policies to include source provenance check Jarek Potiuk
• 2024/04/02 Re: [DISCUSS] Should we update our policies to include source provenance check sebb
• 2024/04/02 Re: [DISCUSS] Should we update our policies to include source provenance check Piotr P. Karwasz
• 2024/04/02 Re: [DISCUSS] Should we update our policies to include source provenance check Mark Thomas
• 2024/04/02 Re: [DISCUSS] Should we update our policies to include source provenance check Philippe Ombredanne
• 2024/04/02 Re: [DISCUSS] Should we update our policies to include source provenance check sebb

• Earlier messages