security-discuss  

Messages by Date

• 2026/03/29 Re: Access to code signing on GHA without a reproducible process? Jarek Potiuk
• 2026/03/29 Re: Access to code signing on GHA without a reproducible process? Piotr P. Karwasz
• 2026/03/26 Re: Access to code signing on GHA without a reproducible process? Neil C Smith
• 2026/03/25 Re: Access to code signing on GHA without a reproducible process? Neil C Smith
• 2026/03/25 Re: Access to code signing on GHA without a reproducible process? Mark Thomas
• 2026/03/22 Re: Access to code signing on GHA without a reproducible process? Neil C Smith
• 2026/03/22 Re: Access to code signing on GHA without a reproducible process? Jarek Potiuk
• 2026/03/22 Re: Access to code signing on GHA without a reproducible process? Neil C Smith
• 2026/03/21 Re: Access to code signing on GHA without a reproducible process? Jarek Potiuk
• 2026/03/21 Re: Access to code signing on GHA without a reproducible process? Neil C Smith
• 2026/03/21 Re: Access to code signing on GHA without a reproducible process? Jarek Potiuk
• 2026/03/19 Re: Access to code signing on GHA without a reproducible process? Neil C Smith
• 2026/03/18 Re: Access to code signing on GHA without a reproducible process? Piotr P. Karwasz
• 2026/03/18 Access to code signing on GHA without a reproducible process? Neil C Smith
• 2026/02/03 Re: [OFE Open Source Community List] Invitation to contribute: SBOM Implementation Guide consultation Kanchana Welagedara
• 2026/01/28 Re: [OFE Open Source Community List] Invitation to contribute: SBOM Implementation Guide consultation Srivatsava s
• 2026/01/27 Re: [OFE Open Source Community List] Invitation to contribute: SBOM Implementation Guide consultation Dirk-Willem van Gulik
• 2026/01/23 Re: [OFE Open Source Community List] Invitation to contribute: SBOM Implementation Guide consultation Kanchana Welagedara
• 2026/01/23 Fwd: [OFE Open Source Community List] Invitation to contribute: SBOM Implementation Guide consultation Dirk-Willem van Gulik
• 2025/11/01 Re: Security and Release Question from NPM Project Perspective Piotr P. Karwasz
• 2025/11/01 Re: Security and Release Question from NPM Project Perspective Jarek Potiuk
• 2025/11/01 Re: Security and Release Question from NPM Project Perspective Bryan Ellis
• 2025/10/31 Re: Security and Release Question from NPM Project Perspective Jarek Potiuk
• 2025/10/31 Re: Security and Release Question from NPM Project Perspective Piotr P. Karwasz
• 2025/10/31 Re: Security and Release Question from NPM Project Perspective Mark Thomas
• 2025/10/30 Security and Release Question from NPM Project Perspective Bryan Ellis
• 2025/10/30 Re: Reg the addressing of critical and high vulnerabilities Apache Security Team
• 2025/10/24 Re: Releasing without disclosing a known security vulnerability Christopher Schultz
• 2025/10/24 Re: Releasing without disclosing a known security vulnerability Olle E. Johansson
• 2025/10/24 Re: Releasing without disclosing a known security vulnerability G.W. Haywood
• 2025/10/24 Re: Releasing without disclosing a known security vulnerability Mark Thomas
• 2025/10/24 Re: Releasing without disclosing a known security vulnerability Olle E. Johansson
• 2025/10/23 Re: Releasing without disclosing a known security vulnerability Piotr P. Karwasz
• 2025/10/23 Re: Releasing without disclosing a known security vulnerability Jarek Potiuk
• 2025/10/23 Re: Releasing without disclosing a known security vulnerability Mark J Cox
• 2025/10/23 Releasing without disclosing a known security vulnerability Mark Thomas
• 2025/10/20 Re: SBOM files for the Apache DB JDO Project Bouschen, Michael
• 2025/10/18 Fwd: Draft delegated act for the CRA - public consultation Dirk-Willem van Gulik
• 2025/10/18 Re: SBOM files for the Apache DB JDO Project Piotr P. Karwasz
• 2025/10/17 Re: SBOM files for the Apache DB JDO Project Jarek Potiuk
• 2025/09/20 Re: SBOM files for the Apache DB JDO Project Lars Francke
• 2025/09/15 RE: Re: SBOM files for the Apache DB JDO Project Michael Bouschen
• 2025/09/07 Re: SBOM files for the Apache DB JDO Project Piotr P. Karwasz
• 2025/08/28 Re: New CISA SBOM requirements for public comment Arnout Engelen
• 2025/08/27 New CISA SBOM requirements for public comment Craig Russell
• 2025/03/20 Re: SBOM tooling CVE handling Jarek Potiuk
• 2025/03/20 Re: SBOM tooling CVE handling Gary Gregory
• 2025/03/20 Re: SBOM tooling CVE handling Piotr P. Karwasz
• 2025/03/19 Re: SBOM tooling CVE handling Dave Fisher
• 2025/03/19 Re: SBOM tooling CVE handling Dominik Psenner
• 2025/03/19 SBOM tooling CVE handling Craig Russell
• 2025/03/13 Re: CFP Community Over Code NA Jarek Potiuk
• 2025/03/12 CFP Community Over Code NA Mike Drob
• 2025/02/14 Re: Security Track at the Community Over Code NA ? Jarek Potiuk
• 2025/02/14 Re: Security Track at the Community Over Code NA ? Mike Drob
• 2025/02/14 Re: Security Track at the Community Over Code NA ? Jarek Potiuk
• 2025/02/11 Re: Security Track at the Community Over Code NA ? Christopher Schultz
• 2025/02/11 Re: Security Track at the Community Over Code NA ? Jarek Potiuk
• 2025/02/11 Re: Security Track at the Community Over Code NA ? Mike Drob
• 2025/02/11 Security Track at the Community Over Code NA ? Jarek Potiuk
• 2025/02/10 Re: PMC contact lists Christopher Schultz
• 2025/02/07 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/07 Re: Legal implications of publishing VEX files Gary Gregory
• 2025/02/07 Re: Legal implications of publishing VEX files Olle E. Johansson
• 2025/02/07 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/07 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/06 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/06 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/06 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/06 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/06 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/06 Re: Legal implications of publishing VEX files Arnout Engelen
• 2025/02/06 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/06 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/06 Re: Legal implications of publishing VEX files Mark J Cox
• 2025/02/06 Re: Legal implications of publishing VEX files Lars Francke
• 2025/02/06 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/06 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/06 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/06 Re: Legal implications of publishing VEX files Mark Thomas
• 2025/02/05 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/05 Re: Legal implications of publishing VEX files Gilles Sadowski
• 2025/02/05 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/05 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/05 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/05 Re: Legal implications of publishing VEX files Dirk-Willem van Gulik
• 2025/02/05 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/05 Re: Legal implications of publishing VEX files Jarek Potiuk
• 2025/02/05 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/05 Re: Legal implications of publishing VEX files Gary Gregory
• 2025/02/05 Re: Legal implications of publishing VEX files Piotr P. Karwasz
• 2025/02/05 Re: Legal implications of publishing VEX files Gary Gregory
• 2025/02/05 Re: Legal implications of publishing VEX files Arnout Engelen
• 2025/02/05 Legal implications of publishing VEX files Piotr P. Karwasz
• 2024/12/24 Re: Struts / CVE-2024-53677 Lukasz Lenart
• 2024/12/19 Re: Struts / CVE-2024-53677 Mads Toftum
• 2024/12/19 AW: Struts / CVE-2024-53677 s.goetz
• 2024/12/19 Re: Struts / CVE-2024-53677 Arnout Engelen
• 2024/12/19 Re: Struts / CVE-2024-53677 Jarek Potiuk
• 2024/12/18 Struts / CVE-2024-53677 Dirk-Willem van Gulik
• 2024/11/19 Re: [DISCUSS] Funnding available for security for individual maintainers (follow up from last infra roundtable) Jarek Potiuk
• 2024/11/16 [DISCUSS] Funnding available for security for individual maintainers (follow up from last infra roundtable) Jarek Potiuk
• 2024/11/07 Re: SBOM for existing project: DB JDO Arnout Engelen
• 2024/11/07 Re: SBOM for existing project: DB JDO Lars Francke
• 2024/11/06 Re: SBOM for existing project: DB JDO Piotr P. Karwasz
• 2024/11/06 Re: SBOM for existing project: DB JDO Jarek Potiuk
• 2024/11/06 SBOM for existing project: DB JDO Craig Russell
• 2024/10/31 Re: Problems with `@community` lists Olle E. Johansson
• 2024/10/30 Re: Problems with `@community` lists Piotr P. Karwasz
• 2024/10/30 Re: Problems with `@community` lists Dominik Psenner
• 2024/10/30 Re: Problems with `@community` lists Arnout Engelen
• 2024/10/30 Re: Problems with `@community` lists Dirk-Willem van Gulik
• 2024/10/30 Problems with `@community` lists Piotr P. Karwasz
• 2024/10/29 Re: SBOM repository & graph Gilles Sadowski
• 2024/10/29 Re: SBOM repository & graph Arnout Engelen
• 2024/10/29 Re: SBOM repository & graph Arnout Engelen
• 2024/10/28 Re: SBOM repository & graph Herve Boutemy
• 2024/10/27 Re: SBOM repository & graph Paul King
• 2024/10/27 Re: SBOM repository & graph Herve Boutemy
• 2024/10/24 Re: SBOM repository & graph Piotr P. Karwasz
• 2024/10/22 Re: SBOM repository & graph Jarek Potiuk
• 2024/10/22 Re: SBOM repository & graph Arnout Engelen
• 2024/10/22 Re: SBOM repository & graph Gary Gregory
• 2024/10/22 Re: SBOM repository & graph Lars Francke
• 2024/10/22 Re: SBOM repository & graph Jarek Potiuk
• 2024/10/22 Re: SBOM repository & graph Arnout Engelen
• 2024/10/22 Re: SBOM repository & graph Lars Francke
• 2024/10/22 Re: SBOM repository & graph Jarek Potiuk
• 2024/10/22 Re: SBOM repository & graph Gary Gregory
• 2024/10/22 Re: SBOM repository & graph Piotr P. Karwasz
• 2024/10/22 Re: Vulnerabilities in projects in / heading to the attic Jarek Potiuk
• 2024/10/22 Re: Vulnerabilities in projects in / heading to the attic Arnout Engelen
• 2024/10/22 Re: SBOM repository & graph Arnout Engelen
• 2024/10/21 Re: SBOM repository & graph Gary Gregory
• 2024/10/21 Re: SBOM repository & graph Jarek Potiuk
• 2024/10/21 Re: SBOM repository & graph Andrea Cosentino
• 2024/10/21 SBOM repository & graph Arnout Engelen
• 2024/10/17 Re: Working list of recommendations for projects Jarek Potiuk
• 2024/10/17 Re: Working list of recommendations for projects Gilles Sadowski
• 2024/10/17 Re: Working list of recommendations for projects Piotr P. Karwasz
• 2024/10/16 Re: Working list of recommendations for projects Dominik Psenner
• 2024/10/16 Re: Working list of recommendations for projects Gary Gregory
• 2024/10/16 Re: Working list of recommendations for projects Gilles Sadowski
• 2024/10/16 Re: Working list of recommendations for projects Dominik Psenner
• 2024/10/16 Re: Working list of recommendations for projects Piotr P. Karwasz
• 2024/10/16 Re: Working list of recommendations for projects Gilles Sadowski
• 2024/10/16 Re: Working list of recommendations for projects Piotr P. Karwasz
• 2024/10/16 Re: Working list of recommendations for projects Jarek Potiuk
• 2024/10/16 Re: Working list of recommendations for projects Gilles Sadowski
• 2024/10/15 Re: Working list of recommendations for projects Piotr P. Karwasz
• 2024/10/15 Re: Working list of recommendations for projects Christopher Schultz
• 2024/10/15 Re: Vulnerabilities in projects in / heading to the attic Christopher Schultz
• 2024/10/15 Re: Working list of recommendations for projects Jarek Potiuk
• 2024/10/15 Re: Working list of recommendations for projects Brian Demers
• 2024/10/15 Re: Working list of recommendations for projects Mark J Cox
• 2024/10/14 Re: Working list of recommendations for projects Jarek Potiuk
• 2024/10/14 Re: Vulnerabilities in projects in / heading to the attic Jarek Potiuk
• 2024/10/14 Re: Vulnerabilities in projects in / heading to the attic Christopher Schultz
• 2024/10/13 Re: Vulnerabilities in projects in / heading to the attic Jarek Potiuk
• 2024/10/11 Re: Projects struggling to response to vulnerability reports Jarek Potiuk
• 2024/10/11 Re: PMC contact lists Mark Thomas
• 2024/10/11 Re: PMC contact lists Gary Gregory
• 2024/10/11 Re: PMC contact lists Dominik Psenner
• 2024/10/11 Re: PMC contact lists Jarek Potiuk
• 2024/10/11 Re: PMC contact lists Gary Gregory
• 2024/10/11 Re: PMC contact lists Shawn McKinney
• 2024/10/11 Re: Projects struggling to response to vulnerability reports Arnout Engelen
• 2024/10/10 Re: Vulnerabilities in projects in / heading to the attic Mike Drob
• 2024/10/10 Re: Vulnerabilities in projects in / heading to the attic Jarek Potiuk
• 2024/10/10 Re: Vulnerabilities in projects in / heading to the attic Phil Steitz
• 2024/10/10 Re: PMC contact lists Christopher Schultz
• 2024/10/10 Re: PMC contact lists Dominik Psenner
• 2024/10/10 Re: PMC contact lists Piotr P. Karwasz
• 2024/10/10 Re: Vulnerabilities in projects in / heading to the attic PJ Fanning
• 2024/10/10 Re: Working list of recommendations for projects Christopher Schultz
• 2024/10/10 Re: Working list of recommendations for projects Christopher Schultz
• 2024/10/10 Re: Projects struggling to response to vulnerability reports Andrea Cosentino
• 2024/10/10 Re: PMC contact lists Jeff Jirsa
• 2024/10/10 Re: Projects struggling to response to vulnerability reports Jeff Jirsa
• 2024/10/10 Re: Working list of recommendations for projects Lars Francke
• 2024/10/10 Re: Working list of recommendations for projects Mark J Cox
• 2024/10/10 Re: PMC contact lists Gary Gregory
• 2024/10/10 Working list of recommendations for projects Christopher Schultz
• 2024/10/10 Re: Vulnerabilities in projects in / heading to the attic Mark Thomas
• 2024/10/10 Re: PMC contact lists Mark Thomas
• 2024/10/10 Projects struggling to response to vulnerability reports Mark Thomas
• 2024/10/10 Re: Vulnerabilities in projects in / heading to the attic Gary Gregory
• 2024/10/10 Re: PMC contact lists Gary Gregory
• 2024/10/10 Re: Vulnerabilities in projects in / heading to the attic Gilles Sadowski
• 2024/10/10 Vulnerabilities in projects in / heading to the attic Mark Thomas
• 2024/10/10 PMC contact lists Mark Thomas
• 2024/09/03 Re: Tomcat security model Mark Thomas
• 2024/09/02 Re: Tomcat security model Jarek Potiuk
• 2024/08/29 Tomcat security model Mark Thomas
• 2024/06/25 Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
• 2024/06/25 Re: Using Github Actions Trusted Publisher for PyPI releases ? Dave Fisher
• 2024/06/25 Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
• 2024/06/20 Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk
• 2024/06/20 Re: Using Github Actions Trusted Publisher for PyPI releases ? Greg Stein
• 2024/06/20 Re: Using Github Actions Trusted Publisher for PyPI releases ? Jarek Potiuk

• Earlier messages