dev  

Messages by Date

• 2026/03/20 Re: [I] Move Trusted Publishing configuration into its own section (tooling-trusted-releases) via GitHub
• 2026/03/20 [I] Add `docs` as a new file classification (tooling-trusted-releases) via GitHub
• 2026/03/20 Re: [I] Classify archives as source by default, and use more advanced classifiers (tooling-trusted-releases) via GitHub
• 2026/03/20 Re: [I] Classify archives as source by default, and use more advanced classifiers (tooling-trusted-releases) via GitHub
• 2026/03/20 Re: [I] Classify archives as source by default, and use more advanced classifiers (tooling-trusted-releases) via GitHub
• 2026/03/20 Re: [I] Classify archives as source by default, and use more advanced classifiers (tooling-trusted-releases) via GitHub
• 2026/03/20 Re: [I] Move Trusted Publishing configuration into its own section (tooling-trusted-releases) via GitHub
• 2026/03/20 Re: [I] DB JDO project label is db-_jdo with an extra symbol between db and jdo (tooling-trusted-releases) via GitHub
• 2026/03/20 Re: [I] DB JDO project label is db-_jdo with an extra symbol between db and jdo (tooling-trusted-releases) via GitHub
• 2026/03/20 Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases) via GitHub
• 2026/03/20 Re: [PR] Fix typo in Markdown file (tooling-trusted-releases) via GitHub
• 2026/03/19 [GH] Invalidate SSH keys (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [I] Project reference metadata (tooling-trusted-releases) via GitHub
• 2026/03/19 [GH] Invalidate SSH keys (tooling-trusted-releases) via GitHub
• 2026/03/19 [PR] Invalidate SSH keys (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [I] Project reference metadata (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [I] Tidy test route blueprints (tooling-trusted-releases) via GitHub
• 2026/03/19 [I] Define yaml/json format api for project metadata, cycle, and policy settings (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [I] Reorganize committee page (tooling-trusted-releases) via GitHub
• 2026/03/19 [I] Reorganize committee page (tooling-trusted-releases) via GitHub
• 2026/03/19 [I] Committee page seeing keys buttons when not a PMC member (tooling-trusted-releases) via GitHub
• 2026/03/19 [I] Committees page allow four up cards (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [I] Organise the `atr.util` module (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [I] Trying to add ignore with invalid data updates existing ignore forms on the page (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [I] Trying to add ignore with invalid data updates existing ignore forms on the page (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [I] DB JDO project label is db-_jdo with an extra symbol between db and jdo (tooling-trusted-releases) via GitHub
• 2026/03/19 [I] Project page reorganization (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [PR] Bump pydantic-core from 2.41.5 to 2.42.0 (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [PR] Bump pydantic-core from 2.41.5 to 2.42.0 (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [PR] Github TP Payload validation (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [PR] Github TP Payload validation (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [PR] Github TP Payload validation (tooling-trusted-releases) via GitHub
• 2026/03/19 [I] Anonymous emails come back from lists.a.o (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [I] Vote tabulation - UID/email detection doesn't work when sent from external email with strict DKIM settings (tooling-trusted-releases) via GitHub
• 2026/03/19 [I] safe.Path type (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [I] Discuss integrations with ECMA standards (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [I] Project metadata to add to project database (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [I] Vote tabulation - UID/email detection doesn't work when sent from external email with strict DKIM settings (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [PR] Make token change emails more clear (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [I] Document OAuth architecture and ASVS V10.4.x delegation (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [PR] Adding OAuth docs (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [PR] Adding OAuth docs (tooling-trusted-releases) via GitHub
• 2026/03/19 Re: [I] Lifecycle event model (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Add a "historical only" flag for outdated keys (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Add distribution directory template to finish release policy (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Add distribution directory template to finish release policy (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Clarify and constrain permitted ASF TLP version numbers (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Clarify and constrain permitted ASF TLP version numbers (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Project reference metadata (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Release catalog model (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Release catalog model (tooling-trusted-releases) via GitHub
• 2026/03/18 [I] Lifecycle event model (tooling-trusted-releases) via GitHub
• 2026/03/18 [I] Project reference metadata (tooling-trusted-releases) via GitHub
• 2026/03/18 [I] Project cycle schema (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Use a prefix for all secret tokens, and inform selected third party scanners (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Do not allow keys to be deleted if they have been used to sign a release (tooling-trusted-releases) via GitHub
• 2026/03/18 [I] Artifact catalog schema (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Use a prefix for all secret tokens, and inform selected third party scanners (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Warn the user if the "Preserve download files" option is checked during announcing (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Warn the user if the "Preserve download files" option is checked during announcing (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Retry failed email deliveries (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Prevent the reuse of detached session objects in database commit contexts (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Support `SafeCommittee` taint tracking (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Support `SafeCommittee` taint tracking (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Record the check version number in the check result table (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Record the check version number in the check result table (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Refactor "_name" properties to "_key" (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Refactor "_name" properties to "_key" (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Investigate remote promotion of artifacts on third party platforms (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Added features to email Message class in `atr/mail.py` (tooling-trusted-releases) via GitHub
• 2026/03/18 [I] Added features to email Message class in `atr/mail.py` (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Refactor "_name" properties to "_key" (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Record the check version number in the check result table (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [PR] Record check version in the database (tooling-trusted-releases) via GitHub
• 2026/03/18 [PR] Adding OAuth docs (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Implement server-side session store to enable session revocation (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Trying to add ignore with invalid data updates existing ignore forms on the page (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Replace `assert` with explicit error handling in OAuth callback (a.k.a. document no -O flag usage) (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Trying to add ignore with invalid data updates existing ignore forms on the page (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Trying to add ignore with invalid data updates existing ignore forms on the page (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [PR] Record check version in the database (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [PR] Record check version in the database (tooling-trusted-releases) via GitHub
• 2026/03/18 [GH] Record check version in the database (tooling-trusted-releases) via GitHub
• 2026/03/18 [GH] Record check version in the database (tooling-trusted-releases) via GitHub
• 2026/03/18 [GH] Record check version in the database (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Add Clear-Site-Data header and client-side storage clearing on logout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
• 2026/03/18 [GH] Record check version in the database (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Trying to add ignore with invalid data updates existing ignore forms on the page (tooling-trusted-releases) via GitHub
• 2026/03/18 [GH] Record check version in the database (tooling-trusted-releases) via GitHub
• 2026/03/18 [GH] Record check version in the database (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Add Clear-Site-Data header and client-side storage clearing on logout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Implement server-side session store to enable session revocation (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [PR] Bump astral-sh/setup-uv from 7.3.0 to 7.3.1 (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [PR] Bump astral-sh/setup-uv from 7.3.0 to 7.3.1 (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Add Clear-Site-Data header and client-side storage clearing on logout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [PR] Fix typo in Markdown file (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [PR] Fix typo in Markdown file (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Improve `LICENSE` and `NOTICE` checks for binary packages (tooling-trusted-releases) via GitHub
• 2026/03/18 Re: [I] Improve `LICENSE` and `NOTICE` checks for binary packages (tooling-trusted-releases) via GitHub
• 2026/03/17 [PR] Rename name params and columsn to keys (tooling-trusted-releases) via GitHub
• 2026/03/17 [I] Refactor "_name" properties to "_key" (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] RAO / maven upload only works for single release artifact (+classifiers) (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] Fix Content-Type mismatch — plain text error responses served as text/html in asfquart (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] Logout is accessible via GET, enabling forced-logout attacks (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] Logout is accessible via GET, enabling forced-logout attacks (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] Logout is accessible via GET, enabling forced-logout attacks (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [PR] Logout is a POST (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [PR] Bump stylelint-config-standard from 37.0.0 to 40.0.0 (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [PR] Bump stylelint-config-standard from 37.0.0 to 40.0.0 (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [PR] Bump stylelint-config-standard from 37.0.0 to 40.0.0 (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [PR] Bump stylelint from 16.14.1 to 17.4.0 (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [PR] Bump stylelint from 16.14.1 to 17.4.0 (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [PR] Bump stylelint from 16.14.1 to 17.4.0 (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [PR] Bump stylelint from 16.14.1 to 17.4.0 (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [PR] Bump aiosqlite from 0.21.0 to 0.22.1 (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [PR] Bump aiosqlite from 0.21.0 to 0.22.1 (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [PR] Bump https://github.com/oxc-project/mirrors-oxlint from v1.55.0 to 1.56.0 (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [PR] Bump https://github.com/oxc-project/mirrors-oxlint from v1.55.0 to 1.56.0 (tooling-trusted-releases) via GitHub
• 2026/03/16 [I] Expand SBOM support (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] RAO / maven upload only works for single release artifact (+classifiers) (tooling-trusted-releases) via GitHub
• 2026/03/16 [PR] Bump aiosqlite from 0.21.0 to 0.22.1 (tooling-trusted-releases) via GitHub
• 2026/03/16 [PR] Bump stylelint from 16.14.1 to 17.4.0 (tooling-trusted-releases) via GitHub
• 2026/03/16 [PR] Bump https://github.com/oxc-project/mirrors-oxlint from v1.55.0 to 1.56.0 (tooling-trusted-releases) via GitHub
• 2026/03/16 [PR] Bump pydantic-core from 2.41.5 to 2.42.0 (tooling-trusted-releases) via GitHub
• 2026/03/16 [PR] Bump stylelint-config-standard from 37.0.0 to 40.0.0 (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] We can add `editorconfig-checker` with pre-commit: a tool to verify that your files are in harmony with your `.editorconfig` (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] Dependabot now supports pre-commit hooks (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [PR] Add `pre-commit` hooks to dependabot.yml (tooling-trusted-releases) via GitHub
• 2026/03/16 [PR] Add `pre-commit` hooks to dependabot.yml (tooling-trusted-releases) via GitHub
• 2026/03/16 [PR] #776 - implement 50k character limit for vote comment and support passing form errors through a cache in the form module instead of via flash in the session (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] Support `SafeCommittee` taint tracking (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] Support `SafeCommittee` taint tracking (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] Support `SafeCommittee` taint tracking (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] Record latest presence, hash, and classification data in the database (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] Classification is inconsistent (tooling-trusted-releases) via GitHub
• 2026/03/16 [I] Record latest presence, hash, and classification data in the database (tooling-trusted-releases) via GitHub
• 2026/03/16 [I] Record the check version number in the check result table (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] Support `SafeCommittee` taint tracking (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] Support `SafeCommittee` taint tracking (tooling-trusted-releases) via GitHub
• 2026/03/16 Test message - please ignore Alastair McFarlane
• 2026/03/16 Re: [I] Support `SafeCommittee` taint tracking (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [I] Vote tabulation - UID/email detection doesn't work when sent from external email with strict DKIM settings (tooling-trusted-releases) via GitHub
• 2026/03/16 Re: [PR] Fix typo in Markdown file (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [I] Does the Docker container run as the root user ? Implement a Non-Root User (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [I] Does the Docker container run as the root user ? Implement a Non-Root User (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [I] Support `SafeCommittee` taint tracking (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [PR] Adding docs for cascading (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
• 2026/03/15 [I] Support Mermaid charts in the documentation pages (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [PR] Adding docs for cascading (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [PR] Adding docs for cascading (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [PR] Adding docs for cascading (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [PR] Moving asfquart doc into `atr/docs` (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [PR] Moving asfquart doc into `atr/docs` (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [PR] Fix typo in Markdown file (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [PR] Adding a pydantic json schema for output (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [I] ATR OpenAPI viewer 500 (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [PR] Adding a pydantic json schema for output (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [I] Vote tabulation - UID/email detection doesn't work when sent from external email with strict DKIM settings (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [PR] Bump pyjwt from 2.11.0 to 2.12.0 (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [PR] Bump pyjwt from 2.11.0 to 2.12.0 (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [I] Does the Docker container run as the root user ? Implement a Non-Root User (tooling-trusted-releases) via GitHub
• 2026/03/15 Re: [I] Does the Docker container run as the root user ? Implement a Non-Root User (tooling-trusted-releases) via GitHub
• 2026/03/14 [I] We can add `editorconfig-checker` with pre-commit: a tool to verify that your files are in harmony with your `.editorconfig` (tooling-trusted-releases) via GitHub
• 2026/03/14 [I] Dependabot now supports pre-commit hooks (tooling-trusted-releases) via GitHub
• 2026/03/14 [I] Does the Docker container run as the root user ? Implement a Non-Root User (tooling-trusted-releases) via GitHub
• 2026/03/14 [PR] Fix typo in Markdown file (tooling-trusted-releases) via GitHub
• 2026/03/14 [I] pre-commit: we can add `checkmake` a linter for Makefiles. It scans Makefiles for potential issues based on configurable rules. (tooling-trusted-releases) via GitHub
• 2026/03/13 [PR] Bump pyjwt from 2.11.0 to 2.12.0 (tooling-trusted-releases) via GitHub
• 2026/03/13 [PR] Adding a pydantic json schema for output; fixes #883 (tooling-trusted-releases) via GitHub
• 2026/03/13 Re: [I] ATR OpenAPI viewer 500 (tooling-trusted-releases) via GitHub
• 2026/03/13 [I] ATR OpenAPI viewer 500 (tooling-trusted-releases) via GitHub
• 2026/03/13 Re: [I] Subscribe to pubsub for LDAP and use it to inform authorisation decisions (tooling-trusted-releases) via GitHub
• 2026/03/13 Re: [I] Turning off the global check result cache does not work (tooling-trusted-releases) via GitHub
• 2026/03/13 Re: [I] Turning off the global check result cache does not work (tooling-trusted-releases) via GitHub
• 2026/03/13 [I] All emails queried from LDAP on every vote tabulation (tooling-trusted-releases) via GitHub
• 2026/03/13 Re: [I] Vote tabulation - UID/email detection doesn't work when sent from external email with strict DKIM settings (tooling-trusted-releases) via GitHub
• 2026/03/13 Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
• 2026/03/13 Re: [I] Session handling refactor parent (tooling-trusted-releases) via GitHub
• 2026/03/13 Re: [I] Turning off the global check result cache does not work (tooling-trusted-releases) via GitHub
• 2026/03/13 [I] Allow more filenames in top level checks (tooling-trusted-releases) via GitHub
• 2026/03/13 Re: [I] Turning off the global check result cache does not work (tooling-trusted-releases) via GitHub
• 2026/03/13 Re: [VOTE] Release Tooling 0.1 Alastair McFarlane
• 2026/03/13 Re: [I] Remove `LICENSE` and `NOTICE` checks for binary packages (tooling-trusted-releases) via GitHub
• 2026/03/13 Re: [I] Remove `LICENSE` and `NOTICE` checks for binary packages (tooling-trusted-releases) via GitHub
• 2026/03/13 Re: [I] Remove `LICENSE` and `NOTICE` checks for binary packages (tooling-trusted-releases) via GitHub
• 2026/03/13 [I] Turning off the global check result cache does not work (tooling-trusted-releases) via GitHub
• 2026/03/13 Re: [VOTE] Release Tooling 0.1 Alastair McFarlane via dev
• 2026/03/13 Re: [VOTE] Release Tooling 0.1 Alastair McFarlane via dev
• 2026/03/13 [I] Classification is inconsistent (tooling-trusted-releases) via GitHub
• 2026/03/13 Re: [I] Remove `LICENSE` and `NOTICE` checks for binary packages (tooling-trusted-releases) via GitHub
• 2026/03/13 [I] Make license header checks more lenient (tooling-trusted-releases) via GitHub
• 2026/03/13 Re: [I] Remove `LICENSE` and `NOTICE` checks for binary packages (tooling-trusted-releases) via GitHub
• 2026/03/13 [I] Remove `LICENSE` and `NOTICE` checks for binary packages (tooling-trusted-releases) via GitHub
• 2026/03/13 [VOTE] Release Tooling 0.1 arm
• 2026/03/13 Re: [VOTE] Release Tooling 0.1 arm
• 2026/03/13 Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub

• Earlier messages
• Later messages