dev  

Messages by Date

• 2026/02/24 [I] User Identity Trust Boundary in Background Tasks (tooling-trusted-releases) via GitHub
• 2026/02/24 [I] Authorization Bypass via Exception Handling (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] RAO / maven upload only works for single release artifact (+classifiers) (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Setup svn credentials to commit to dist/release (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Setup svn credentials to commit to dist/release (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Setup svn credentials to commit to dist/release (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Make the user interface clearer in the finish phase (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Add explicit TLS configuration to LDAP connections in `atr/ldap.py` (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [PR] Explicit ldap tls configuration (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Make the user interface clearer in the finish phase (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Add a quarantined validation period after uploading and before checks are started (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Allow deleting of DOT files (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Add a quarantined validation period after uploading and before checks are started (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Add a quarantined validation period after uploading and before checks are started (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Insufficient archive member path validation in check tasks (tooling-trusted-releases) via GitHub
• 2026/02/24 [I] Allow more flexible naming for npm artifacts (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Organise the `atr.util` module (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Add and use exploratory taint tracking types (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Path traversal in attestable file path construction (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Update `cryptography` in asfpy due to CVE-2026-26007 (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Update `cryptography` in asfpy due to CVE-2026-26007 (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Organise the `atr.util` module (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Add rate limiting to Trusted Publisher JWT API endpoints (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Path traversal in storage layer `delete_file` and `generate_hash_file` (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Path traversal in attestable file path construction (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Path traversal in storage layer `delete_file` and `generate_hash_file` (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Remove release from SVN import options (tooling-trusted-releases) via GitHub
• 2026/02/24 Re: [I] Detect `npm pack` output and allow `package/` as its root directory (tooling-trusted-releases) via GitHub
• 2026/02/23 [I] Allow deleting of DOT files (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Populate `version.py` at build time (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Insufficient archive member path validation in check tasks (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Path traversal in storage layer `delete_file` and `generate_hash_file` (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Path traversal in attestable file path construction (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] ATR logo request (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Investigate how to import Arrow checks output from GitHub CI (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Investigate how to import Arrow checks output from GitHub CI (tooling-trusted-releases) via GitHub
• 2026/02/23 [I] Add the ability to add zero or more CI reference URLs to the compose phase (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Investigate how to import Arrow checks output from GitHub CI (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Make the vast majority of files compatible with `fix_order.sh`, and add to linting (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Make the vast majority of files compatible with `fix_order.sh`, and add to linting (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Release catalog model (tooling-trusted-releases) via GitHub
• 2026/02/23 [PR] Explicit ldap tls configuration (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Handle session isolation for mixed authentication methods (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Handle session isolation for mixed authentication methods (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [PR] Refactor Dockerfile to streamline Apache RAT installation (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Add integrity verification for Apache RAT JAR (tooling-trusted-releases) via GitHub
• 2026/02/23 [PR] Refactor Dockerfile to streamline Apache RAT installation (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Fix Litestream backups (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Make the user interface clearer in the finish phase (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Allow release managers to be designated (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Investigate remote promotion of artifacts on third party platforms (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [PR] Updated implementation of check hash checks for caching (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [PR] Updated implementation of check hash checks for caching (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Fix Litestream backups (tooling-trusted-releases) via GitHub
• 2026/02/23 Re: [I] Investigate remote promotion of artifacts on third party platforms (tooling-trusted-releases) via GitHub
• 2026/02/23 [I] Make the user interface clearer in the finish phase (tooling-trusted-releases) via GitHub
• 2026/02/23 [I] Fix Litestream backups (tooling-trusted-releases) via GitHub
• 2026/02/23 [I] Investigate remote promotion of artifacts on third party platforms (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Document reproducible builds, signing, SBOMs, and OpenSSF (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Add integrity verification for Apache RAT JAR (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [PR] Improve curl download scripting (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Add TLS enforcement to download shell script in `atr/static/sh/download-urls.sh` (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Add TLS enforcement to download shell script in `atr/static/sh/download-urls.sh` (tooling-trusted-releases) via GitHub
• 2026/02/20 [PR] Improve curl download scripting (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Document reproducible builds, signing, SBOMs, and OpenSSF (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Add size limits to SSH/rsync file uploads (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Add TLS enforcement to download shell script in `atr/static/sh/download-urls.sh` (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Invalidate all PATs when user account is disabled (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [PR] Invalidate pats manually 598 (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Add TLS enforcement to download shell script in `atr/static/sh/download-urls.sh` (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Add size limits to SSH/rsync file uploads (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Verify all DistributionPlatform template URLs use HTTPS (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Enforce absolute maximum session lifetime for web sessions (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Enforce absolute maximum session lifetime for web sessions (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Invalidate all SSH keys when user account is disabled (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Use explicit allowlist for GitHub OIDC payload fields (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Use explicit allowlist for GitHub OIDC payload fields (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Enforce absolute maximum session lifetime for web sessions (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Document safe usage of `cmarkgfm` (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Document safe usage of `cmarkgfm` (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Add LDAP account status check to session and JWT validation (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Add LDAP account status check to session and JWT validation (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [PR] Bump astral-sh/setup-uv from 7.2.0 to 7.3.0 (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Work on using config option for alpha-only (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Improve error reporting when /resolve/tabulated data is unavailable (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Improve error reporting when /resolve/tabulated data is unavailable (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Make test email address conditional on test environment (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [PR] Introduce ATR_STATUS and control recipient lists (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] /api/project/releases/{name} should return 404 for non-existent project (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [PR] Return 404 when project is unknown in api endpoint call (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] SSH server: Configure explicit cipher suites, KEX, and MAC algorithms (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] SSH server: Configure explicit cipher suites, KEX, and MAC algorithms (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [PR] Use the intersection of algorithms from asyncssh and ssh-audit (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [PR] Use the intersection of algorithms from asyncssh and ssh-audit (tooling-trusted-releases) via GitHub
• 2026/02/20 [GH] Updated implementation of check hash checks for caching (tooling-trusted-releases) via GitHub
• 2026/02/20 [GH] Updated implementation of check hash checks for caching (tooling-trusted-releases) via GitHub
• 2026/02/20 [GH] Updated implementation of check hash checks for caching (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Improve the accuracy and UI for the OSV vulnerability scanner (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Require two approvals for important actions (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Fix the form to move files in the finish phase, and add regression tests (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Fix the form to move files in the finish phase, and add regression tests (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Add further validation to check site consistency (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Add further validation to check site consistency (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [PR] #677 - Add explicit ciphers, kex and mac algorithms. (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [PR] #677 - Add explicit ciphers, kex and mac algorithms. (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [PR] Bump flask from 3.1.2 to 3.1.3 (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [PR] Bump werkzeug from 3.1.5 to 3.1.6 (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [PR] Bump werkzeug from 3.1.5 to 3.1.6 (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [PR] Bump flask from 3.1.2 to 3.1.3 (tooling-trusted-releases) via GitHub
• 2026/02/20 [PR] Bump werkzeug from 3.1.5 to 3.1.6 (tooling-trusted-releases) via GitHub
• 2026/02/20 [PR] Bump flask from 3.1.2 to 3.1.3 (tooling-trusted-releases) via GitHub
• 2026/02/20 [I] Fix the form to move files in the finish phase, and add regression tests (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Bug: RAO / maven upload only works for single release artifact (+classifiers) (tooling-trusted-releases) via GitHub
• 2026/02/20 [PR] Updated implementation of check hash checks for caching (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Bug: RAO / maven upload only works for single release artifact (+classifiers) (tooling-trusted-releases) via GitHub
• 2026/02/20 Re: [I] Document reproducible builds, signing, SBOMs, and OpenSSF (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Discuss integrations with ECMA standards (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Bug: RAO / maven upload only works for single release artifact (+classifiers) (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Move hardcoded committee membership to external configuration (tooling-trusted-releases) via GitHub
• 2026/02/19 [PR] Introduce ATR_STATUS and control recipient lists (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Make test email address conditional on test environment (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Incomplete committee validation in project deletion (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Ensure that a project can only be deleted or archived under certain conditions, and that the state is clear (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Incomplete committee validation in project deletion (tooling-trusted-releases) via GitHub
• 2026/02/19 [PR] Return 404 when project is unknown in api endpoint call (tooling-trusted-releases) via GitHub
• 2026/02/19 [PR] Invalidate pats manually 598 (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [PR] Invalidate PATs; fixes #598 (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [PR] Invalidate PATs; fixes #598 (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Storage layer accepts arbitrary user IDs for SSH key and PAT creation (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Add explicit SCM path rejection to `_validate_relpath_string` (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [PR] Block SCM directories (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Escape database values before writing to database (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Escape database values before writing to database (tooling-trusted-releases) via GitHub
• 2026/02/19 [PR] Block SCM directories (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Add explicit SCM path rejection to `_validate_relpath_string` (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Enforce HTTPS-only for SVN PubSub listener URL in `atr/svn/pubsub.py` (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Enforce HTTPS-only for SVN PubSub listener URL in `atr/svn/pubsub.py` (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Extend secret redaction patterns in `/admin/configuration` endpoint (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [PR] Assure debug mode is only set in development (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Add production safety check for ALLOW_TESTS configuration (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [PR] Redact sensitive configurations (tooling-trusted-releases) via GitHub
• 2026/02/19 [PR] Redact sensitive configurations (tooling-trusted-releases) via GitHub
• 2026/02/19 [PR] Assure debug mode is only set in development (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Add LDAP account status check to session and JWT validation (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Add integrity verification for Apache RAT JAR (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Error message says "create" instead of "delete" in `release_delete` (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Add integrity verification for Apache RAT JAR (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Pin syft version in Dockerfile (tooling-trusted-releases) via GitHub
• 2026/02/19 [I] Bug: RAO / maven upload only works for single release artifact (+classifiers) (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Discuss integrations with ECMA standards (tooling-trusted-releases) via GitHub
• 2026/02/19 Re: [I] Add rate limiting to Trusted Publisher JWT API endpoints (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Handle session isolation for mixed authentication methods (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Invalidate all SSH keys when user account is disabled (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Invalidate authorization cache and session file cache on logout/session termination (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Add LDAP account status check to session and JWT validation (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Document safe usage of `cmarkgfm` (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Add session regeneration on OAuth authentication (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Implement JWT token revocation mechanism (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Implement server-side session store to enable session revocation (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Create security documentation for authentication defense controls (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Work on using config option for alpha-only (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Make test email address conditional on test environment (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Move hardcoded committee membership to external configuration (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Add production safety check for ALLOW_TESTS configuration (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Implement authentication failure logging (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Add rate limiting to Trusted Publisher JWT API endpoints (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] SSH server lacks brute force protection (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Insufficient archive member path validation in check tasks (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Apply `form.to_relpath()` consistently in `draft.py` and `finish.py` POST handlers (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Path traversal in storage layer `delete_file` and `generate_hash_file` (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Path traversal in attestable file path construction (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Add size limits to LICENSE/NOTICE file reads and remote KEYS fetch (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Add size limits to SSH/rsync file uploads (tooling-trusted-releases) via GitHub
• 2026/02/18 [I] Enforce MAX_CONTENT_LENGTH and add file upload size limits across all HTTP entry points (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate compliance with ASVS v5.0.0 L1 criteria (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: documentation (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: documentation (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: denial of service (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: denial of service (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: credential integrity (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: credential integrity (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: brute force identification (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: brute force identification (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: basic access (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: basic access (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: credential stealing (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: credential stealing (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: internal access (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: internal access (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: universal spoofing (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: universal spoofing (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: external access (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: external access (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: weak cryptography (tooling-trusted-releases) via GitHub
• 2026/02/18 Re: [I] Evaluate ASVS v5.0.0 compliance: weak cryptography (tooling-trusted-releases) via GitHub

• Earlier messages
• Later messages