dev

Messages by Date

2026/03/13 Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
2026/03/13 Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
2026/03/13 Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases) via GitHub
2026/03/13 Re: [I] Apply URL encoding to mailing list API query parameters (tooling-trusted-releases) via GitHub
2026/03/13 Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
2026/03/13 Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases) via GitHub
2026/03/12 Re: [PR] Logout is a POST (tooling-trusted-releases) via GitHub
2026/03/12 [PR] Logout is a POST (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
2026/03/12 [I] Documents GitHub * workflow paths (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Document how to become a Trusted Publishing project (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Document how to become a Trusted Publishing project (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Document how to become a Trusted Publishing project (tooling-trusted-releases) via GitHub
2026/03/12 Re: [PR] Moving asfquart doc into `atr/docs` (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases) via GitHub
2026/03/12 [GH] Moving asfquart doc into `atr/docs` (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Move extracted directories out of the cache directory (tooling-trusted-releases) via GitHub
2026/03/12 [PR] Moving asfquart doc into `atr/docs` (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Make extracted archive directories immutable (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Make extracted archive directories immutable (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Move extracted directories out of the cache directory (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Move extracted directories out of the cache directory (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Enforce MAX_CONTENT_LENGTH and add file upload size limits across all HTTP entry points (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Enforce MAX_CONTENT_LENGTH and add file upload size limits across all HTTP entry points (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Fix Content-Type mismatch — plain text error responses served as text/html in asfquart (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Fix Content-Type mismatch — plain text error responses served as text/html in asfquart (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Handle session isolation for mixed authentication methods (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Handle session isolation for mixed authentication methods (tooling-trusted-releases) via GitHub
2026/03/12 [I] Session handling refactor parent (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Apply URL encoding to mailing list API query parameters (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Move test routes to a separate blueprint (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Move test routes to a separate blueprint (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Automatically delete unfinished releases (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Vote tabulation - UID/email detection doesn't work when sent from external email with strict DKIM settings (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Add user configuration for navigation pinning and colour blindness mode (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Support `SafeCommittee` taint tracking (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Checks failed on Maven JLink Plugin 3.3.0 (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Checks failed on Maven JLink Plugin 3.3.0 (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Subscribe to pubsub for LDAP and use it to inform authorisation decisions (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Implement server-side session store to enable session revocation (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Implement server-side session store to enable session revocation (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Invalidate authorization cache and session file cache on logout/session termination (tooling-trusted-releases) via GitHub
2026/03/12 [I] Subscribe to pubsub for LDAP and use it to inform authorisation decisions (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Invalidate authorization cache and session file cache on logout/session termination (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Invalidate authorization cache and session file cache on logout/session termination (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Invalidate authorization cache and session file cache on logout/session termination (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Automatically close old releases in compose phase (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Checks failed on Maven JLink Plugin 3.3.0 (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Invalidate authorization cache and session file cache on logout/session termination (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Automatically close old releases in compose phase (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Checks failed on Maven JLink Plugin 3.3.0 (tooling-trusted-releases) via GitHub
2026/03/12 [I] Automatically close old releases in compose phase (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Apply URL encoding to distribution platform API URL parameters (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Validate JWKS URI against allowlist in GitHub OIDC flow (tooling-trusted-releases) via GitHub
2026/03/12 Re: [I] Checks failed on Maven JLink Plugin 3.3.0 (tooling-trusted-releases) via GitHub
2026/03/12 [I] Vote tabulation - UID/email detection doesn't work when sent from external email with strict DKIM settings (tooling-trusted-releases) via GitHub
2026/03/12 Test message Alastair McFarlane
2026/03/12 Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) Alastair McFarlane
2026/03/12 Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Replace `assert` with explicit error handling in OAuth callback (a.k.a. document no -O flag usage) (tooling-trusted-releases) via GitHub
2026/03/11 [PR] Adding docs for cascading (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Create security documentation for authentication defense controls (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Create security documentation for authentication defense controls (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Treat -bin and -bin- like -src and -src- (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Treat -bin and -bin- like -src and -src- (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Treat -bin and -bin- like -src and -src- (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Treat -bin and -bin- like -src and -src- (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Should podling votes during the second phase be cc'd to the project (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Should podling votes during the second phase be cc'd to the project (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Treat -bin and -bin- like -src and -src- (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Treat -bin and -bin- like -src and -src- (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Vote result email To configuration (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Add size limits to LICENSE/NOTICE file reads and remote KEYS fetch (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Add size limits to LICENSE/NOTICE file reads and remote KEYS fetch (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Trest -bin and -bin- like -src and -src- (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Remove Referrer-Policy from server headers (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Remove Referrer-Policy from server headers (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Remove Referrer-Policy from server headers (tooling-trusted-releases) via GitHub
2026/03/11 [I] Trest -bin and -bin- like -src and -src- (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Also check for null bytes (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Also check for null bytes (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Use extracted archives in checks rather than extracting archives again (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Use extracted archives in checks rather than extracting archives again (tooling-trusted-releases) via GitHub
2026/03/11 [I] Remove Referrer-Policy from server headers (tooling-trusted-releases) via GitHub
2026/03/11 Re: [PR] Bump ldap3 from 2.10.2rc2 to 2.10.2rc3 (tooling-trusted-releases) via GitHub
2026/03/11 Re: [PR] Bump aiosmtplib from 4.0.2 to 5.1.0 (tooling-trusted-releases) via GitHub
2026/03/11 Re: [PR] Bump aiofiles from 24.1.0 to 25.1.0 (tooling-trusted-releases) via GitHub
2026/03/11 Re: [PR] Bump aiofiles from 24.1.0 to 25.1.0 (tooling-trusted-releases) via GitHub
2026/03/11 Re: [PR] Bump rich from 14.0.0 to 14.3.3 (tooling-trusted-releases) via GitHub
2026/03/11 Re: [PR] Bump rich from 14.0.0 to 14.3.3 (tooling-trusted-releases) via GitHub
2026/03/11 Re: [PR] Bump email-validator from 2.2.0 to 2.3.0 (tooling-trusted-releases) via GitHub
2026/03/11 Re: [PR] Bump ldap3 from 2.10.2rc2 to 2.10.2rc3 (tooling-trusted-releases) via GitHub
2026/03/11 Re: [PR] Bump email-validator from 2.2.0 to 2.3.0 (tooling-trusted-releases) via GitHub
2026/03/11 Re: [PR] Bump aiosmtplib from 4.0.2 to 5.1.0 (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Upload file path validation bypass when file_name parameter is provided (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Upload file path validation bypass when file_name parameter is provided (tooling-trusted-releases) via GitHub
2026/03/11 Re: [PR] Drop `file_name` field in upload files (tooling-trusted-releases) via GitHub
2026/03/11 Re: [PR] Drop `file_name` field in upload files (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Regular root file gets reported as directory when `targz.structure` fails (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Regular root file gets reported as directory when `targz.structure` fails (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Use extracted archives in checks rather than extracting archives again (tooling-trusted-releases) via GitHub
2026/03/11 [I] Use extracted archives in checks rather than extracting archives again (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] SSL configuration on release-test needs work (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] SSL configuration on release-test needs work (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Email validation insufficient across codebase (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Email validation insufficient across codebase (tooling-trusted-releases) via GitHub
2026/03/11 Re: [PR] Drop `file_name` field in upload files (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] SSL configuration on release-test needs work (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] SSL configuration on release-test needs work (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Apply URL encoding to distribution platform API URL parameters (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] SSL configuration on release-test needs work (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] SSL configuration on release-test needs work (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] SSL configuration on release-test needs work (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] SSL configuration on release-test needs work (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] SSL configuration on release-test needs work (tooling-trusted-releases) via GitHub
2026/03/11 [I] SSL configuration on release-test needs work (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Make CSRF token required in Form base class (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Make CSRF token required in Form base class (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Verify CSRF coverage for `@post.empty()` decorated endpoints (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Verify CSRF coverage for `@post.empty()` decorated endpoints (tooling-trusted-releases) via GitHub
2026/03/11 Re: [PR] Drop `file_name` field in upload files (tooling-trusted-releases) via GitHub
2026/03/11 [PR] Bump aiofiles from 24.1.0 to 25.1.0 (tooling-trusted-releases) via GitHub
2026/03/11 [PR] Bump email-validator from 2.2.0 to 2.3.0 (tooling-trusted-releases) via GitHub
2026/03/11 [PR] Bump aiosmtplib from 4.0.2 to 5.1.0 (tooling-trusted-releases) via GitHub
2026/03/11 [PR] Bump rich from 14.0.0 to 14.3.3 (tooling-trusted-releases) via GitHub
2026/03/11 [PR] Bump ldap3 from 2.10.2rc2 to 2.10.2rc3 (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Extend Dependabot configuration to cover pip and Docker ecosystems (tooling-trusted-releases) via GitHub
2026/03/11 Re: [PR] Add support for pyproject.toml and Docker in Dependabot (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] SSH server lacks brute force protection (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] User Identity Trust Boundary in Background Tasks (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Implement file type/content validation for uploads (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] User Identity Trust Boundary in Background Tasks (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Implement file type/content validation for uploads (tooling-trusted-releases) via GitHub
2026/03/11 [I] Make extracted archive directories immutable (tooling-trusted-releases) via GitHub
2026/03/11 [I] Move extracted directories out of the cache directory (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Verify CSRF coverage for `@post.empty()` decorated endpoints (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Verify CSRF coverage for `@post.empty()` decorated endpoints (tooling-trusted-releases) via GitHub
2026/03/11 Re: [I] Verify CSRF coverage for `@post.empty()` decorated endpoints (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] Project metadata to add to project database (tooling-trusted-releases) via GitHub
2026/03/10 [PR] Add support for pyproject.toml and Docker in Dependabot (tooling-trusted-releases) via GitHub
2026/03/10 Re: [PR] Added comment about versioning (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] Populate `version.py` at build time (tooling-trusted-releases) via GitHub
2026/03/10 [PR] Added comment about versioning (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] Apply `form.to_relpath()` consistently in `draft.py` and `finish.py` POST handlers (tooling-trusted-releases) via GitHub
2026/03/10 Re: [PR] Adding relpath to docs (tooling-trusted-releases) via GitHub
2026/03/10 Re: [PR] Fix title case (tooling-trusted-releases) via GitHub
2026/03/10 [PR] Fix title case (tooling-trusted-releases) via GitHub
2026/03/10 Re: [PR] Adding comment for domain checking (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] SVN import accepts arbitrary URLs without validation (SSRF) (tooling-trusted-releases) via GitHub
2026/03/10 [PR] Adding relpath to docs (tooling-trusted-releases) via GitHub
2026/03/10 [PR] Adding comment for domain checking (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] Missing authorization on SBOM endpoints (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] Missing authorization on SBOM endpoints (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases) via GitHub
2026/03/10 Re: [PR] Add TLS security configuration docs (tooling-trusted-releases) via GitHub
2026/03/10 [PR] Add TLS security configuration docs (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] RAO / maven upload only works for single release artifact (+classifiers) (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] RAO / maven upload only works for single release artifact (+classifiers) (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] RAO / maven upload only works for single release artifact (+classifiers) (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] Checks failed on Maven JLink Plugin 3.3.0 (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] Checks failed on Maven JLink Plugin 3.3.0 (tooling-trusted-releases) via GitHub
2026/03/10 [I] Require the release manager to confirm that they are ignoring non-blocking errors (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] Some source archives are not detected at source (tooling-trusted-releases) via GitHub
2026/03/10 [PR] Drop `file_name` field in upload files (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] Clear JWT token and CSRF token from DOM on session end / timeout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] Improve type validation of GET parameters (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] Improve type validation of GET parameters (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] Clear JWT token and CSRF token from DOM on session end / timeout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] GitHub workflow arguments lack key/value validation (tooling-trusted-releases) via GitHub
2026/03/10 Re: [I] Add and use exploratory taint tracking types (tooling-trusted-releases) via GitHub
2026/03/09 Re: [I] Support `SafeCommittee` taint tracking (tooling-trusted-releases) via GitHub
2026/03/09 Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases) via GitHub
2026/03/09 Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases) via GitHub
2026/03/09 Re: [I] Missing authorization on public API check results (tooling-trusted-releases) via GitHub
2026/03/09 Re: [PR] Adding docs about public API endpoints (tooling-trusted-releases) via GitHub
2026/03/09 Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases) via GitHub
2026/03/09 Re: [I] Missing authorization on public API check results (tooling-trusted-releases) via GitHub
2026/03/09 [PR] Adding docs about public API endpoints (tooling-trusted-releases) via GitHub
2026/03/09 Re: [I] Test mode authorization bypass allows all users test committee access (tooling-trusted-releases) via GitHub
2026/03/09 Re: [PR] Adding docs for auth bypass (tooling-trusted-releases) via GitHub
2026/03/09 Re: [I] Test mode authorization bypass allows all users test committee access (tooling-trusted-releases) via GitHub
2026/03/09 [PR] Adding docs for auth bypass (tooling-trusted-releases) via GitHub
2026/03/09 Re: [I] Token deletion missing ownership validation (tooling-trusted-releases) via GitHub
2026/03/09 Re: [PR] Adding comment about public download of release files (tooling-trusted-releases) via GitHub
2026/03/09 Re: [PR] Adding comments for key and token deletion (tooling-trusted-releases) via GitHub
2026/03/09 Re: [I] Public download access to draft/pre-release artifacts (tooling-trusted-releases) via GitHub
2026/03/09 Re: [I] Message sending lacks committee-scoped recipient validation (tooling-trusted-releases) via GitHub
2026/03/09 Re: [PR] Adding comment about sending mail to other committees (tooling-trusted-releases) via GitHub
2026/03/09 Re: [I] Add not-before validation for SSH workflow keys (tooling-trusted-releases) via GitHub
2026/03/09 Re: [PR] Adding comment for SSH workflow key (tooling-trusted-releases) via GitHub
2026/03/09 [PR] Adding comments for key and token deletion (tooling-trusted-releases) via GitHub