dev  

Messages by Date

• 2026/04/23 Re: [I] Steve run issue (tooling-agents) via GitHub
• 2026/04/23 Re: [I] Build test suite with fixtures (tooling-agents) via GitHub
• 2026/04/23 [I] Add specs in addition to ASVS (tooling-agents) via GitHub
• 2026/04/23 Re: [I] Steve run issue (tooling-agents) via GitHub
• 2026/04/23 [I] Steve run issue (tooling-agents) via GitHub
• 2026/04/23 [I] Audit projects (tooling-agents) via GitHub
• 2026/04/23 [I] Assess brief (tooling-agents) via GitHub
• 2026/04/23 [I] Assess scrutineer (tooling-agents) via GitHub
• 2026/04/23 [GH] Project delete / archival (tooling-trusted-releases) via GitHub
• 2026/04/23 [I] Auto PR generator (tooling-agents) via GitHub
• 2026/04/23 [I] Auto-file issues (tooling-agents) via GitHub
• 2026/04/23 [I] Keep last audit and compare new audit (tooling-agents) via GitHub
• 2026/04/23 [I] Pull open issues into pipeline (tooling-agents) via GitHub
• 2026/04/23 [I] Build test suite with fixtures (tooling-agents) via GitHub
• 2026/04/23 [I] Test email delivery on ASF infrastructure (tooling-agents) via GitHub
• 2026/04/23 [I] Test critical finding carve-out with privateRepo (tooling-agents) via GitHub
• 2026/04/22 Re: [I] Prevent the reuse of detached session objects in database commit contexts (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] API to list PMCs approved for CI staging (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] MFA from localhost is failing after authentication (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] MFA from localhost is failing after authentication (tooling-trusted-releases) via GitHub
• 2026/04/22 [I] During beta track (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Admin Pages Using web.ElementResponse() May Lack Logout Button (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Admin Pages Using web.ElementResponse() May Lack Logout Button (tooling-trusted-releases) via GitHub
• 2026/04/22 [I] MFA from localhost is failing after authentication (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Web-Issued JWTs Lack PAT Binding and Cannot Be Individually Revoked (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Web-Issued JWTs Lack PAT Binding and Cannot Be Individually Revoked (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Project Deletion Missing Additional Authorization Checks (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Project Deletion Missing Additional Authorization Checks (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Make the user interface clearer in the finish phase (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Make the user interface clearer in the finish phase (tooling-trusted-releases) via GitHub
• 2026/04/22 [I] Request feedback from users more clearly (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Use a prefix for all secret tokens, and inform selected third party scanners (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Data browser must include paging (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Finish option to automatically archive prior release (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Require the release manager to confirm that they are ignoring non-blocking errors (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Add explicit authentication level decorators for API endpoint functions (tooling-trusted-releases) via GitHub
• 2026/04/22 [GH] Project delete / archival (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] No Session Termination After SSH Key Changes (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Subscribe to pubsub for LDAP and use it to inform authorisation decisions (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Expand SBOM support (tooling-trusted-releases) via GitHub
• 2026/04/22 [GH] Project delete / archival (tooling-trusted-releases) via GitHub
• 2026/04/22 [GH] Project delete / archival (tooling-trusted-releases) via GitHub
• 2026/04/22 [GH] Project delete / archival (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Tie ATR server into the rsync path of svn dist artifacts (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Finish option to automatically archive prior release (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Make the user interface clearer in the finish phase (tooling-trusted-releases) via GitHub
• 2026/04/22 [GH] Project delete / archival (tooling-trusted-releases) via GitHub
• 2026/04/22 [GH] Project delete / archival (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [PR] Bump actions/cache from 5.0.4 to 5.0.5 (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Allow private vote threads to be tallied (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Anonymous emails come back from lists.a.o (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Expired Personal Access Tokens Not Automatically Purged (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Resolve security issues with Mermaid dependencies (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [PR] Adding mermaid back in (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Resolve security issues with Mermaid dependencies (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [PR] Adding mermaid back in (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [PR] #1177 - allow zip format archives (jar, war, apk, vsix, whl, nar, nbm) to be quarantine checked (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Confusing error message when trying to upload an existing file (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add explicit authentication level decorators for GET and POST functions (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add explicit authentication level decorators for GET and POST functions (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add explicit authentication level decorators for GET and POST functions (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add explicit authentication level decorators for GET and POST functions (tooling-trusted-releases) via GitHub
• 2026/04/21 [I] Add explicit authentication level decorators for GET and POST functions (tooling-trusted-releases) via GitHub
• 2026/04/21 [PR] Bump actions/cache from 5.0.4 to 5.0.5 (tooling-trusted-releases) via GitHub
• 2026/04/21 [I] Make compose and vote check result tables consistent (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Require the release manager to confirm that they are ignoring non-blocking errors (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Require the release manager to confirm that they are ignoring non-blocking errors (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Require the release manager to confirm that they are ignoring non-blocking errors (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add a new class of check outcome that cannot be ignored (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Storage Layer Bypassed for Revision Tag Modification (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Storage Layer Bypassed for Revision Tag Modification (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add filetype warning checks (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add filetype warning checks (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add SHA512 generation to attestations (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add SHA512 generation to attestations (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Migrate from pgpy to rpgp-py (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [PR] Fix env var for expected secret crashes server (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Unvalidated Identity Parameter in Email and Vote Operations (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Unvalidated Identity Parameter in Email and Vote Operations (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add explicit authentication level decorators for API endpoint functions (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add explicit authentication level decorators for API endpoint functions (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Ensure that a project can only be deleted or archived under certain conditions, and that the state is clear (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [PR] #1177 - allow zip format archives (jar, war, apk, vsix, whl, nar, nbm) to be quarantine checked (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Expand SBOM support (tooling-trusted-releases) via GitHub
• 2026/04/21 [PR] Project delete / archival (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Add explicit authentication level decorators for API endpoint functions (tooling-trusted-releases) via GitHub
• 2026/04/20 [PR] Bump actions/cache from 5.0.4 to 5.0.5 (tooling-actions) via GitHub
• 2026/04/20 [I] Work on the client before alpha3 (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Disallow phase transitions from any but the latest revision (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Confusing error message when trying to upload an existing file (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Retry failed email deliveries (tooling-trusted-releases) via GitHub
• 2026/04/20 [PR] Bump actions/upload-artifact from 7.0.0 to 7.0.1 (tooling-releases-client) via GitHub
• 2026/04/20 [PR] Bump actions/cache from 5.0.4 to 5.0.5 (tooling-releases-client) via GitHub
• 2026/04/20 [I] Warn when an uploaded OpenPGP key does not have the ASF UID of the user (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Confusing error message when trying to upload an existing file (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Add filetype warning checks (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Expand SBOM support (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Confusing error message when trying to upload an existing file (tooling-trusted-releases) via GitHub
• 2026/04/20 [I] Confusing error message when trying to upload an existing file (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] LICENSE validation fails with https instead of http (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Add filetype warning checks (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Migrate from pgpy to rpgp-py (tooling-trusted-releases) via GitHub
• 2026/04/20 [I] Disallow phase transitions from any but the latest revision (tooling-trusted-releases) via GitHub
• 2026/04/19 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
• 2026/04/18 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
• 2026/04/18 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] GET Blueprint Lacks Centralized Project-Level Authorization (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] GET Blueprint Lacks Centralized Project-Level Authorization (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] GET Blueprint Lacks Centralized Project-Level Authorization (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] API Models Lack Enum Validation for Phase Parameter (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] API Models Lack Enum Validation for Phase Parameter (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Vote Casting POST Endpoint Relies on Indirect Phase Check (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Vote Casting POST Endpoint Relies on Indirect Phase Check (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [PR] Fix env var for expected secret crashes server (tooling-trusted-releases) via GitHub
• 2026/04/17 [PR] Fix env var for expected secret crashes server (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Migrate from gnupg to rpgp-py (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] `nbf` Claim Not Enforced as Required in ATR JWT Verification (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] `nbf` Claim Not Enforced as Required in ATR JWT Verification (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Session Cache Persists Sensitive Data Indefinitely Without TTL (tooling-trusted-releases) via GitHub
• 2026/04/17 [I] Migrate from gnupg to rpgp-py (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Documentation Does Not Address Adaptive Response Mechanisms (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Documentation Does Not Address Adaptive Response Mechanisms (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Documentation Missing Cross-Entity Business Logic Validation Rules (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Documentation Missing Cross-Entity Business Logic Validation Rules (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [PR] #1177 - allow zip format archives (jar, war, apk, vsix, whl, nar, nbm) to be quarantine checked (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Add SHA512 generation to attestations (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Improve error reporting when /resolve/tabulated data is unavailable (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Improve error reporting when /resolve/tabulated data is unavailable (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [PR] #1177 - allow zip format archives (jar, war, apk, vsix, whl, nar, nbm) to be quarantine checked (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Document what moving files in the compose phase does (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Document what moving files in the compose phase does (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [PR] #1177 - allow zip format archives (jar, war, apk, vsix, whl, nar, nbm) to be quarantine checked (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Document what moving files in the compose phase does (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Add filetype warning checks (tooling-trusted-releases) via GitHub
• 2026/04/17 [PR] #1177 - allow zip format archives (jar, war, apk, vsix, whl, nar, nbm) to be quarantine checked (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Documentation Does Not Describe Failed Authentication Monitoring and Alerting (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Documentation Does Not Describe Failed Authentication Monitoring and Alerting (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Remove the ability to generate test JWT tokens (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Discuss integrations with ECMA standards (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Allow error check results to be turned into a TODO list (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Record votes in the database (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Discuss integrations with ECMA standards (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Discuss: Session contents (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Discuss: Session contents (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Allow more flexible naming for npm artifacts (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Allow more flexible naming for npm artifacts (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Cover more types of archive in quarantine code (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Cover more types of archive in quarantine code (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Cover more types of archive in quarantine code (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Unbounded PGP Key Block Processing in Bulk Operations (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] SSH Server Lacks Connection and Idle Timeouts (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] SSH Server Lacks Connection and Idle Timeouts (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Pre-Extraction Safety Checks Do Not Verify Total Uncompressed Size (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Tar Archive Extraction Uses Explicitly Insecure Default Filter (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Record votes in the database (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [PR] #997 and #1022 - rework extraction and quarantine logic to rely on exarch (tooling-trusted-releases) via GitHub
• 2026/04/16 [I] Record votes in the database (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Authorization Code Not URL-Encoded in Token Exchange Request (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [PR] Update audience values in jwtoken.py (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Authorization Code Not URL-Encoded in Token Exchange Request (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] JWT Audience Values Contain 'test' Identifier (tooling-trusted-releases) via GitHub
• 2026/04/16 [PR] Update audience values in jwtoken.py (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Ensure that at least one archive is classified as source in path checks (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [PR] Adding mermaid back in (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Resolve security issues with Mermaid dependencies (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Admin Pages Using web.ElementResponse() May Lack Logout Button (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Server Does Not Enforce Cipher Suite Preference Order (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Server Does Not Enforce Cipher Suite Preference Order (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Inconsistent CSRF Enforcement Pattern on Admin POST Endpoints (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Inconsistent CSRF Enforcement Pattern on Admin POST Endpoints (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Vote Tabulation Authorization Check Commented Out (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] ATR JWTs Lack Explicit Token Type Identification (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] ATR JWTs Lack Explicit Token Type Identification (tooling-trusted-releases) via GitHub
• 2026/04/16 [GH] #997 and #1022 - rework extraction and quarantine logic to rely on exarch (tooling-trusted-releases) via GitHub
• 2026/04/16 [I] Cover more types of archive in quarantine code (tooling-trusted-releases) via GitHub
• 2026/04/16 [GH] #997 and #1022 - rework extraction and quarantine logic to rely on exarch (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] ATR JWTs Lack Explicit Token Type Identification (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] Admin Route Uses Insufficient Authorization Context for Storage Layer (tooling-trusted-releases) via GitHub
• 2026/04/16 Re: [I] ZIP Download Streaming Without Size or Time Guards (tooling-trusted-releases) via GitHub

• Earlier messages