dev

Messages by Thread

[I] Handle session isolation for mixed authentication methods (tooling-trusted-releases) via GitHub
- Re: [I] Handle session isolation for mixed authentication methods (tooling-trusted-releases) via GitHub
- Re: [I] Handle session isolation for mixed authentication methods (tooling-trusted-releases) via GitHub
- Re: [I] Handle session isolation for mixed authentication methods (tooling-trusted-releases) via GitHub
- Re: [I] Handle session isolation for mixed authentication methods (tooling-trusted-releases) via GitHub
[I] Invalidate all SSH keys when user account is disabled (tooling-trusted-releases) via GitHub
- Re: [I] Invalidate all SSH keys when user account is disabled (tooling-trusted-releases) via GitHub
[I] Invalidate authorization cache and session file cache on logout/session termination (tooling-trusted-releases) via GitHub
- Re: [I] Invalidate authorization cache and session file cache on logout/session termination (tooling-trusted-releases) via GitHub
- Re: [I] Invalidate authorization cache and session file cache on logout/session termination (tooling-trusted-releases) via GitHub
- Re: [I] Invalidate authorization cache and session file cache on logout/session termination (tooling-trusted-releases) via GitHub
- Re: [I] Invalidate authorization cache and session file cache on logout/session termination (tooling-trusted-releases) via GitHub
- Re: [I] Invalidate authorization cache and session file cache on logout/session termination (tooling-trusted-releases) via GitHub
- Re: [I] Invalidate authorization cache and session file cache on logout/session termination (tooling-trusted-releases) via GitHub
[I] Add LDAP account status check to session and JWT validation (tooling-trusted-releases) via GitHub
- Re: [I] Add LDAP account status check to session and JWT validation (tooling-trusted-releases) via GitHub
- Re: [I] Add LDAP account status check to session and JWT validation (tooling-trusted-releases) via GitHub
- Re: [I] Add LDAP account status check to session and JWT validation (tooling-trusted-releases) via GitHub
[I] Document safe usage of `cmarkgfm` (tooling-trusted-releases) via GitHub
- Re: [I] Document safe usage of `cmarkgfm` (tooling-trusted-releases) via GitHub
- Re: [I] Document safe usage of `cmarkgfm` (tooling-trusted-releases) via GitHub
[I] Add session regeneration on OAuth authentication (tooling-trusted-releases) via GitHub
[I] Implement JWT token revocation mechanism (tooling-trusted-releases) via GitHub
- Re: [I] Implement JWT token revocation mechanism (tooling-trusted-releases) via GitHub
- Re: [I] Implement JWT token revocation mechanism (tooling-trusted-releases) via GitHub
[I] Implement server-side session store to enable session revocation (tooling-trusted-releases) via GitHub
- Re: [I] Implement server-side session store to enable session revocation (tooling-trusted-releases) via GitHub
- Re: [I] Implement server-side session store to enable session revocation (tooling-trusted-releases) via GitHub
- Re: [I] Implement server-side session store to enable session revocation (tooling-trusted-releases) via GitHub
- Re: [I] Implement server-side session store to enable session revocation (tooling-trusted-releases) via GitHub
- Re: [I] Implement server-side session store to enable session revocation (tooling-trusted-releases) via GitHub
[I] Create security documentation for authentication defense controls (tooling-trusted-releases) via GitHub
- Re: [I] Create security documentation for authentication defense controls (tooling-trusted-releases) via GitHub
- Re: [I] Create security documentation for authentication defense controls (tooling-trusted-releases) via GitHub
[I] Work on using config option for alpha-only (tooling-trusted-releases) via GitHub
- Re: [I] Work on using config option for alpha-only (tooling-trusted-releases) via GitHub
[I] Make test email address conditional on test environment (tooling-trusted-releases) via GitHub
- Re: [I] Make test email address conditional on test environment (tooling-trusted-releases) via GitHub
- Re: [I] Make test email address conditional on test environment (tooling-trusted-releases) via GitHub
[I] Move hardcoded committee membership to external configuration (tooling-trusted-releases) via GitHub
- Re: [I] Move hardcoded committee membership to external configuration (tooling-trusted-releases) via GitHub
- Re: [I] Move hardcoded committee membership to external configuration (tooling-trusted-releases) via GitHub
[I] Add production safety check for ALLOW_TESTS configuration (tooling-trusted-releases) via GitHub
- Re: [I] Add production safety check for ALLOW_TESTS configuration (tooling-trusted-releases) via GitHub
[I] Implement authentication failure logging (tooling-trusted-releases) via GitHub
- Re: [I] Implement authentication failure logging (tooling-trusted-releases) via GitHub
[I] Add rate limiting to Trusted Publisher JWT API endpoints (tooling-trusted-releases) via GitHub
- Re: [I] Add rate limiting to Trusted Publisher JWT API endpoints (tooling-trusted-releases) via GitHub
- Re: [I] Add rate limiting to Trusted Publisher JWT API endpoints (tooling-trusted-releases) via GitHub
[I] SSH server lacks brute force protection (tooling-trusted-releases) via GitHub
- Re: [I] SSH server lacks brute force protection (tooling-trusted-releases) via GitHub
[I] Insufficient archive member path validation in check tasks (tooling-trusted-releases) via GitHub
- Re: [I] Insufficient archive member path validation in check tasks (tooling-trusted-releases) via GitHub
- Re: [I] Insufficient archive member path validation in check tasks (tooling-trusted-releases) via GitHub
- Re: [I] Insufficient archive member path validation in check tasks (tooling-trusted-releases) via GitHub
[I] Apply `form.to_relpath()` consistently in `draft.py` and `finish.py` POST handlers (tooling-trusted-releases) via GitHub
- Re: [I] Apply `form.to_relpath()` consistently in `draft.py` and `finish.py` POST handlers (tooling-trusted-releases) via GitHub
- Re: [I] Apply `form.to_relpath()` consistently in `draft.py` and `finish.py` POST handlers (tooling-trusted-releases) via GitHub
[I] Path traversal in storage layer `delete_file` and `generate_hash_file` (tooling-trusted-releases) via GitHub
- Re: [I] Path traversal in storage layer `delete_file` and `generate_hash_file` (tooling-trusted-releases) via GitHub
- Re: [I] Path traversal in storage layer `delete_file` and `generate_hash_file` (tooling-trusted-releases) via GitHub
- Re: [I] Path traversal in storage layer `delete_file` and `generate_hash_file` (tooling-trusted-releases) via GitHub
- Re: [I] Path traversal in storage layer `delete_file` and `generate_hash_file` (tooling-trusted-releases) via GitHub
- Re: [I] Path traversal in storage layer `delete_file` and `generate_hash_file` (tooling-trusted-releases) via GitHub
[I] Path traversal in attestable file path construction (tooling-trusted-releases) via GitHub
- Re: [I] Path traversal in attestable file path construction (tooling-trusted-releases) via GitHub
- Re: [I] Path traversal in attestable file path construction (tooling-trusted-releases) via GitHub
- Re: [I] Path traversal in attestable file path construction (tooling-trusted-releases) via GitHub
- Re: [I] Path traversal in attestable file path construction (tooling-trusted-releases) via GitHub
- Re: [I] Path traversal in attestable file path construction (tooling-trusted-releases) via GitHub
[I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
- Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
- Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
- Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
- Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
- Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
- Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
- Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
- Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
- Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
- Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
- Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
- Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
- Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
- Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
- Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
[I] Add size limits to LICENSE/NOTICE file reads and remote KEYS fetch (tooling-trusted-releases) via GitHub
- Re: [I] Add size limits to LICENSE/NOTICE file reads and remote KEYS fetch (tooling-trusted-releases) via GitHub
- Re: [I] Add size limits to LICENSE/NOTICE file reads and remote KEYS fetch (tooling-trusted-releases) via GitHub
[I] Add size limits to SSH/rsync file uploads (tooling-trusted-releases) via GitHub
- Re: [I] Add size limits to SSH/rsync file uploads (tooling-trusted-releases) via GitHub
- Re: [I] Add size limits to SSH/rsync file uploads (tooling-trusted-releases) via GitHub
- Re: [I] Add size limits to SSH/rsync file uploads (tooling-trusted-releases) via GitHub
[I] Enforce MAX_CONTENT_LENGTH and add file upload size limits across all HTTP entry points (tooling-trusted-releases) via GitHub
- Re: [I] Enforce MAX_CONTENT_LENGTH and add file upload size limits across all HTTP entry points (tooling-trusted-releases) via GitHub
- Re: [I] Enforce MAX_CONTENT_LENGTH and add file upload size limits across all HTTP entry points (tooling-trusted-releases) via GitHub
Re: [I] Evaluate compliance with ASVS v5.0.0 L1 criteria (tooling-trusted-releases) via GitHub
- Re: [I] Evaluate compliance with ASVS v5.0.0 L1 criteria (tooling-trusted-releases) via GitHub
- Re: [I] Evaluate compliance with ASVS v5.0.0 L1 criteria (tooling-trusted-releases) via GitHub
- Re: [I] Evaluate compliance with ASVS v5.0.0 L1 criteria (tooling-trusted-releases) via GitHub
Re: [I] Document the intended transition to JSON outputs by default in the client (tooling-trusted-releases) via GitHub
- Re: [I] Document the intended transition to JSON outputs by default in the client (tooling-trusted-releases) via GitHub
[I] Make client responses json by default (tooling-releases-client) via GitHub
Re: [I] Add log sealing (tooling-trusted-releases) via GitHub
Re: [I] Add read-only and read-write test projects (tooling-trusted-releases) via GitHub
- Re: [I] Add read-only and read-write test projects (tooling-trusted-releases) via GitHub
[I] Use accurate Content-Type for file downloads instead of generic application/octet-stream (tooling-trusted-releases) via GitHub
- Re: [I] Use accurate Content-Type for file downloads instead of generic application/octet-stream (tooling-trusted-releases) via GitHub
[I] Fix Content-Type mismatch — plain text error responses served as text/html in asfquart (tooling-trusted-releases) via GitHub
- Re: [I] Fix Content-Type mismatch — plain text error responses served as text/html in asfquart (tooling-trusted-releases) via GitHub
- Re: [I] Fix Content-Type mismatch — plain text error responses served as text/html in asfquart (tooling-trusted-releases) via GitHub
- Re: [I] Fix Content-Type mismatch — plain text error responses served as text/html in asfquart (tooling-trusted-releases) via GitHub
[I] Add explicit charset to JSON and text response helpers (tooling-trusted-releases) via GitHub
- Re: [I] Add explicit charset to JSON and text response helpers (tooling-trusted-releases) via GitHub
- Re: [I] Add explicit charset to JSON and text response helpers (tooling-trusted-releases) via GitHub
- Re: [I] Add explicit charset to JSON and text response helpers (tooling-trusted-releases) via GitHub
- Re: [I] Add explicit charset to JSON and text response helpers (tooling-trusted-releases) via GitHub
[I] Fix Content-Type mismatch — JSON returned as text/plain in /result/data endpoint (tooling-trusted-releases) via GitHub
- Re: [I] Fix Content-Type mismatch — JSON returned as text/plain in /result/data endpoint (tooling-trusted-releases) via GitHub
[I] Populate `version.py` at build time (tooling-trusted-releases) via GitHub
- Re: [I] Populate `version.py` at build time (tooling-trusted-releases) via GitHub
- Re: [I] Populate `version.py` at build time (tooling-trusted-releases) via GitHub
[I] Document pip-audit CVE exception/suppression process (tooling-trusted-releases) via GitHub
- Re: [I] Document pip-audit CVE exception/suppression process (tooling-trusted-releases) via GitHub
[I] Add a "historical only" flag for outdated keys (tooling-trusted-releases) via GitHub
- Re: [I] Add a "historical only" flag for outdated keys (tooling-trusted-releases) via GitHub
[I] Use explicit allowlist for GitHub OIDC payload fields (tooling-trusted-releases) via GitHub
- Re: [I] Use explicit allowlist for GitHub OIDC payload fields (tooling-trusted-releases) via GitHub
- Re: [I] Use explicit allowlist for GitHub OIDC payload fields (tooling-trusted-releases) via GitHub
[I] Extend Dependabot configuration to cover pip and Docker ecosystems (tooling-trusted-releases) via GitHub
- Re: [I] Extend Dependabot configuration to cover pip and Docker ecosystems (tooling-trusted-releases) via GitHub
[I] Pin syft version in Dockerfile (tooling-trusted-releases) via GitHub
- Re: [I] Pin syft version in Dockerfile (tooling-trusted-releases) via GitHub
[I] Add integrity verification for Apache RAT JAR (tooling-trusted-releases) via GitHub
- Re: [I] Add integrity verification for Apache RAT JAR (tooling-trusted-releases) via GitHub
- Re: [I] Add integrity verification for Apache RAT JAR (tooling-trusted-releases) via GitHub
- Re: [I] Add integrity verification for Apache RAT JAR (tooling-trusted-releases) via GitHub
- Re: [I] Add integrity verification for Apache RAT JAR (tooling-trusted-releases) via GitHub
[I] Prefix and formatting for LLM audit comments (tooling-trusted-releases) via GitHub
- Re: [I] Prefix and formatting for LLM audit comments (tooling-trusted-releases) via GitHub
- Re: [I] Prefix and formatting for LLM audit comments (tooling-trusted-releases) via GitHub
- Re: [I] Prefix and formatting for LLM audit comments (tooling-trusted-releases) via GitHub
- Re: [I] Prefix and formatting for LLM audit comments (tooling-trusted-releases) via GitHub
[I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
- Re: [I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
- Re: [I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
- Re: [I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
- Re: [I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
- Re: [I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
[I] Filter sensitive fields from Task objects in API responses (tooling-trusted-releases) via GitHub
- Re: [I] Filter sensitive fields from Task objects in API responses (tooling-trusted-releases) via GitHub
- Re: [I] Filter sensitive fields from Task objects in API responses (tooling-trusted-releases) via GitHub
[I] Extend secret redaction patterns in `/admin/configuration` endpoint (tooling-trusted-releases) via GitHub
- Re: [I] Extend secret redaction patterns in `/admin/configuration` endpoint (tooling-trusted-releases) via GitHub
[I] Remove `token_hash` from PersonalAccessToken API responses (tooling-trusted-releases) via GitHub
- Re: [I] Remove `token_hash` from PersonalAccessToken API responses (tooling-trusted-releases) via GitHub
- Re: [I] Remove `token_hash` from PersonalAccessToken API responses (tooling-trusted-releases) via GitHub
[I] Clear JWT token and CSRF token from DOM on session end / timeout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
- Re: [I] Clear JWT token and CSRF token from DOM on session end / timeout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
- Re: [I] Clear JWT token and CSRF token from DOM on session end / timeout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
- Re: [I] Clear JWT token and CSRF token from DOM on session end / timeout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
- Re: [I] Clear JWT token and CSRF token from DOM on session end / timeout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
- Re: [I] Clear JWT token and CSRF token from DOM on session end / timeout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
[I] Document reproducible builds, signing, SBOMs, and OpenSSF (tooling-trusted-releases) via GitHub
- Re: [I] Document reproducible builds, signing, SBOMs, and OpenSSF (tooling-trusted-releases) via GitHub
- Re: [I] Document reproducible builds, signing, SBOMs, and OpenSSF (tooling-trusted-releases) via GitHub
- Re: [I] Document reproducible builds, signing, SBOMs, and OpenSSF (tooling-trusted-releases) via GitHub
- Re: [I] Document reproducible builds, signing, SBOMs, and OpenSSF (tooling-trusted-releases) via GitHub
[I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
- Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
- Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
- Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
- Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
- Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
- Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
[I] Remove release from SVN import options (tooling-trusted-releases) via GitHub
- Re: [I] Remove release from SVN import options (tooling-trusted-releases) via GitHub
[PR] clarify ASF distribution vs third party channels (tooling-trusted-releases) via GitHub
- Re: [PR] clarify ASF distribution vs third party channels (tooling-trusted-releases) via GitHub
- Re: [PR] clarify ASF distribution vs third party channels (tooling-trusted-releases) via GitHub
[I] Update docs with relpath (tooling-trusted-releases) via GitHub
- Re: [I] Update docs with relpath (tooling-trusted-releases) via GitHub
- Re: [I] Update docs with relpath (tooling-trusted-releases) via GitHub
[I] Use continuation passing style for creating new revisions (tooling-trusted-releases) via GitHub
- Re: [I] Use continuation passing style for creating new revisions (tooling-trusted-releases) via GitHub
- Re: [I] Use continuation passing style for creating new revisions (tooling-trusted-releases) via GitHub
[I] Ensure that tasks themselves are cached as well as task results (tooling-trusted-releases) via GitHub
- Re: [I] Ensure that tasks themselves are cached as well as task results (tooling-trusted-releases) via GitHub
- Re: [I] Ensure that tasks themselves are cached as well as task results (tooling-trusted-releases) via GitHub
- Re: [I] Ensure that tasks themselves are cached as well as task results (tooling-trusted-releases) via GitHub
[PR] Use the intersection of algorithms from asyncssh and ssh-audit (tooling-trusted-releases) via GitHub
- Re: [PR] Use the intersection of algorithms from asyncssh and ssh-audit (tooling-trusted-releases) via GitHub
- Re: [PR] Use the intersection of algorithms from asyncssh and ssh-audit (tooling-trusted-releases) via GitHub
- Re: [PR] Use the intersection of algorithms from asyncssh and ssh-audit (tooling-trusted-releases) via GitHub
[PR] #677 - Add explicit ciphers, kex and mac algorithms. (tooling-trusted-releases) via GitHub
- Re: [PR] #677 - Add explicit ciphers, kex and mac algorithms. (tooling-trusted-releases) via GitHub
- Re: [PR] #677 - Add explicit ciphers, kex and mac algorithms. (tooling-trusted-releases) via GitHub
[I] Verify all DistributionPlatform template URLs use HTTPS (tooling-trusted-releases) via GitHub
- Re: [I] Verify all DistributionPlatform template URLs use HTTPS (tooling-trusted-releases) via GitHub
- Re: [I] Verify all DistributionPlatform template URLs use HTTPS (tooling-trusted-releases) via GitHub

Earlier messages
Later messages