commits  

Messages by Date

• 2026/01/29 (tooling-trusted-releases) 01/01: Remove the commit target from the Makefile sbp
• 2026/01/29 (tooling-trusted-releases) branch sbp updated (ca978b9 -> a00a0af) sbp
• 2026/01/29 (tooling-trusted-releases) 01/02: #216 - Add pending distribution status and background task to check it. Refactor some of the distribution logic out to shared module and some of shared module to precent circular references. arm
• 2026/01/29 (tooling-trusted-releases) branch pending_dist_changes created (now 8ed69eb) arm
• 2026/01/29 (tooling-trusted-releases) 02/02: #216 - Scheduled task for pending distributions, add created_by to dist table. arm
• 2026/01/28 (tooling-trusted-releases) branch main updated: Use Hyperscan for ignore patterns to avoid backtracking attacks sbp
• 2026/01/28 (tooling-trusted-releases) branch main updated: Add hyperscan and update dependencies sbp
• 2026/01/28 (tooling-trusted-releases) 01/01: Use the Tooling project as a committee proxy in ASFQuart session data sbp
• 2026/01/28 (tooling-trusted-releases) branch main updated (fa62aea -> ee6ef4e) sbp
• 2026/01/28 (tooling-trusted-releases) branch main updated: Use the Tooling project as a committee proxy in ASFQuart session data sbp
• 2026/01/28 (tooling-trusted-releases) branch main updated (3e43462 -> 8c52b4c) sbp
• 2026/01/28 (tooling-trusted-releases) branch main updated: Add google-re2 and update dependencies sbp
• 2026/01/28 (tooling-trusted-releases) branch main updated: Note that ZIP extraction is not supported in the tarzip module sbp
• 2026/01/28 (tooling-trusted-releases) branch main updated: Ensure archive members limit can be disabled, and catch more widely sbp
• 2026/01/28 (tooling-trusted-releases) branch main updated: #598 - Check for account ban before issuing JWT arm
• 2026/01/28 (tooling-trusted-releases) branch main updated: Add unit tests for the archive member limit code sbp
• 2026/01/28 (tooling-trusted-releases) branch main updated: Archive member count limit #604 sbp
• 2026/01/28 (tooling-trusted-releases) branch archive-member-count-604 deleted (was b728116) sbp
• 2026/01/28 (tooling-trusted-releases) branch main updated: Fix problems with the code and tests for creating secure sessions sbp
• 2026/01/28 (tooling-trusted-releases) branch main updated: #596 - security documentation updated arm
• 2026/01/28 (tooling-trusted-releases) branch dependabot/github_actions/actions/checkout-6.0.2 deleted (was b0feef3) sbp
• 2026/01/28 (tooling-trusted-releases) branch main updated: Bump actions/checkout from 6.0.1 to 6.0.2 sbp
• 2026/01/28 (tooling-trusted-releases) branch dependabot/github_actions/actions/cache-5.0.2 deleted (was 09e592d) sbp
• 2026/01/28 (tooling-trusted-releases) branch main updated: Bump actions/cache from 5.0.1 to 5.0.2 sbp
• 2026/01/28 (tooling-trusted-releases) branch main updated: #596 - finite session lifetime by config - 72 hour default. arm
• 2026/01/28 (tooling-trusted-releases) branch main updated: feat(security): centralize secure HTTP sessions and enforce TLS 1.2+ (#548) sbp
• 2026/01/28 (tooling-trusted-releases) branch main updated: #508 - only consider non-staging distributions for blocking announce arm
• 2026/01/28 (tooling-actions) branch main updated: Align error handling and fix store name in validation arm
• 2026/01/28 (tooling-actions) branch main updated: Add suport for maven errors to production version, undo local testing changes to stg arm
• 2026/01/28 (tooling-trusted-releases) branch main updated: Use project release policy for tags arm
• 2026/01/28 (tooling-trusted-releases) branch main updated: Use project release policy for tags arm
• 2026/01/28 (tooling-actions) branch main updated: Add artificial wait arm
• 2026/01/28 (tooling-trusted-releases) branch main updated: #598 - Check for account existence before issuing JWT arm
• 2026/01/28 (tooling-trusted-releases) branch main updated (df2ee0f -> 4421595) arm
• 2026/01/28 (tooling-actions) branch main updated: Allow insecure for testing arm
• 2026/01/28 (tooling-actions) branch main updated: Remove test temporarily arm
• 2026/01/28 (tooling-actions) branch main updated (8fb39c1 -> a51c23e) arm
• 2026/01/28 (tooling-actions) 01/03: Test workflow for new tokens arm
• 2026/01/28 (tooling-actions) 03/03: support for changing host and port arm
• 2026/01/28 (tooling-actions) 02/03: Update stg distribution to use tokens arm
• 2026/01/28 (tooling-trusted-releases) branch main updated: Report on scheduled tasks as well as recent arm
• 2026/01/27 (tooling-trusted-releases) 01/01: Archive member count limit #604 akm
• 2026/01/27 (tooling-trusted-releases) branch archive-member-count-604 created (now b728116) akm
• 2026/01/27 (tooling-trusted-releases) branch main updated: Exclude Litestream tables from Alembic sbp
• 2026/01/27 (tooling-trusted-releases) branch main updated: Filter out SSL shutdown timeout errors from asyncio in Hypercorn sbp
• 2026/01/27 (tooling-trusted-releases) 01/01: Clear a session before setting an impersonated session sbp
• 2026/01/27 (tooling-trusted-releases) branch main updated (529347d -> ba6aceb) sbp
• 2026/01/27 (tooling-trusted-releases) branch main updated: Clear a session before setting an impersonated session sbp
• 2026/01/27 (tooling-trusted-releases) branch main updated: Validate release phase on manual resolution sbp
• 2026/01/27 (tooling-trusted-releases) branch main updated: Fix some problems with the admin script to import keys sbp
• 2026/01/27 (tooling-trusted-releases) branch main updated: Try the admin cache file in synchronous contexts too sbp
• 2026/01/27 (tooling-actions) branch main updated (995c85d -> 8fb39c1) arm
• 2026/01/27 (tooling-trusted-releases) branch main updated: #594 - Validate that OIDC is being used for endpoints where asf_uid is specifiable. arm
• 2026/01/27 (tooling-trusted-releases) branch main updated: #508 - block announcing through any channel until tagged distributions have been recorded arm
• 2026/01/27 (tooling-trusted-releases) branch jwtoken_multiple_sources updated: #504 - Add new ATR token to github workflows and validate arm
• 2026/01/27 (tooling-actions) branch main updated: Update stg distribution to use tokens arm
• 2026/01/27 (tooling-actions) branch main updated (e264cab -> b0cc433) arm
• 2026/01/27 (tooling-actions) 01/01: Test workflow for new tokens arm
• 2026/01/27 (tooling-actions) branch main updated (02c7180 -> e264cab) arm
• 2026/01/27 (tooling-actions) 01/01: Test workflow for new tokens arm
• 2026/01/27 (tooling-actions) 01/01: Test workflow for new tokens arm
• 2026/01/27 (tooling-actions) branch main updated (4e89fde -> 02c7180) arm
• 2026/01/27 (tooling-actions) branch main updated (2d7ce58 -> 4e89fde) arm
• 2026/01/27 (tooling-actions) 01/01: Test workflow for new tokens arm
• 2026/01/27 (tooling-actions) branch main updated: Test workflow for new tokens arm
• 2026/01/27 (tooling-trusted-releases) branch jwtoken_multiple_sources updated (aebbd92 -> 4467902) arm
• 2026/01/27 (tooling-trusted-releases) 01/02: #504 - enable jwtoken.require to take arguments, check tokens from multiple locations and process claims. Update asf_uid handling in API arm
• 2026/01/27 (tooling-trusted-releases) 02/02: #504 - don't get UID from token if you take it from args arm
• 2026/01/26 (tooling-trusted-releases) branch dependabot/github_actions/actions/cache-5.0.2 created (now 09e592d) github-bot
• 2026/01/26 (tooling-trusted-releases) branch dependabot/github_actions/actions/checkout-6.0.2 created (now b0feef3) github-bot
• 2026/01/26 (tooling-trusted-releases) branch dependabot/github_actions/biomejs/setup-biome-2.7.0 created (now a860d7c) github-bot
• 2026/01/26 (tooling-trusted-releases) branch main updated: Document ADMIN_USERS_ADDITIONAL sbp
• 2026/01/26 (tooling-trusted-releases) branch jwtoken_multiple_sources updated (329148e -> aebbd92) sbp
• 2026/01/26 (tooling-trusted-releases) branch jwtoken_multiple_sources updated: Document ADMIN_USERS_ADDITIONAL sbp
• 2026/01/26 (tooling-trusted-releases) branch main updated: #550 - re-enable worker RLIMITs and set RAT Java args and CycloneDX .NET environment to git within them arm
• 2026/01/26 (tooling-trusted-releases) branch main updated: Fix issue with SBOM OSV scan models, and allow scan of jar files. arm
• 2026/01/26 (tooling-trusted-releases) branch main updated: Catch all relevant errors when accessing the admin cache in workers sbp
• 2026/01/26 (tooling-trusted-releases) branch jwtoken_multiple_sources created (now aebbd92) arm
• 2026/01/26 (tooling-trusted-releases) 01/02: #504 - enable jwtoken.require to take arguments, check tokens from multiple locations and process claims. Update asf_uid handling in API arm
• 2026/01/26 (tooling-trusted-releases) 02/02: #504 - don't get UID from token if you take it from args arm
• 2026/01/23 (tooling-trusted-releases) branch main updated: Cleaning up notes; fixes #533 akm
• 2026/01/23 (tooling-trusted-releases) branch main updated: Prevent events from being double encoded in the audit logs sbp
• 2026/01/23 (tooling-trusted-releases) branch main updated: Fix audit logging when the storage interface is used in tasks sbp
• 2026/01/23 (tooling-trusted-releases) branch main updated: Move most logging paraphernalia to a new loggers module sbp
• 2026/01/23 (tooling-trusted-releases) branch main updated: Document how to resolve a known problem with pip-audit sbp
• 2026/01/23 (tooling-trusted-releases) branch main updated: Fix some problems with file tag YAML validation sbp
• 2026/01/23 (tooling-trusted-releases) branch main updated: Add a property to get the admin status of committer sessions sbp
• 2026/01/23 (tooling-trusted-releases) branch main updated: Move request logging for #549 into file. Reduce docker-compose healthchecks after startup. Log level configurable. arm
• 2026/01/23 (tooling-trusted-releases) branch main updated: Use the LDAP admins cache when checking whether the user is an admin sbp
• 2026/01/23 (tooling-trusted-releases) branch main updated: Cache admins from LDAP using a server task sbp
• 2026/01/23 (tooling-trusted-releases) branch main updated: Add a cache module with admin functions, and tests sbp
• 2026/01/23 (tooling-trusted-releases) branch main updated: Fix a couple of small documentation issues sbp
• 2026/01/23 (tooling-trusted-releases) branch main updated: Fixes #555 sbp
• 2026/01/23 (tooling-trusted-releases) branch security-docs-555 deleted (was 183517d) sbp
• 2026/01/23 (tooling-trusted-releases) branch main updated: Only change perms if necessary sbp
• 2026/01/23 (tooling-trusted-releases) 01/01: Add an LDAP search that discovers admin users sbp
• 2026/01/23 (tooling-trusted-releases) branch main updated (8d7a9d7 -> 809056b) sbp
• 2026/01/23 (tooling-trusted-releases) branch main updated: Add an LDAP search that discovers admin users sbp
• 2026/01/23 (tooling-trusted-releases) branch main updated: docs: document generated source file detection and exclusions (Fixes #477) sbp
• 2026/01/23 (tooling-trusted-releases) branch main updated: #535 - Add rate limiting on PAT and JWT endpoints arm
• 2026/01/23 (tooling-trusted-releases) branch main updated: Don't set up rate limits in testing arm
• 2026/01/23 (tooling-trusted-releases) branch main updated: #535 - Add specific rate limits to security-focused endpoints. Make sure user ID is logged in more cases (including 429s) arm
• 2026/01/23 (tooling-trusted-releases) branch main updated: #535 - Only proxyfix in non-local arm
• 2026/01/23 (tooling-trusted-releases) branch main updated: Log useragents arm
• 2026/01/23 (tooling-trusted-releases) branch main updated (b63b2e6 -> 2469e10) arm
• 2026/01/23 (tooling-trusted-releases) 01/01: #535 - Add global and API rate limits and proxyfix middleware. arm
• 2026/01/23 (tooling-trusted-releases) branch rate_limiting created (now 2469e10) arm
• 2026/01/23 (tooling-trusted-releases) branch main updated (77bb20b -> b63b2e6) arm
• 2026/01/22 (tooling-trusted-releases) branch main updated (61a012c -> 77bb20b) sbp
• 2026/01/22 (tooling-trusted-releases) 02/02: Update new code akm
• 2026/01/22 (tooling-trusted-releases) branch main updated: Document how to contribute documentation sbp
• 2026/01/22 (tooling-trusted-releases) branch main updated: Remove the outdated implementation plan sbp
• 2026/01/22 (tooling-trusted-releases) branch security-docs-555 updated (a780a74 -> 183517d) akm
• 2026/01/22 (tooling-trusted-releases) 01/02: Update storage interface error messages akm
• 2026/01/22 (tooling-trusted-releases) branch storage-interface-error-messages-redux deleted (was 16191b5) sbp
• 2026/01/22 (tooling-trusted-releases) branch storage-interface-error-messages-redux created (now 16191b5) akm
• 2026/01/22 (tooling-trusted-releases) branch main updated: Fixes #486 sbp
• 2026/01/22 (tooling-trusted-releases) branch improve-documentation-486 deleted (was 3d6ff6b) sbp
• 2026/01/22 (tooling-trusted-releases) branch improve-documentation-486 updated (559986e -> 3d6ff6b) akm
• 2026/01/22 (tooling-actions) branch main updated: Use the new tagging feature to download only maven files via rsync arm
• 2026/01/22 (tooling-trusted-releases) branch main updated (98d99a5 -> 3299763) arm
• 2026/01/22 (tooling-trusted-releases) branch atr_tagging deleted (was 3dce55d) arm
• 2026/01/22 (tooling-trusted-releases) branch atr_tagging updated (d3fba2b -> 3dce55d) arm
• 2026/01/22 (tooling-trusted-releases) branch atr_tagging updated (14de809 -> d3fba2b) arm
• 2026/01/22 (tooling-trusted-releases) branch atr_tagging updated (fca23a4 -> 14de809) arm
• 2026/01/22 (tooling-releases-client) branch dependabot/github_actions/actions/upload-artifact-6.0.0 created (now e7d291d) github-bot
• 2026/01/22 (tooling-releases-client) branch dependabot/github_actions/astral-sh/setup-uv-7.2.0 created (now 4c3b0d8) github-bot
• 2026/01/22 (tooling-releases-client) branch dependabot/github_actions/actions/checkout-6.0.2 created (now 718ea35) github-bot
• 2026/01/22 (tooling-trusted-releases) branch atr_tagging updated (95ed430 -> fca23a4) arm
• 2026/01/22 (tooling-trusted-releases) branch atr_tagging updated (9517a6e -> 95ed430) arm
• 2026/01/22 (tooling-trusted-releases) branch main updated: Configure session cookie security attributes (#574) wave
• 2026/01/22 (tooling-trusted-releases) branch atr_tagging updated (d1e357f -> 9517a6e) arm
• 2026/01/22 (tooling-trusted-releases) branch main updated: Show tracebacks in development environments sbp
• 2026/01/22 (tooling-trusted-releases) branch storage-interface-error-messages updated (81381de -> b097679) wave
• 2026/01/22 (tooling-trusted-releases) branch storage-interface-error-messages updated (b097679 -> 972ed31) wave
• 2026/01/22 (tooling-trusted-releases) branch session-cookie-security deleted (was 67a19c5) wave
• 2026/01/22 (tooling-trusted-releases) branch main updated: Restore the ASFQuart default setting for SameSite sbp
• 2026/01/22 (tooling-trusted-releases) branch main updated (1f62359 -> c7a5d9d) arm
• 2026/01/22 (tooling-trusted-releases) branch no-traceback-on-error-html deleted (was 2a722f8) wave
• 2026/01/22 (tooling-trusted-releases) branch main updated: No traceback on error html page (#578) wave
• 2026/01/22 (tooling-trusted-releases) branch no-traceback-on-error-html updated (622fe3b -> 2a722f8) wave
• 2026/01/22 (tooling-trusted-releases) branch storage-interface-error-messages updated (c412118 -> 81381de) wave
• 2026/01/22 (tooling-trusted-releases) branch atr_tagging updated (65cc07f -> d1e357f) arm
• 2026/01/22 (tooling-trusted-releases) branch storage-interface-error-messages updated (4cb9b74 -> c412118) wave
• 2026/01/22 (tooling-trusted-releases) branch main updated (8818629 -> c7fac9f) arm
• 2026/01/22 (tooling-trusted-releases) branch main updated: Send email through the storage interface and add audit logging sbp
• 2026/01/22 (tooling-trusted-releases) branch atr_tagging updated: #475 - Remove endpoint as not needed for distribution any more arm
• 2026/01/22 (tooling-trusted-releases) 01/03: #475 - add tagging field to release policy arm
• 2026/01/22 (tooling-trusted-releases) 02/03: #475 - Add endpoint to get tagging spec for a release arm
• 2026/01/22 (tooling-trusted-releases) branch atr_tagging updated (1b36fbd -> 35b3d99) arm
• 2026/01/22 (tooling-trusted-releases) 03/03: #476 - allow rsync to specify a tag as part of the URL arm
• 2026/01/22 (tooling-trusted-releases) branch main updated: Add some e2e token tests sbp
• 2026/01/22 (tooling-trusted-releases) branch main updated: Notify users on authentication credentials change sbp
• 2026/01/22 (tooling-trusted-releases) branch notify-users-on-pat deleted (was 419a162) sbp
• 2026/01/22 (tooling-trusted-releases) branch main updated: #549 and #471 - implement structured logging when running not in debug mode arm
• 2026/01/22 (tooling-trusted-releases) 01/02: #475 - add tagging field to release policy arm
• 2026/01/22 (tooling-trusted-releases) 02/02: #475 - Add endpoint to get tagging spec for a release arm
• 2026/01/22 (tooling-trusted-releases) branch atr_tagging updated (03dcb51 -> 1b36fbd) arm
• 2026/01/21 (tooling-trusted-releases) branch no-traceback-on-error-html created (now 622fe3b) wave
• 2026/01/21 (tooling-trusted-releases) 01/01: No traceback on error html page wave
• 2026/01/21 (tooling-trusted-releases) branch notify-users-on-pat updated (3d9fb43 -> 419a162) wave
• 2026/01/21 (tooling-trusted-releases) 01/01: Fixes #486 akm
• 2026/01/21 (tooling-trusted-releases) branch improve-documentation-486 created (now 559986e) akm
• 2026/01/21 (tooling-trusted-releases) 01/01: Update storage interface error messages wave
• 2026/01/21 (tooling-trusted-releases) branch storage-interface-error-messages created (now 4cb9b74) wave
• 2026/01/21 (tooling-trusted-releases) 01/01: Fixes #555 akm
• 2026/01/21 (tooling-trusted-releases) branch security-docs-555 created (now a780a74) akm
• 2026/01/21 (tooling-trusted-releases) 01/01: Configure session cookie security attributes wave
• 2026/01/21 (tooling-trusted-releases) branch session-cookie-security created (now 67a19c5) wave
• 2026/01/21 (tooling-trusted-releases) 01/01: Notify users on authentication credentials change wave
• 2026/01/21 (tooling-trusted-releases) branch notify-users-on-pat created (now 3d9fb43) wave
• 2026/01/21 (tooling-trusted-releases) branch main updated: Add too large a payload handler (#572) wave
• 2026/01/21 (tooling-trusted-releases) branch 413-errors deleted (was 0197394) wave
• 2026/01/21 (tooling-trusted-releases) branch main updated (3af4e0e -> bd4462e) sbp
• 2026/01/21 (tooling-trusted-releases) branch main updated (9ff6af3 -> 3af4e0e) sbp
• 2026/01/21 (tooling-trusted-releases) branch 413-errors updated: Do not produce extra stacktraces wave
• 2026/01/21 (tooling-trusted-releases) branch main updated: Use sentence case in headings sbp
• 2026/01/21 (tooling-trusted-releases) branch 413-errors updated: Correct message wave
• 2026/01/21 (tooling-trusted-releases) 01/01: Too large a payload handler wave
• 2026/01/21 (tooling-trusted-releases) branch 413-errors created (now 48f279b) wave
• 2026/01/21 (tooling-trusted-releases) branch main updated: Fix unparenthesized subexpressions sbp
• 2026/01/21 (tooling-trusted-releases) branch main updated: Run pre-commit hooks on pushes to the primary development branches sbp
• 2026/01/21 (tooling-trusted-releases) branch main updated: Downgrade Biome to allow lints to run in CI sbp
• 2026/01/21 (tooling-trusted-releases) branch main updated: Fix Markdown issues detected by linting sbp
• 2026/01/21 (tooling-trusted-releases) branch table-formatting-fix deleted (was 168c15e) sbp
• 2026/01/21 (tooling-trusted-releases) branch main updated: Removing tables, linted sbp
• 2026/01/21 (tooling-trusted-releases) branch table-formatting-fix created (now 168c15e) akm
• 2026/01/21 (tooling-trusted-releases) 01/01: Removing tables, linted akm
• 2026/01/21 (tooling-trusted-releases) branch main updated: Make the use of configuration more efficient in the server module sbp
• 2026/01/21 (tooling-trusted-releases) branch atr_tagging updated: #475 - Add endpoint to get tagging spec for a release arm
• 2026/01/21 (tooling-trusted-releases) branch atr_tagging created (now 999e4e2) arm
• 2026/01/21 (tooling-trusted-releases) 01/01: #475 - add tagging field to release policy arm
• 2026/01/21 (tooling-actions) branch main updated: Rename njord store to make it more obvious deployment came from ATR arm
• 2026/01/21 (tooling-actions) branch main updated: Wait before recording the distribution to give time to propagate arm
• 2026/01/21 (tooling-actions) 01/01: Pull correct secrets into env and fix staging arg arm
• 2026/01/21 (tooling-actions) branch main updated (0fafd8e -> 0cce9f3) arm
• 2026/01/21 (tooling-actions) branch main updated: Pull correct secrets into env arm
• 2026/01/21 (tooling-actions) branch main updated: Try to update URL in pom? arm
• 2026/01/21 (tooling-actions) branch main updated: Rename run for stg arm
• 2026/01/21 (tooling-trusted-releases) branch main updated (9af8b4c -> 44cdc6b) arm

• Earlier messages
• Later messages