commits  

Messages by Date

• 2026/02/23 (tooling-trusted-releases) 04/05: Remove cache ignore logic since we can't have an empty cache key now. Add policy dependencies to license and RAT checks. Enable local/global caching switch. Fix bug with task list. arm
• 2026/02/23 (tooling-trusted-releases) branch main updated (5e288b2d -> 9b963ade) arm
• 2026/02/23 (tooling-trusted-releases) branch arm updated (8369df95 -> aaff904c) arm
• 2026/02/23 (tooling-trusted-releases) branch arm updated (17014ea3 -> 8369df95) arm
• 2026/02/23 (tooling-trusted-releases) branch arm updated (fa45b20d -> 17014ea3) arm
• 2026/02/23 (tooling-trusted-releases) branch arm updated (6893b8e8 -> fa45b20d) arm
• 2026/02/23 (tooling-trusted-releases) branch main updated (f4d7dd38 -> 5e288b2d) sbp
• 2026/02/23 (tooling-trusted-releases) branch sbp updated (fa00a7ba -> 5e288b2d) sbp
• 2026/02/23 (tooling-trusted-releases) 01/01: Set CodeQL to ignore permissions because ATR release data is public sbp
• 2026/02/23 (tooling-trusted-releases) branch arm updated (c93d0fc1 -> 6893b8e8) arm
• 2026/02/23 (tooling-trusted-releases) branch arm updated (3cd36ebb -> 40c9ca00) arm
• 2026/02/23 (tooling-trusted-releases) branch arm updated (40c9ca00 -> c93d0fc1) arm
• 2026/02/20 (tooling-trusted-releases) branch curl-extra-downloads-improvement deleted (was 15fcf0a3) sbp
• 2026/02/20 (tooling-trusted-releases) branch main updated: Improve curl download scripting sbp
• 2026/02/20 (tooling-trusted-releases) 01/01: Improve curl download scripting wave
• 2026/02/20 (tooling-trusted-releases) branch curl-extra-downloads-improvement created (now 15fcf0a3) wave
• 2026/02/20 (tooling-trusted-releases) branch main updated (8fdb8c21 -> fa00a7ba) sbp
• 2026/02/20 (tooling-trusted-releases) branch sbp updated: Strengthen a couple of authorisation patterns sbp
• 2026/02/20 (tooling-trusted-releases) branch sbp updated (7281bdce -> 8fdb8c21) sbp
• 2026/02/20 (tooling-trusted-releases) branch invalidate-pats-manually-598 deleted (was 43a82152) sbp
• 2026/02/20 (tooling-trusted-releases) branch main updated: Manual PAT removal; fixes #598 sbp
• 2026/02/20 (tooling-trusted-releases) branch invalidate-pats-manually-598 updated (8dd0e3ba -> 43a82152) akm
• 2026/02/20 (tooling-trusted-releases) branch main updated (e693c2da -> 7281bdce) sbp
• 2026/02/20 (tooling-trusted-releases) branch main updated (48078cc5 -> e693c2da) sbp
• 2026/02/20 (tooling-trusted-releases) branch sbp updated: Use asfquart main, as it now supports maximum session lifetimes sbp
• 2026/02/20 (tooling-trusted-releases) branch sbp updated: Keep a strict subset of GitHub OIDC payloads sbp
• 2026/02/20 (tooling-trusted-releases) branch main updated (731a2962 -> 48078cc5) sbp
• 2026/02/20 (tooling-trusted-releases) branch main updated (141036f3 -> 731a2962) sbp
• 2026/02/20 (tooling-trusted-releases) branch sbp updated: Document the use of safe Markdown to HTML rendering in cmarkgfm sbp
• 2026/02/20 (tooling-trusted-releases) branch sbp updated (32550b7e -> 731a2962) sbp
• 2026/02/20 (tooling-trusted-releases) 01/01: Check for banned ASF accounts in more places sbp
• 2026/02/20 (tooling-trusted-releases) branch main updated: Bump astral-sh/setup-uv from 7.2.0 to 7.3.0 sbp
• 2026/02/20 (tooling-trusted-releases) branch dependabot/github_actions/astral-sh/setup-uv-7.3.0 deleted (was b8a0cba8) sbp
• 2026/02/20 (tooling-trusted-releases) branch main updated: Return 404 when project is unknown in api endpoint call sbp
• 2026/02/20 (tooling-trusted-releases) branch main updated (f60da54d -> 030b4fc3) sbp
• 2026/02/20 (tooling-trusted-releases) branch arm updated (09fcb634 -> 3cd36ebb) arm
• 2026/02/20 (tooling-trusted-releases) branch sbp updated: Use the intersection of algorithms from asyncssh and ssh-audit sbp
• 2026/02/20 (tooling-trusted-releases) branch arm updated (f7aa150d -> 09fcb634) arm
• 2026/02/20 (tooling-trusted-releases) branch main updated (5d3140b0 -> f60da54d) sbp
• 2026/02/20 (tooling-trusted-releases) branch arm updated (9c2ab2b8 -> f7aa150d) arm
• 2026/02/20 (tooling-trusted-releases) branch dependabot/uv/werkzeug-3.1.6 deleted (was 74b6beac) github-bot
• 2026/02/20 (tooling-trusted-releases) branch dependabot/uv/flask-3.1.3 deleted (was c399547d) github-bot
• 2026/02/20 (tooling-trusted-releases) branch main updated (bb72770d -> 5d3140b0) sbp
• 2026/02/20 (tooling-trusted-releases) branch main updated (d434f574 -> bb72770d) sbp
• 2026/02/20 (tooling-trusted-releases) branch sbp updated: Update dependencies sbp
• 2026/02/20 (tooling-trusted-releases) branch dependabot/uv/flask-3.1.3 created (now c399547d) github-bot
• 2026/02/20 (tooling-trusted-releases) branch dependabot/uv/werkzeug-3.1.6 created (now 74b6beac) github-bot
• 2026/02/20 (tooling-trusted-releases) branch sbp updated: Fix the encoding of JSON data in the form to move files sbp
• 2026/02/20 (tooling-trusted-releases) branch arm updated (96e1972f -> 9c2ab2b8) arm
• 2026/02/20 (tooling-trusted-releases) branch main updated (921c41df -> d434f574) sbp
• 2026/02/20 (tooling-trusted-releases) branch sbp updated: Rebuild JavaScript files sbp
• 2026/02/20 (tooling-trusted-releases) branch arm updated: Remove cache ignore logic from cache key methods since we can't have an empty cache key now. Add policy dependencies to license and RAT checks. arm
• 2026/02/20 (tooling-trusted-releases) 01/02: Change attestable hashes to dict and reuse to resolve TOCTOU of check result. Use attestable hashes for check reports. Add version to cache key. Add file hash to hash and signature check and github SHA to source_tree. arm
• 2026/02/20 (tooling-trusted-releases) branch arm updated (8463929f -> 87f6584c) arm
• 2026/02/20 (tooling-trusted-releases) 02/02: Move github model into general models out of SBOM models arm
• 2026/02/20 (tooling-trusted-releases) branch arm updated (48b66b8f -> 8463929f) arm
• 2026/02/20 (tooling-trusted-releases) 02/02: Move github model into general models out of SBOM models arm
• 2026/02/20 (tooling-trusted-releases) 01/02: Change attestable hashes to dict and reuse to resolve TOCTOU of check result. Use attestable hashes for check reports. Add version to cache key. Add file hash to hash and signature check and github SHA to source_tree. arm
• 2026/02/20 (tooling-trusted-releases) 01/02: Change attestable hashes to dict and reuse to resolve TOCTOU of check result. Use attestable hashes for check reports. Add version to cache key. Add file hash to hash and signature check and github SHA to source_tree. arm
• 2026/02/20 (tooling-trusted-releases) 02/02: Move github model into general models out of SBOM models arm
• 2026/02/20 (tooling-trusted-releases) branch arm updated (1277dd4f -> 48b66b8f) arm
• 2026/02/20 (tooling-trusted-releases) branch arm updated: Move github model into general models out of SBOM models arm
• 2026/02/20 (tooling-trusted-releases) 03/03: Change attestable hashes to dict and reuse to resolve TOCTOU of check result. Use attestable hashes for check reports. Add version to cache key. Add file hash to hash and signature check and github SHA to source_tree. arm
• 2026/02/20 (tooling-trusted-releases) 02/03: Remove check for task running and add unique constraint, for which we try to catch the IntegrityError. Include in playwright tests and don't use revision number to filter individual check results. arm
• 2026/02/20 (tooling-trusted-releases) branch arm updated (6d5b44f4 -> ce340687) arm
• 2026/02/20 (tooling-trusted-releases) 01/03: Remove check for task running arm
• 2026/02/20 (tooling-trusted-releases) 01/01: Change attestable hashes to dict and reuse to resolve TOCTOU of check result. Use attestable hashes for check reports. Add version to cache key. Add file hash to hash check and github SHA to source_tree. arm
• 2026/02/20 (tooling-trusted-releases) branch arm updated (292bbb57 -> 6d5b44f4) arm
• 2026/02/19 (tooling-trusted-releases) branch introduce-atr-status-config created (now ccbb72f5) wave
• 2026/02/19 (tooling-trusted-releases) 01/01: Introduce ATR_STATUS and control recipient lists wave
• 2026/02/19 (tooling-trusted-releases) 01/01: Return 404 when project is unknown in api endpoint call wave
• 2026/02/19 (tooling-trusted-releases) branch api-project-404-checks created (now 8b44798b) wave
• 2026/02/19 (tooling-trusted-releases) branch invalidate-pats-manually-598 created (now 8dd0e3ba) akm
• 2026/02/19 (tooling-trusted-releases) 02/02: Manual PAT removal; fixes #598 akm
• 2026/02/19 (tooling-trusted-releases) 01/02: Invalidate PATs; fixes #598 akm
• 2026/02/19 (tooling-trusted-releases) 01/01: Set stricter permissions on all directories in revisions sbp
• 2026/02/19 (tooling-trusted-releases) branch sbp updated (eb5b199a -> d434f574) sbp
• 2026/02/19 (tooling-trusted-releases) branch block-scm-directories deleted (was c42dba37) sbp
• 2026/02/19 (tooling-trusted-releases) 02/02: Add dot file check sbp
• 2026/02/19 (tooling-trusted-releases) 01/02: Block SCM directories sbp
• 2026/02/19 (tooling-trusted-releases) branch main updated (682d99b8 -> 921c41df) sbp
• 2026/02/19 (tooling-trusted-releases) branch block-scm-directories updated (65ae06dc -> c42dba37) wave
• 2026/02/19 (tooling-trusted-releases) branch block-scm-directories created (now 65ae06dc) wave
• 2026/02/19 (tooling-trusted-releases) 01/01: Block SCM directories wave
• 2026/02/19 (tooling-trusted-releases) branch main updated: pubsub url is https only closes #685 wave
• 2026/02/19 (tooling-trusted-releases) branch main updated: Add configuration to admin menu wave
• 2026/02/19 (tooling-trusted-releases) branch redaction-of-sensitive-configuration deleted (was a9d56ecb) sbp
• 2026/02/19 (tooling-trusted-releases) branch main updated: Assure debug mode is only set in development sbp
• 2026/02/19 (tooling-trusted-releases) branch debug-mode-only-in-dev-environment deleted (was 5d8e3a9d) sbp
• 2026/02/19 (tooling-trusted-releases) branch main updated: Redact sensitive configurations sbp
• 2026/02/19 (tooling-trusted-releases) 01/01: Redact sensitive configurations wave
• 2026/02/19 (tooling-trusted-releases) branch redaction-of-sensitive-configuration created (now a9d56ecb) wave
• 2026/02/19 (tooling-trusted-releases) branch arm updated: Change attestable hashes to dict and reuse to resolve TOCTOU of check result. Use attestable hashes for check reports. Add version to cache key. Add file hash to hash check and github SHA to source_tree. arm
• 2026/02/19 (tooling-trusted-releases) branch debug-mode-only-in-dev-environment created (now 5d8e3a9d) wave
• 2026/02/19 (tooling-trusted-releases) 01/01: Assure debug mode is only set in development wave
• 2026/02/19 (tooling-trusted-releases) branch sbp updated (7f5b0c63 -> eb5b199a) sbp
• 2026/02/19 (tooling-trusted-releases) branch arm updated (05bc0de2 -> 10d61a5b) arm
• 2026/02/19 (tooling-trusted-releases) 01/02: Remove check for task running arm
• 2026/02/19 (tooling-trusted-releases) 02/02: Remove check for task running and add unique constraint, for which we try to catch the IntegrityError. Include in playwright tests and don't use revision number to filter individual check results. arm
• 2026/02/19 (tooling-trusted-releases) branch main updated: Fix typo in log message. Closes #669. arm
• 2026/02/19 (tooling-trusted-releases) branch arm updated (8eceebb1 -> 05bc0de2) arm
• 2026/02/19 (tooling-trusted-releases) 01/02: Remove check for task running arm
• 2026/02/19 (tooling-trusted-releases) 02/02: Remove check for task running and add unique constraint, for which we try to catch the IntegrityError. Include in playwright tests and don't use revision number to filter individual check results. arm
• 2026/02/19 (tooling-trusted-releases) branch main updated: Pin Syft version in Dockerfile arm
• 2026/02/19 (tooling-trusted-releases) 01/01: Remove check for task running and add unique constraint, for which we try to catch the IntegrityError. Include in playwright tests and don't use revision number to filter individual check results. arm
• 2026/02/19 (tooling-trusted-releases) branch arm updated (c6638bb5 -> 8eceebb1) arm
• 2026/02/19 (tooling-trusted-releases) branch arm updated (74981874 -> c6638bb5) arm
• 2026/02/19 (tooling-trusted-releases) 02/02: Remove check for task running and add unique constraint, which we try to catch the IntegrityError for arm
• 2026/02/19 (tooling-trusted-releases) 01/02: Remove check for task running arm
• 2026/02/18 (tooling-trusted-releases) branch main updated (f4faa08a -> 7f5b0c63) sbp
• 2026/02/18 (tooling-trusted-releases) branch main updated (bb8d5627 -> f4faa08a) sbp
• 2026/02/18 (tooling-trusted-releases) branch main updated (5e8f907b -> bb8d5627) sbp
• 2026/02/18 (tooling-trusted-releases) branch main updated (83e7d6c9 -> 5e8f907b) sbp
• 2026/02/18 (tooling-trusted-releases) branch main updated (5581675a -> 83e7d6c9) sbp
• 2026/02/18 (tooling-trusted-releases) branch sbp updated: Remove the deprecated context manager to create a new revision sbp
• 2026/02/18 (tooling-trusted-releases) branch sbp updated: Migrate a test route to use the new revision creation code sbp
• 2026/02/18 (tooling-trusted-releases) branch sbp updated: Fix some problems with e2e tests sbp
• 2026/02/18 (tooling-trusted-releases) branch main updated (b576d354 -> 5581675a) sbp
• 2026/02/18 (tooling-trusted-releases) branch sbp updated: Migrate revision creators that modify metadata sbp
• 2026/02/18 (tooling-trusted-releases) branch sbp updated: Migrate the revision creator that clones from a specific revision sbp
• 2026/02/18 (tooling-trusted-releases) branch main updated (32d79d70 -> b576d354) sbp
• 2026/02/18 (tooling-trusted-releases) branch main updated (a5745c15 -> 32d79d70) sbp
• 2026/02/18 (tooling-trusted-releases) branch sbp updated: Fix some code style problems sbp
• 2026/02/18 (tooling-trusted-releases) branch sbp updated: Migrate revision creators that add new files sbp
• 2026/02/18 (tooling-trusted-releases) branch main updated (96397103 -> a5745c15) sbp
• 2026/02/18 (tooling-trusted-releases) branch sbp updated: Make compose phase tests less fragile sbp
• 2026/02/18 (tooling-trusted-releases) branch main updated (e6887dac -> 96397103) sbp
• 2026/02/18 (tooling-trusted-releases) branch sbp updated: Migrate revision creators that modify existing files sbp
• 2026/02/18 (tooling-trusted-releases) branch main updated (f9410802 -> e6887dac) sbp
• 2026/02/18 (tooling-trusted-releases) branch sbp updated: Migrate revision creators that clone without modifications sbp
• 2026/02/18 (tooling-trusted-releases) branch main updated (b714fc98 -> f9410802) sbp
• 2026/02/18 (tooling-trusted-releases) branch sbp updated: Add a continuation passing style version of the method to create a revision sbp
• 2026/02/18 (tooling-trusted-releases) branch main updated (9847de95 -> b714fc98) sbp
• 2026/02/18 (tooling-trusted-releases) branch main updated (7028236b -> 9847de95) sbp
• 2026/02/18 (tooling-trusted-releases) branch sbp updated: Update dependencies sbp
• 2026/02/17 (tooling-trusted-releases) branch sbp updated: Update a comment in the function to browse as another user sbp
• 2026/02/17 (tooling-trusted-releases) 01/02: Remove check for task running arm
• 2026/02/17 (tooling-trusted-releases) 02/02: Remove check for task running and add unique constraint, which we try to catch the IntegrityError for arm
• 2026/02/17 (tooling-trusted-releases) branch arm updated (32f4ee3b -> 74981874) arm
• 2026/02/17 (tooling-trusted-releases) branch sbp updated: Remove unused data from a committer data verification sbp
• 2026/02/17 (tooling-trusted-releases) branch main updated (32f4ee3b -> 7028236b) sbp
• 2026/02/17 (tooling-trusted-releases) 01/01: Skip LDAP checks in development environments too sbp
• 2026/02/17 (tooling-trusted-releases) branch sbp updated (1e306a6f -> 7028236b) sbp
• 2026/02/17 (tooling-trusted-releases) branch main updated (1e306a6f -> 32f4ee3b) arm
• 2026/02/17 (tooling-trusted-releases) branch arm updated (3aedfa5c -> 32f4ee3b) arm
• 2026/02/17 (tooling-trusted-releases) 01/01: Check for running tasks as well as completed checks when using cache keys arm
• 2026/02/17 (tooling-trusted-releases) branch ssh-audit-677 created (now a281800d) sbp
• 2026/02/17 (tooling-trusted-releases) 01/01: Use the intersection of algorithms from asyncssh and ssh-audit sbp
• 2026/02/17 (tooling-trusted-releases) branch arm updated: Check for running tasks as well as completed checks when using cache keys arm
• 2026/02/17 (tooling-trusted-releases) branch sbp updated (055ca95b -> 1e306a6f) sbp
• 2026/02/17 (tooling-trusted-releases) branch main updated (055ca95b -> 1e306a6f) sbp
• 2026/02/17 (tooling-trusted-releases) branch main updated (325ebf38 -> 055ca95b) sbp
• 2026/02/17 (tooling-trusted-releases) branch main updated (7406bb29 -> 325ebf38) sbp
• 2026/02/17 (tooling-trusted-releases) 01/02: Update dependencies sbp
• 2026/02/17 (tooling-trusted-releases) 02/02: Fix some lint errors found by the updated linters sbp
• 2026/02/17 (tooling-trusted-releases) branch sbp updated (0ec0992c -> 055ca95b) sbp
• 2026/02/17 (tooling-trusted-releases) branch check_caching deleted (was fd9feeb7) arm
• 2026/02/17 (tooling-trusted-releases) branch ssh_security_config updated (a94451de -> 1c982ca8) arm
• 2026/02/17 (tooling-trusted-releases) branch main updated (0c467bb2 -> 7406bb29) arm
• 2026/02/17 (tooling-trusted-releases) 01/01: Validate LDAP account of the initiating user when a task is started. Closes #663. arm
• 2026/02/17 (tooling-trusted-releases) branch arm updated (76a4b9e1 -> 7406bb29) arm
• 2026/02/17 (tooling-trusted-releases) branch arm updated: Validate LDAP account of the initiating user when a task is started. Closes #663. arm
• 2026/02/17 (tooling-trusted-releases) branch arm updated: Remove unverified_header_and_payload function as unused. Closes #672. arm
• 2026/02/17 (tooling-trusted-releases) branch ssh_security_config created (now a94451de) arm
• 2026/02/17 (tooling-trusted-releases) 01/01: #677 - Add explicit ciphers, kex and mac algorithms. arm
• 2026/02/17 (tooling-trusted-releases) branch main updated (bc8d8531 -> 0c467bb2) arm
• 2026/02/17 (tooling-trusted-releases) branch arm updated: Add LDAP validation to ASF sender IDs. Closes #654. arm
• 2026/02/17 (tooling-trusted-releases) 01/02: Add nbf claim to JWTs. Closes #675. arm
• 2026/02/17 (tooling-trusted-releases) branch arm updated (24f891be -> ff331509) arm
• 2026/02/17 (tooling-trusted-releases) 02/02: Reject "dangerous" JWT headers. Closes #673. arm
• 2026/02/16 (tooling-trusted-releases) branch dependabot/github_actions/astral-sh/setup-uv-7.3.0 created (now b8a0cba8) github-bot
• 2026/02/16 (tooling-releases-client) branch dependabot/github_actions/astral-sh/setup-uv-7.3.0 created (now 4b3f130) github-bot
• 2026/02/16 (tooling-trusted-releases) branch main updated: Adjust alpha 2 banner message wave
• 2026/02/16 (tooling-trusted-releases) branch arm updated (72c6b0d1 -> 24f891be) arm
• 2026/02/16 (tooling-trusted-releases) branch main updated: Fix scheduling bug in distribution status check arm
• 2026/02/16 (tooling-trusted-releases) branch main updated: Update warning banner text in base.html wave
• 2026/02/16 (tooling-trusted-releases) branch main updated: clarify: svn:dist not done by ATR yet (#649) wave
• 2026/02/16 (tooling-trusted-releases) branch arm updated: Fix scheduling bug in distribution status check arm
• 2026/02/16 (tooling-trusted-releases) branch main updated (0ec0992c -> beb2a2a8) arm
• 2026/02/16 (tooling-trusted-releases) 01/01: Update check caching to use hash keys of inputs arm
• 2026/02/16 (tooling-trusted-releases) branch arm updated (f25f14bd -> beb2a2a8) arm
• 2026/02/16 (tooling-trusted-releases) branch arm updated (fd9feeb7 -> f25f14bd) arm
• 2026/02/16 (tooling-trusted-releases) 01/01: Update check caching to use hash keys of inputs arm
• 2026/02/16 (tooling-trusted-releases) branch arm updated (0ec0992c -> fd9feeb7) arm
• 2026/02/16 (tooling-trusted-releases) branch check_caching updated (9c534313 -> fd9feeb7) arm
• 2026/02/16 (tooling-trusted-releases) 01/01: Update check caching to use hash keys of inputs arm
• 2026/02/16 (tooling-trusted-releases) branch arm updated (929a8c3b -> 0ec0992c) arm
• 2026/02/16 (tooling-trusted-releases) branch main updated (929a8c3b -> 0ec0992c) sbp
• 2026/02/16 (tooling-trusted-releases) 01/01: Update check caching to use hash keys of inputs arm
• 2026/02/16 (tooling-trusted-releases) branch check_caching updated (11c7ab4d -> 9c534313) arm
• 2026/02/16 (tooling-trusted-releases) 01/01: Add the arm branch to QA workflows sbp
• 2026/02/16 (tooling-trusted-releases) branch sbp updated (edc3cd49 -> 0ec0992c) sbp
• 2026/02/16 (tooling-trusted-releases) branch arm created (now 929a8c3b) arm
• 2026/02/16 (tooling-trusted-releases) branch check_caching created (now 11c7ab4d) arm
• 2026/02/16 (tooling-trusted-releases) 01/01: Update check caching to use hash keys of inputs arm
• 2026/02/16 (tooling-trusted-releases) branch main updated (133ab837 -> 929a8c3b) arm
• 2026/02/16 (tooling-trusted-releases) branch sbp updated (e71802b4 -> edc3cd49) sbp
• 2026/02/16 (tooling-trusted-releases) 01/01: Add the arm branch to QA workflows sbp
• 2026/02/16 (tooling-trusted-releases) branch main updated (d3a25637 -> 133ab837) arm
• 2026/02/16 (tooling-trusted-releases) branch check_caching deleted (was 448abfdf) arm

• Earlier messages
• Later messages