commits  

Messages by Thread

• (tooling-actions) branch main updated: Rename old builds and update to new njord bundle based workflow arm
• (tooling-trusted-releases) branch sbp updated (5e288b2d -> e77fbe04) sbp
  • (tooling-trusted-releases) 01/01: Add a database model for the quarantined upload phase sbp
• (tooling-trusted-releases) branch main updated: #725 - make sure failures are logged from PAT failure and they include the user arm
• (tooling-trusted-releases) branch arm created (now 0912c5c2) arm
  • (tooling-trusted-releases) 01/01: #725 - make sure failures are logged from PAT failure and they include the user arm
• (tooling-trusted-releases) branch arm deleted (was aaff904c) arm
• (tooling-trusted-releases) branch main updated (5e288b2d -> 9b963ade) arm
  • (tooling-trusted-releases) 04/05: Remove cache ignore logic since we can't have an empty cache key now. Add policy dependencies to license and RAT checks. Enable local/global caching switch. Fix bug with task list. arm
  • (tooling-trusted-releases) 01/05: Remove check for task running and add unique constraint, for which we try to catch the IntegrityError. Include in playwright tests and don't use revision number to filter individual check results. arm
  • (tooling-trusted-releases) 03/05: Move github model into general models out of SBOM models arm
  • (tooling-trusted-releases) 05/05: Refactor check get logic to a shared method and remove some extra places where we still used release_name or version. Remove bulk-delete of check results. Update documentation. arm
  • (tooling-trusted-releases) 02/05: Change attestable hashes to dict and reuse to resolve TOCTOU of check result. Use attestable hashes for check reports. Add version to cache key. Add file hash to hash and signature check and github SHA to source_tree. arm
• (tooling-trusted-releases) branch arm updated (8369df95 -> aaff904c) arm
• (tooling-trusted-releases) branch arm updated (17014ea3 -> 8369df95) arm
• (tooling-trusted-releases) branch arm updated (fa45b20d -> 17014ea3) arm
• (tooling-trusted-releases) branch arm updated (6893b8e8 -> fa45b20d) arm
• (tooling-trusted-releases) branch main updated (f4d7dd38 -> 5e288b2d) sbp
• (tooling-trusted-releases) branch sbp updated (fa00a7ba -> 5e288b2d) sbp
  • (tooling-trusted-releases) 01/01: Set CodeQL to ignore permissions because ATR release data is public sbp
• (tooling-trusted-releases) branch arm updated (c93d0fc1 -> 6893b8e8) arm
• (tooling-trusted-releases) branch arm updated (3cd36ebb -> 40c9ca00) arm
• (tooling-trusted-releases) branch arm updated (40c9ca00 -> c93d0fc1) arm
• (tooling-trusted-releases) branch curl-extra-downloads-improvement deleted (was 15fcf0a3) sbp
• (tooling-trusted-releases) branch main updated: Improve curl download scripting sbp
• (tooling-trusted-releases) branch curl-extra-downloads-improvement created (now 15fcf0a3) wave
  • (tooling-trusted-releases) 01/01: Improve curl download scripting wave
• (tooling-trusted-releases) branch main updated (8fdb8c21 -> fa00a7ba) sbp
• (tooling-trusted-releases) branch sbp updated: Strengthen a couple of authorisation patterns sbp
• (tooling-trusted-releases) branch sbp updated (7281bdce -> 8fdb8c21) sbp
• (tooling-trusted-releases) branch invalidate-pats-manually-598 deleted (was 43a82152) sbp
• (tooling-trusted-releases) branch main updated: Manual PAT removal; fixes #598 sbp
• (tooling-trusted-releases) branch invalidate-pats-manually-598 updated (8dd0e3ba -> 43a82152) akm
• (tooling-trusted-releases) branch main updated (e693c2da -> 7281bdce) sbp
• (tooling-trusted-releases) branch main updated (48078cc5 -> e693c2da) sbp
• (tooling-trusted-releases) branch sbp updated: Use asfquart main, as it now supports maximum session lifetimes sbp
• (tooling-trusted-releases) branch sbp updated: Keep a strict subset of GitHub OIDC payloads sbp
• (tooling-trusted-releases) branch main updated (731a2962 -> 48078cc5) sbp
• (tooling-trusted-releases) branch main updated (141036f3 -> 731a2962) sbp
• (tooling-trusted-releases) branch sbp updated: Document the use of safe Markdown to HTML rendering in cmarkgfm sbp
• (tooling-trusted-releases) branch sbp updated (32550b7e -> 731a2962) sbp
  • (tooling-trusted-releases) 01/01: Check for banned ASF accounts in more places sbp
• (tooling-trusted-releases) branch main updated: Bump astral-sh/setup-uv from 7.2.0 to 7.3.0 sbp
• (tooling-trusted-releases) branch dependabot/github_actions/astral-sh/setup-uv-7.3.0 deleted (was b8a0cba8) sbp
• (tooling-trusted-releases) branch main updated: Return 404 when project is unknown in api endpoint call sbp
• (tooling-trusted-releases) branch main updated (f60da54d -> 030b4fc3) sbp
• (tooling-trusted-releases) branch arm updated (09fcb634 -> 3cd36ebb) arm
• (tooling-trusted-releases) branch sbp updated: Use the intersection of algorithms from asyncssh and ssh-audit sbp
• (tooling-trusted-releases) branch arm updated (f7aa150d -> 09fcb634) arm
• (tooling-trusted-releases) branch main updated (5d3140b0 -> f60da54d) sbp
• (tooling-trusted-releases) branch arm updated (9c2ab2b8 -> f7aa150d) arm
• (tooling-trusted-releases) branch dependabot/uv/werkzeug-3.1.6 deleted (was 74b6beac) github-bot
• (tooling-trusted-releases) branch dependabot/uv/flask-3.1.3 deleted (was c399547d) github-bot
• (tooling-trusted-releases) branch main updated (bb72770d -> 5d3140b0) sbp
• (tooling-trusted-releases) branch main updated (d434f574 -> bb72770d) sbp
• (tooling-trusted-releases) branch dependabot/uv/flask-3.1.3 created (now c399547d) github-bot
• (tooling-trusted-releases) branch dependabot/uv/werkzeug-3.1.6 created (now 74b6beac) github-bot
• (tooling-trusted-releases) branch sbp updated: Fix the encoding of JSON data in the form to move files sbp
• (tooling-trusted-releases) branch arm updated (96e1972f -> 9c2ab2b8) arm
• (tooling-trusted-releases) branch main updated (921c41df -> d434f574) sbp
• (tooling-trusted-releases) branch sbp updated: Rebuild JavaScript files sbp
• (tooling-trusted-releases) branch arm updated: Remove cache ignore logic from cache key methods since we can't have an empty cache key now. Add policy dependencies to license and RAT checks. arm
• (tooling-trusted-releases) branch arm updated (8463929f -> 87f6584c) arm
  • (tooling-trusted-releases) 02/02: Move github model into general models out of SBOM models arm
  • (tooling-trusted-releases) 01/02: Change attestable hashes to dict and reuse to resolve TOCTOU of check result. Use attestable hashes for check reports. Add version to cache key. Add file hash to hash and signature check and github SHA to source_tree. arm
• (tooling-trusted-releases) branch arm updated (48b66b8f -> 8463929f) arm
  • (tooling-trusted-releases) 01/02: Change attestable hashes to dict and reuse to resolve TOCTOU of check result. Use attestable hashes for check reports. Add version to cache key. Add file hash to hash and signature check and github SHA to source_tree. arm
  • (tooling-trusted-releases) 02/02: Move github model into general models out of SBOM models arm
• (tooling-trusted-releases) branch arm updated (1277dd4f -> 48b66b8f) arm
  • (tooling-trusted-releases) 02/02: Move github model into general models out of SBOM models arm
  • (tooling-trusted-releases) 01/02: Change attestable hashes to dict and reuse to resolve TOCTOU of check result. Use attestable hashes for check reports. Add version to cache key. Add file hash to hash and signature check and github SHA to source_tree. arm
• (tooling-trusted-releases) branch arm updated: Move github model into general models out of SBOM models arm
• (tooling-trusted-releases) branch arm updated (6d5b44f4 -> ce340687) arm
  • (tooling-trusted-releases) 01/03: Remove check for task running arm
  • (tooling-trusted-releases) 02/03: Remove check for task running and add unique constraint, for which we try to catch the IntegrityError. Include in playwright tests and don't use revision number to filter individual check results. arm
  • (tooling-trusted-releases) 03/03: Change attestable hashes to dict and reuse to resolve TOCTOU of check result. Use attestable hashes for check reports. Add version to cache key. Add file hash to hash and signature check and github SHA to source_tree. arm
• (tooling-trusted-releases) branch arm updated (292bbb57 -> 6d5b44f4) arm
  • (tooling-trusted-releases) 01/01: Change attestable hashes to dict and reuse to resolve TOCTOU of check result. Use attestable hashes for check reports. Add version to cache key. Add file hash to hash check and github SHA to source_tree. arm
• (tooling-trusted-releases) branch introduce-atr-status-config created (now ccbb72f5) wave
  • (tooling-trusted-releases) 01/01: Introduce ATR_STATUS and control recipient lists wave
• (tooling-trusted-releases) branch api-project-404-checks created (now 8b44798b) wave
  • (tooling-trusted-releases) 01/01: Return 404 when project is unknown in api endpoint call wave
• (tooling-trusted-releases) branch invalidate-pats-manually-598 created (now 8dd0e3ba) akm
  • (tooling-trusted-releases) 01/02: Invalidate PATs; fixes #598 akm
  • (tooling-trusted-releases) 02/02: Manual PAT removal; fixes #598 akm
• (tooling-trusted-releases) branch sbp updated (eb5b199a -> d434f574) sbp
  • (tooling-trusted-releases) 01/01: Set stricter permissions on all directories in revisions sbp
• (tooling-trusted-releases) branch block-scm-directories deleted (was c42dba37) sbp
• (tooling-trusted-releases) branch main updated (682d99b8 -> 921c41df) sbp
  • (tooling-trusted-releases) 01/02: Block SCM directories sbp
  • (tooling-trusted-releases) 02/02: Add dot file check sbp
• (tooling-trusted-releases) branch block-scm-directories updated (65ae06dc -> c42dba37) wave
• (tooling-trusted-releases) branch block-scm-directories created (now 65ae06dc) wave
  • (tooling-trusted-releases) 01/01: Block SCM directories wave
• (tooling-trusted-releases) branch main updated: pubsub url is https only closes #685 wave
• (tooling-trusted-releases) branch main updated: Add configuration to admin menu wave
• (tooling-trusted-releases) branch redaction-of-sensitive-configuration deleted (was a9d56ecb) sbp
• (tooling-trusted-releases) branch main updated: Assure debug mode is only set in development sbp
• (tooling-trusted-releases) branch debug-mode-only-in-dev-environment deleted (was 5d8e3a9d) sbp
• (tooling-trusted-releases) branch main updated: Redact sensitive configurations sbp
• (tooling-trusted-releases) branch redaction-of-sensitive-configuration created (now a9d56ecb) wave
  • (tooling-trusted-releases) 01/01: Redact sensitive configurations wave
• (tooling-trusted-releases) branch arm updated: Change attestable hashes to dict and reuse to resolve TOCTOU of check result. Use attestable hashes for check reports. Add version to cache key. Add file hash to hash check and github SHA to source_tree. arm
• (tooling-trusted-releases) branch debug-mode-only-in-dev-environment created (now 5d8e3a9d) wave
  • (tooling-trusted-releases) 01/01: Assure debug mode is only set in development wave
• (tooling-trusted-releases) branch sbp updated (7f5b0c63 -> eb5b199a) sbp
• (tooling-trusted-releases) branch arm updated (05bc0de2 -> 10d61a5b) arm
  • (tooling-trusted-releases) 02/02: Remove check for task running and add unique constraint, for which we try to catch the IntegrityError. Include in playwright tests and don't use revision number to filter individual check results. arm
  • (tooling-trusted-releases) 01/02: Remove check for task running arm
• (tooling-trusted-releases) branch main updated: Fix typo in log message. Closes #669. arm
• (tooling-trusted-releases) branch arm updated (8eceebb1 -> 05bc0de2) arm
  • (tooling-trusted-releases) 02/02: Remove check for task running and add unique constraint, for which we try to catch the IntegrityError. Include in playwright tests and don't use revision number to filter individual check results. arm
  • (tooling-trusted-releases) 01/02: Remove check for task running arm
• (tooling-trusted-releases) branch main updated: Pin Syft version in Dockerfile arm
• (tooling-trusted-releases) branch arm updated (c6638bb5 -> 8eceebb1) arm
  • (tooling-trusted-releases) 01/01: Remove check for task running and add unique constraint, for which we try to catch the IntegrityError. Include in playwright tests and don't use revision number to filter individual check results. arm
• (tooling-trusted-releases) branch arm updated (74981874 -> c6638bb5) arm
  • (tooling-trusted-releases) 01/02: Remove check for task running arm
  • (tooling-trusted-releases) 02/02: Remove check for task running and add unique constraint, which we try to catch the IntegrityError for arm
• (tooling-trusted-releases) branch main updated (f4faa08a -> 7f5b0c63) sbp
• (tooling-trusted-releases) branch main updated (bb8d5627 -> f4faa08a) sbp
• (tooling-trusted-releases) branch main updated (5e8f907b -> bb8d5627) sbp
• (tooling-trusted-releases) branch main updated (83e7d6c9 -> 5e8f907b) sbp
• (tooling-trusted-releases) branch main updated (5581675a -> 83e7d6c9) sbp
• (tooling-trusted-releases) branch sbp updated: Remove the deprecated context manager to create a new revision sbp
• (tooling-trusted-releases) branch sbp updated: Migrate a test route to use the new revision creation code sbp
• (tooling-trusted-releases) branch sbp updated: Fix some problems with e2e tests sbp
• (tooling-trusted-releases) branch main updated (b576d354 -> 5581675a) sbp
• (tooling-trusted-releases) branch sbp updated: Migrate revision creators that modify metadata sbp
• (tooling-trusted-releases) branch sbp updated: Migrate the revision creator that clones from a specific revision sbp
• (tooling-trusted-releases) branch main updated (32d79d70 -> b576d354) sbp
• (tooling-trusted-releases) branch main updated (a5745c15 -> 32d79d70) sbp
• (tooling-trusted-releases) branch sbp updated: Fix some code style problems sbp
• (tooling-trusted-releases) branch sbp updated: Migrate revision creators that add new files sbp
• (tooling-trusted-releases) branch main updated (96397103 -> a5745c15) sbp
• (tooling-trusted-releases) branch sbp updated: Make compose phase tests less fragile sbp
• (tooling-trusted-releases) branch main updated (e6887dac -> 96397103) sbp
• (tooling-trusted-releases) branch sbp updated: Migrate revision creators that modify existing files sbp
• (tooling-trusted-releases) branch main updated (f9410802 -> e6887dac) sbp
• (tooling-trusted-releases) branch sbp updated: Migrate revision creators that clone without modifications sbp
• (tooling-trusted-releases) branch main updated (b714fc98 -> f9410802) sbp
• (tooling-trusted-releases) branch sbp updated: Add a continuation passing style version of the method to create a revision sbp
• (tooling-trusted-releases) branch main updated (9847de95 -> b714fc98) sbp
• (tooling-trusted-releases) branch main updated (7028236b -> 9847de95) sbp
• (tooling-trusted-releases) branch sbp updated: Update dependencies sbp
  • (tooling-trusted-releases) branch sbp updated: Update dependencies sbp
  • (tooling-trusted-releases) branch sbp updated: Update dependencies sbp
  • (tooling-trusted-releases) branch sbp updated: Update dependencies sbp
  • (tooling-trusted-releases) branch sbp updated: Update dependencies sbp
  • (tooling-trusted-releases) branch sbp updated: Update dependencies sbp
  • (tooling-trusted-releases) branch sbp updated: Update dependencies sbp
  • (tooling-trusted-releases) branch sbp updated: Update dependencies sbp
  • (tooling-trusted-releases) branch sbp updated: Update dependencies sbp
  • (tooling-trusted-releases) branch sbp updated: Update dependencies sbp
  • (tooling-trusted-releases) branch sbp updated: Update dependencies sbp
  • (tooling-trusted-releases) branch sbp updated: Update dependencies sbp
• (tooling-trusted-releases) branch sbp updated: Update a comment in the function to browse as another user sbp
• (tooling-trusted-releases) branch arm updated (32f4ee3b -> 74981874) arm
  • (tooling-trusted-releases) 02/02: Remove check for task running and add unique constraint, which we try to catch the IntegrityError for arm
  • (tooling-trusted-releases) 01/02: Remove check for task running arm
• (tooling-trusted-releases) branch sbp updated: Remove unused data from a committer data verification sbp
• (tooling-trusted-releases) branch main updated (32f4ee3b -> 7028236b) sbp
• (tooling-trusted-releases) branch sbp updated (1e306a6f -> 7028236b) sbp
  • (tooling-trusted-releases) 01/01: Skip LDAP checks in development environments too sbp
• (tooling-trusted-releases) branch main updated (1e306a6f -> 32f4ee3b) arm
• (tooling-trusted-releases) branch arm updated (3aedfa5c -> 32f4ee3b) arm
  • (tooling-trusted-releases) 01/01: Check for running tasks as well as completed checks when using cache keys arm
• (tooling-trusted-releases) branch ssh-audit-677 created (now a281800d) sbp
  • (tooling-trusted-releases) 01/01: Use the intersection of algorithms from asyncssh and ssh-audit sbp
• (tooling-trusted-releases) branch arm updated: Check for running tasks as well as completed checks when using cache keys arm
• (tooling-trusted-releases) branch sbp updated (055ca95b -> 1e306a6f) sbp
• (tooling-trusted-releases) branch main updated (055ca95b -> 1e306a6f) sbp
• (tooling-trusted-releases) branch main updated (325ebf38 -> 055ca95b) sbp
• (tooling-trusted-releases) branch main updated (7406bb29 -> 325ebf38) sbp
• (tooling-trusted-releases) branch sbp updated (0ec0992c -> 055ca95b) sbp
  • (tooling-trusted-releases) 02/02: Fix some lint errors found by the updated linters sbp
  • (tooling-trusted-releases) 01/02: Update dependencies sbp
• (tooling-trusted-releases) branch check_caching deleted (was fd9feeb7) arm
• (tooling-trusted-releases) branch ssh_security_config updated (a94451de -> 1c982ca8) arm
• (tooling-trusted-releases) branch main updated (0c467bb2 -> 7406bb29) arm
• (tooling-trusted-releases) branch arm updated (76a4b9e1 -> 7406bb29) arm
  • (tooling-trusted-releases) 01/01: Validate LDAP account of the initiating user when a task is started. Closes #663. arm
• (tooling-trusted-releases) branch arm updated: Validate LDAP account of the initiating user when a task is started. Closes #663. arm
• (tooling-trusted-releases) branch arm updated: Remove unverified_header_and_payload function as unused. Closes #672. arm
• (tooling-trusted-releases) branch ssh_security_config created (now a94451de) arm
  • (tooling-trusted-releases) 01/01: #677 - Add explicit ciphers, kex and mac algorithms. arm
• (tooling-trusted-releases) branch main updated (bc8d8531 -> 0c467bb2) arm
• (tooling-trusted-releases) branch arm updated: Add LDAP validation to ASF sender IDs. Closes #654. arm
• (tooling-trusted-releases) branch arm updated (24f891be -> ff331509) arm
  • (tooling-trusted-releases) 02/02: Reject "dangerous" JWT headers. Closes #673. arm
  • (tooling-trusted-releases) 01/02: Add nbf claim to JWTs. Closes #675. arm
• (tooling-trusted-releases) branch dependabot/github_actions/astral-sh/setup-uv-7.3.0 created (now b8a0cba8) github-bot
• (tooling-releases-client) branch dependabot/github_actions/astral-sh/setup-uv-7.3.0 created (now 4b3f130) github-bot
• (tooling-trusted-releases) branch main updated: Adjust alpha 2 banner message wave
• (tooling-trusted-releases) branch arm updated (72c6b0d1 -> 24f891be) arm
• (tooling-trusted-releases) branch main updated: Fix scheduling bug in distribution status check arm
• (tooling-trusted-releases) branch main updated: Update warning banner text in base.html wave
• (tooling-trusted-releases) branch main updated: clarify: svn:dist not done by ATR yet (#649) wave
• (tooling-trusted-releases) branch arm updated: Fix scheduling bug in distribution status check arm
• (tooling-trusted-releases) branch main updated (0ec0992c -> beb2a2a8) arm

• Earlier messages
• Later messages