dev
Thread
Date
Earlier messages
Messages by Thread
[I] Some source archives are not detected at source (tooling-trusted-releases)
via GitHub
Re: [I] Some source archives are not detected at source (tooling-trusted-releases)
via GitHub
Re: [I] Some source archives are not detected at source (tooling-trusted-releases)
via GitHub
Re: [I] Some source archives are not detected at source (tooling-trusted-releases)
via GitHub
[I] Allow quarantine failure reports to be cleared (tooling-trusted-releases)
via GitHub
Re: [I] Allow quarantine failure reports to be cleared (tooling-trusted-releases)
via GitHub
Re: [I] Allow quarantine failure reports to be cleared (tooling-trusted-releases)
via GitHub
[I] Detailed quarantine archive extraction error messages are not reported (tooling-trusted-releases)
via GitHub
Re: [I] Detailed quarantine archive extraction error messages are not reported (tooling-trusted-releases)
via GitHub
Re: [I] Detailed quarantine archive extraction error messages are not reported (tooling-trusted-releases)
via GitHub
[I] Uploading PAX archives fails due to an extraction error (tooling-trusted-releases)
via GitHub
Re: [I] Uploading PAX archives fails due to an extraction error (tooling-trusted-releases)
via GitHub
Re: [I] Uploading PAX archives fails due to an extraction error (tooling-trusted-releases)
via GitHub
Re: [I] Uploading PAX archives fails due to an extraction error (tooling-trusted-releases)
via GitHub
[I] Determine a list of file types that can be blocked based on extension (tooling-trusted-releases)
via GitHub
Re: [I] Determine a list of file types that can be blocked based on extension (tooling-trusted-releases)
via GitHub
Re: [I] Determine a list of file types that can be blocked based on extension (tooling-trusted-releases)
via GitHub
Re: [I] Determine a list of file types that can be blocked based on extension (tooling-trusted-releases)
via GitHub
Re: [I] Determine a list of file types that can be blocked based on extension (tooling-trusted-releases)
via GitHub
Re: [I] Determine a list of file types that can be blocked based on extension (tooling-trusted-releases)
via GitHub
Re: [I] Determine a list of file types that can be blocked based on extension (tooling-trusted-releases)
via GitHub
[I] Backfill archives (tooling-trusted-releases)
via GitHub
Re: [I] Backfill archives (tooling-trusted-releases)
via GitHub
Re: [I] Backfill archives (tooling-trusted-releases)
via GitHub
[PR] Make token change emails more clear (tooling-trusted-releases)
via GitHub
[PR] Adjust topnav menu if ALLOW_TESTS (tooling-trusted-releases)
via GitHub
Re: [PR] Adjust topnav menu if ALLOW_TESTS (tooling-trusted-releases)
via GitHub
[I] Study replacing repository.apache.org (tooling-trusted-releases)
via GitHub
Re: [I] Study replacing repository.apache.org (tooling-trusted-releases)
via GitHub
[I] Revoke JWTs when a PAT is deleted (tooling-trusted-releases)
via GitHub
Re: [I] Revoke JWTs when a PAT is deleted (tooling-trusted-releases)
via GitHub
Re: [I] Revoke JWTs when a PAT is deleted (tooling-trusted-releases)
via GitHub
Re: [I] Revoke JWTs when a PAT is deleted (tooling-trusted-releases)
via GitHub
[I] [Discuss] Dependency release chains (tooling-trusted-releases)
via GitHub
Re: [I] [Discuss] Dependency release chains (tooling-trusted-releases)
via GitHub
Re: [I] [Discuss] Dependency release chains (tooling-trusted-releases)
via GitHub
[I] Vote result email To configuration (tooling-trusted-releases)
via GitHub
Re: [I] Vote result email To configuration (tooling-trusted-releases)
via GitHub
[PR] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
Re: [PR] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
Re: [PR] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
Re: [PR] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
Re: [PR] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
Re: [PR] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
Re: [PR] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
[GH] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
Re: [PR] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
[GH] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
[GH] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
[GH] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
[GH] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
[GH] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
[GH] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
[GH] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
[GH] Don't merge: for discussion (tooling-trusted-releases)
via GitHub
[GH] Utilising taint tracking types (tooling-trusted-releases)
via GitHub
[GH] Utilising taint tracking types (tooling-trusted-releases)
via GitHub
Re: [PR] Utilising taint tracking types (tooling-trusted-releases)
via GitHub
[PR] New atr logo topnav treatment (tooling-trusted-releases)
via GitHub
Re: [PR] New atr logo topnav treatment (tooling-trusted-releases)
via GitHub
Re: [PR] New atr logo topnav treatment (tooling-trusted-releases)
via GitHub
[PR] Add start_tls to smtp connection (tooling-trusted-releases)
via GitHub
Re: [PR] Add start_tls to smtp connection (tooling-trusted-releases)
via GitHub
Re: [PR] Add start_tls to smtp connection (tooling-trusted-releases)
via GitHub
[PR] Search ldap returning limited attributes (tooling-trusted-releases)
via GitHub
Re: [PR] Search ldap returning limited attributes (tooling-trusted-releases)
via GitHub
Re: [PR] Search ldap returning limited attributes (tooling-trusted-releases)
via GitHub
Re: [PR] Search ldap returning limited attributes (tooling-trusted-releases)
via GitHub
[PR] Use session asf_uid when adding ssh key and pat (tooling-trusted-releases)
via GitHub
Re: [PR] Use session asf_uid when adding ssh key and pat (tooling-trusted-releases)
via GitHub
[PR] Add explicit charset (tooling-trusted-releases)
via GitHub
Re: [PR] Add explicit charset (tooling-trusted-releases)
via GitHub
Re: [PR] Add explicit charset (tooling-trusted-releases)
via GitHub
Re: [PR] Add explicit charset (tooling-trusted-releases)
via GitHub
Re: [PR] Add explicit charset (tooling-trusted-releases)
via GitHub
Re: [PR] Add explicit charset (tooling-trusted-releases)
via GitHub
[I] Vote resolved date is not set (tooling-trusted-releases)
via GitHub
Re: [I] Vote resolved date is not set (tooling-trusted-releases)
via GitHub
Re: [I] Vote resolved date is not set (tooling-trusted-releases)
via GitHub
Re: [I] Vote resolved date is not set (tooling-trusted-releases)
via GitHub
Re: [I] Make all client responses JSON by default (tooling-trusted-releases)
via GitHub
Re: [I] Make all client responses JSON by default (tooling-trusted-releases)
via GitHub
Re: [I] Make all client responses JSON by default (tooling-trusted-releases)
via GitHub
[I] Regular root file gets reported as directory when `targz.structure` fails (tooling-trusted-releases)
via GitHub
Re: [I] Regular root file gets reported as directory when `targz.structure` fails (tooling-trusted-releases)
via GitHub
[PR] Validate no CR/LF in http header values (tooling-trusted-releases)
via GitHub
Re: [PR] Validate no CR/LF in http header values (tooling-trusted-releases)
via GitHub
[I] Document ATR disk layout and size requirements (tooling-trusted-releases)
via GitHub
[PR] #656 - add check_access to remaining handlers (tooling-trusted-releases)
via GitHub
Re: [PR] #656 - add check_access to remaining handlers (tooling-trusted-releases)
via GitHub
[PR] Adding comment about data display; fixes #711 (tooling-trusted-releases)
via GitHub
Re: [PR] Adding comment about data display; fixes #711 (tooling-trusted-releases)
via GitHub
[PR] Adding a comment about octet-stream; fixes #714 (tooling-trusted-releases)
via GitHub
Re: [PR] Adding a comment about octet-stream; fixes #714 (tooling-trusted-releases)
via GitHub
[PR] Adding comment for confirm dialog; fixes #767 (tooling-trusted-releases)
via GitHub
Re: [PR] Adding comment for confirm dialog; fixes #767 (tooling-trusted-releases)
via GitHub
[PR] Adding comment for vote email validation; fixes #773 (tooling-trusted-releases)
via GitHub
Re: [PR] Adding comment for vote email validation; fixes #773 (tooling-trusted-releases)
via GitHub
[PR] Adding comments for SVN upload sizes; fixes #718 (tooling-trusted-releases)
via GitHub
Re: [PR] Adding comments for SVN upload sizes; fixes #718 (tooling-trusted-releases)
via GitHub
Re: [PR] Adding comments for SVN upload sizes; fixes #718 (tooling-trusted-releases)
via GitHub
Re: [PR] Adding comments for SVN upload sizes; fixes #718 (tooling-trusted-releases)
via GitHub
Re: [PR] Adding comments for SVN upload sizes; fixes #718 (tooling-trusted-releases)
via GitHub
[PR] Adding Cache-Control params; fixes #788 (tooling-trusted-releases)
via GitHub
[GH] Adding Cache-Control params; fixes #788 (tooling-trusted-releases)
via GitHub
Re: [PR] Adding Cache-Control params; fixes #788 (tooling-trusted-releases)
via GitHub
[GH] Adding Cache-Control params; fixes #788 (tooling-trusted-releases)
via GitHub
[I] Audit guidance tests (tooling-trusted-releases)
via GitHub
[PR] Remove hardcoded tooling users (tooling-trusted-releases)
via GitHub
Re: [PR] Remove hardcoded tooling users (tooling-trusted-releases)
via GitHub
[PR] Satisfy ASVS #786 (tooling-trusted-releases)
via GitHub
Re: [PR] Satisfy ASVS #786 (tooling-trusted-releases)
via GitHub
Re: [PR] Satisfy ASVS #786 (tooling-trusted-releases)
via GitHub
[I] Rework or remove the published endpoint (tooling-trusted-releases)
via GitHub
Re: [I] Rework or remove the published endpoint (tooling-trusted-releases)
via GitHub
[I] Links on main docs page missing `docs/` (tooling-trusted-releases)
via GitHub
Re: [I] Links on main docs page missing `docs/` (tooling-trusted-releases)
via GitHub
Re: [I] Links on main docs page missing `docs/` (tooling-trusted-releases)
via GitHub
Re: [PR] Validate sec-fetch headers (tooling-trusted-releases)
via GitHub
Re: [PR] Validate sec-fetch headers (tooling-trusted-releases)
via GitHub
Re: [PR] Validate sec-fetch headers (tooling-trusted-releases)
via GitHub
[GH] Validate sec-fetch headers (tooling-trusted-releases)
via GitHub
[GH] Validate sec-fetch headers (tooling-trusted-releases)
via GitHub
Re: [PR] Remove unnecessary test endpoint (tooling-trusted-releases)
via GitHub
[PR] #344 - instructions on how to upload via GitHub Actions (tooling-trusted-releases)
via GitHub
[GH] #344 - instructions on how to upload via GitHub Actions (tooling-trusted-releases)
via GitHub
[GH] #344 - instructions on how to upload via GitHub Actions (tooling-trusted-releases)
via GitHub
Re: [PR] #344 - instructions on how to upload via GitHub Actions (tooling-trusted-releases)
via GitHub
[GH] #344 - instructions on how to upload via GitHub Actions (tooling-trusted-releases)
via GitHub
[I] Allow released files to be read more widely (tooling-trusted-releases)
via GitHub
Re: [I] Allow released files to be read more widely (tooling-trusted-releases)
via GitHub
Re: [PR] Drop admin privileges (tooling-trusted-releases)
via GitHub
Re: [PR] Drop admin privileges (tooling-trusted-releases)
via GitHub
[PR] Add check access controls for committers (tooling-trusted-releases)
via GitHub
Re: [PR] Add check access controls for committers (tooling-trusted-releases)
via GitHub
Re: [PR] Add check access controls for committers (tooling-trusted-releases)
via GitHub
Re: [PR] Add check access controls for committers (tooling-trusted-releases)
via GitHub
Re: [PR] Add has post access check for controls for committers (tooling-trusted-releases)
via GitHub
[PR] Fix manual vote resolution configuration (tooling-trusted-releases)
via GitHub
Re: [PR] Fix manual vote resolution configuration (tooling-trusted-releases)
via GitHub
Re: [PR] Fix manual vote resolution configuration (tooling-trusted-releases)
via GitHub
[I] Add CSP sandbox directive for directory listing responses (tooling-trusted-releases)
via GitHub
Re: [I] Add CSP sandbox directive for directory listing responses (tooling-trusted-releases)
via GitHub
Re: [I] Add CSP sandbox directive for directory listing responses (tooling-trusted-releases)
via GitHub
Re: [I] Add CSP sandbox directive for directory listing responses (tooling-trusted-releases)
via GitHub
Re: [I] Add CSP sandbox directive for directory listing responses (tooling-trusted-releases)
via GitHub
[I] Make CSRF token required in Form base class (tooling-trusted-releases)
via GitHub
[I] Test whether `csrf: str` works (tooling-trusted-releases)
via GitHub
Re: [I] Test whether `csrf: str` works (tooling-trusted-releases)
via GitHub
[I] Test whether `quart_wtf` works (tooling-trusted-releases)
via GitHub
Re: [I] Test whether `quart_wtf` works (tooling-trusted-releases)
via GitHub
Re: [I] Test whether `quart_wtf` works (tooling-trusted-releases)
via GitHub
[I] Verify CSRF coverage for `@post.empty()` decorated endpoints (tooling-trusted-releases)
via GitHub
Re: [I] Verify CSRF coverage for `@post.empty()` decorated endpoints (tooling-trusted-releases)
via GitHub
[I] ShellResponse and JWT endpoint missing Content-Disposition headers (tooling-trusted-releases)
via GitHub
Re: [I] ShellResponse and JWT endpoint missing Content-Disposition headers (tooling-trusted-releases)
via GitHub
[I] Add Origin header validation for API endpoints (tooling-trusted-releases)
via GitHub
Re: [I] Add Origin header validation for API endpoints (tooling-trusted-releases)
via GitHub
Re: [I] Add Origin header validation for API endpoints (tooling-trusted-releases)
via GitHub
Re: [I] Add Origin header validation for API endpoints (tooling-trusted-releases)
via GitHub
[I] Implement Sec-Fetch-* header validation middleware (tooling-trusted-releases)
via GitHub
Re: [I] Implement Sec-Fetch-* header validation middleware (tooling-trusted-releases)
via GitHub
[I] Move test routes to a separate blueprint (tooling-trusted-releases)
via GitHub
[I] `/test/login` performs session creation via GET request (tooling-trusted-releases)
via GitHub
Re: [I] `/test/login` performs session creation via GET request (tooling-trusted-releases)
via GitHub
[I] Logout is accessible via GET, enabling forced-logout attacks (tooling-trusted-releases)
via GitHub
Re: [I] Logout is accessible via GET, enabling forced-logout attacks (tooling-trusted-releases)
via GitHub
Re: [I] Logout is accessible via GET, enabling forced-logout attacks (tooling-trusted-releases)
via GitHub
Re: [I] Logout is accessible via GET, enabling forced-logout attacks (tooling-trusted-releases)
via GitHub
[I] `/admin/test` performs state-changing write via GET request (tooling-trusted-releases)
via GitHub
Re: [I] `/admin/test` performs state-changing write via GET request (tooling-trusted-releases)
via GitHub
[I] Pagination validation only checks upper bound (tooling-trusted-releases)
via GitHub
[I] Upload file path validation bypass when file_name parameter is provided (tooling-trusted-releases)
via GitHub
Re: [I] Upload file path validation bypass when file_name parameter is provided (tooling-trusted-releases)
via GitHub
[I] JWT subject (ASF UID) lacks format validation (tooling-trusted-releases)
via GitHub
[I] Create centralized input validation documentation (tooling-trusted-releases)
via GitHub
Re: [I] Create centralized input validation documentation (tooling-trusted-releases)
via GitHub
Re: [I] Create centralized input validation documentation (tooling-trusted-releases)
via GitHub
Re: [I] Create centralized input validation documentation (tooling-trusted-releases)
via GitHub
Re: [I] Create centralized input validation documentation (tooling-trusted-releases)
via GitHub
[I] Distribution data model uses lax schema allowing extra fields (tooling-trusted-releases)
via GitHub
Re: [I] Distribution data model uses lax schema allowing extra fields (tooling-trusted-releases)
via GitHub
[I] Email validation insufficient across codebase (tooling-trusted-releases)
via GitHub
[I] Vote content fields lack length and content validation (tooling-trusted-releases)
via GitHub
[I] Also check for null bytes (tooling-trusted-releases)
via GitHub
[I] Vote email body construction lacks input sanitization (tooling-trusted-releases)
via GitHub
Re: [I] Vote email body construction lacks input sanitization (tooling-trusted-releases)
via GitHub
[I] Task arguments lack schema validation in worker pipeline (tooling-trusted-releases)
via GitHub
[I] GitHub workflow arguments lack key/value validation (tooling-trusted-releases)
via GitHub
[I] Manual vote resolution bypasses required vote verification (tooling-trusted-releases)
via GitHub
Re: [I] Manual vote resolution bypasses required vote verification (tooling-trusted-releases)
via GitHub
Re: [I] Manual vote resolution bypasses required vote verification (tooling-trusted-releases)
via GitHub
[I] Allow `.gitkeep` as a temporary workaround (tooling-trusted-releases)
via GitHub
Re: [I] Allow `.gitkeep` as a temporary workaround (tooling-trusted-releases)
via GitHub
Re: [I] Allow `.gitkeep` as a temporary workaround (tooling-trusted-releases)
via GitHub
[I] Add protocol validation for external vulnerability URLs in SBOM display (tooling-trusted-releases)
via GitHub
Re: [I] Add protocol validation for external vulnerability URLs in SBOM display (tooling-trusted-releases)
via GitHub
[I] Refactor confirm dialog from inline JavaScript to data attributes (tooling-trusted-releases)
via GitHub
Re: [I] Refactor confirm dialog from inline JavaScript to data attributes (tooling-trusted-releases)
via GitHub
[I] Apply URL encoding to mailing list API query parameters (tooling-trusted-releases)
via GitHub
Earlier messages