dev  

Messages by Date

• 2025/12/26 Re: [I] Discuss possible DOAP workflows and UX (tooling-trusted-releases) via GitHub
• 2025/12/26 [I] DOAP files in port of projects.apache.org (tooling-trusted-releases) via GitHub
• 2025/12/26 Re: [I] Discuss possible DOAP workflows and UX (tooling-trusted-releases) via GitHub
• 2025/12/26 Re: [I] Export data through Transparency Exchange API (tooling-trusted-releases) via GitHub
• 2025/12/26 Re: [I] Require two approvals for important actions (tooling-trusted-releases) via GitHub
• 2025/12/26 Re: [I] We could use `prettier` with `pre-commit` to auto format some file types to stop all the on-going debates over styles (tooling-trusted-releases) via GitHub
• 2025/12/26 Re: [I] We could use `prettier` with `pre-commit` to auto format some file types to stop all the on-going debates over styles (tooling-trusted-releases) via GitHub
• 2025/12/26 Re: [I] Allow users to configure between lightweight and RAT checks (tooling-trusted-releases) via GitHub
• 2025/12/24 Re: [I] https://github.com/apache/tooling-docs.git (tooling-docs) via GitHub
• 2025/12/24 [I] https://github.com/apache/tooling-docs.git (tooling-docs) via GitHub
• 2025/12/24 Re: [PR] Pull previous SBOM results into the report and highlight new/changed vulnerabilities/licenses (tooling-trusted-releases) via GitHub
• 2025/12/24 [GH] Pull previous SBOM results into the report and highlight new/changed vulnerabilities/licenses (tooling-trusted-releases) via GitHub
• 2025/12/24 [GH] Pull previous SBOM results into the report and highlight new/changed vulnerabilities/licenses (tooling-trusted-releases) via GitHub
• 2025/12/24 [GH] Pull previous SBOM results into the report and highlight new/changed vulnerabilities/licenses (tooling-trusted-releases) via GitHub
• 2025/12/24 [GH] Pull previous SBOM results into the report and highlight new/changed vulnerabilities/licenses (tooling-trusted-releases) via GitHub
• 2025/12/24 [GH] Pull previous SBOM results into the report and highlight new/changed vulnerabilities/licenses (tooling-trusted-releases) via GitHub
• 2025/12/24 [GH] Pull previous SBOM results into the report and highlight new/changed vulnerabilities/licenses (tooling-trusted-releases) via GitHub
• 2025/12/24 [GH] Pull previous SBOM results into the report and highlight new/changed vulnerabilities/licenses (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Release policy improvements for ATR (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Release policy improvements for ATR (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Release policy improvements for ATR (tooling-trusted-releases) via GitHub
• 2025/12/23 [GH] Pull previous SBOM results into the report and highlight new/changed vulnerabilities/licenses (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Release policy improvements for ATR (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [PR] Pull previous SBOM results into the report and highlight new/changed vulnerabilities/licenses (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [PR] Pull previous SBOM results into the report and highlight new/changed vulnerabilities/licenses (tooling-trusted-releases) via GitHub
• 2025/12/23 [PR] Pull previous SBOM results into the report and highlight new/changed … (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Release policy improvements for ATR (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Evaluate ASVS v5.0.0 compliance: server side execution (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Disable the announce button until confirm is clicked (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Disable the announce button until confirm is clicked (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Consider Sigstore or other alternatives to local signing (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Add a tutorial explaining how to sign artifacts using OpenPGP (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Add a new class of check outcome that cannot be ignored (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Choose how to distinguish files for uploading to third party platforms (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Fix UX when an unauthorized user visits the vote page when the release is no longer in that phase (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Fix UX when an unauthorized user visits the vote page when the release is no longer in that phase (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Ensure that JS packages are installed using recommended security practices (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Fix the APPLICATION DATA AFTER CLOSE NOTIFY error in Hypercorn (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Fix the APPLICATION DATA AFTER CLOSE NOTIFY error in Hypercorn (tooling-trusted-releases) via GitHub
• 2025/12/23 Re: [I] Ability to record +1 by release manager (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Disable the announce button until confirm is clicked (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Ensure that JS packages are installed using recommended security practices (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Require two approvals for important actions (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Should convenience packages be rat-checked (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Root directory not matching ? Should we always use -source ? (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Make UX when an unauthorized users visit the vote page when the release is not in that phase (tooling-trusted-releases) via GitHub
• 2025/12/22 [I] Make UX when an unauthorized users visit the vote page when the release is not in that phase (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Always show the current release phase status even on outdated phase pages (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Always show the current release phase status even on outdated phase pages (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Ability to record +1 by release manager (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Allow error check results to be turned into a TODO list (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Improve the SBOM license scanner (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Improve the SBOM license scanner (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Improve the SBOM license scanner (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Fix the APPLICATION DATA AFTER CLOSE NOTIFY error in Hypercorn (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Fix the APPLICATION DATA AFTER CLOSE NOTIFY error in Hypercorn (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Clarify and constrain permitted ASF TLP version numbers (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Project lifecycle information as part of the release catalog (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Evaluate endoflife.date (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Release catalog model (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Release catalog model (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Record when committees are automatically updated (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Make the audit log efficient to query, or the database tamper resistant (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Make the audit log efficient to query, or the database tamper resistant (tooling-trusted-releases) via GitHub
• 2025/12/22 [I] Add commands to sign and verify artifacts (tooling-releases-client) via GitHub
• 2025/12/22 Re: [I] 'discuss thread' leading up to a release (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] 'discuss thread' leading up to a release (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Licence check (not RAT) does not use .rat-excludes? (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Licence check (not RAT) does not use .rat-excludes? (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] Resolve the design of emptiness and nullability for form types (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] syft SBOM generation doesn't populate license field (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] syft SBOM generation doesn't populate license field (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] exclude leading dir with archive name paths from failed license header checks (tooling-trusted-releases) via GitHub
• 2025/12/22 Re: [I] syft SBOM generation doesn't populate license field (tooling-trusted-releases) via GitHub
• 2025/12/21 Re: [I] Link from RAT check failure to local reproduction instructions (tooling-trusted-releases) via GitHub
• 2025/12/21 Re: [PR] Add RAT reproduction steps to task docs (tooling-trusted-releases) via GitHub
• 2025/12/21 Re: [PR] Add RAT reproduction steps to task docs (tooling-trusted-releases) via GitHub
• 2025/12/21 Re: Is dist.apache.org being replaces? Dave Fisher
• 2025/12/21 Re: [I] Allow error check results to be turned into a TODO list (tooling-trusted-releases) via GitHub
• 2025/12/20 Re: Is dist.apache.org being replaces? sebb
• 2025/12/20 Re: Is dist.apache.org being replaces? Craig Russell
• 2025/12/20 Re: Is dist.apache.org being replaces? sebb
• 2025/12/20 Re: [I] Licence check (not RAT) does not use .rat-excludes? (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: Is dist.apache.org being replaces? Greg Stein
• 2025/12/19 Re: [I] Licence check (not RAT) does not use .rat-excludes? (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: [I] Allow error check results to be turned into a TODO list (tooling-trusted-releases) via GitHub
• 2025/12/19 [I] Allow error check results to be turned into a TODO list (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: [I] Should convenience packages be rat-checked (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: [I] Allow users to configure between lightweight and RAT checks (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: [I] Licence check (not RAT) does not use .rat-excludes? (tooling-trusted-releases) via GitHub
• 2025/12/19 [I] Allow users to configure between lightweight and RAT checks (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: [I] exclude leading dir with archive name paths from failed license header checks (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: [PR] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: [I] Make email templating much clearer to users (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: [I] Prioritise SHA512, and allow signature corroborated generation (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: [I] Add a tutorial explaining how to sign artifacts using OpenPGP (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: [I] Add a tutorial explaining how to sign artifacts using OpenPGP (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: [I] Add a tutorial explaining how to sign artifacts using OpenPGP (tooling-trusted-releases) via GitHub
• 2025/12/19 [I] Add a tutorial explaining how to sign artifacts using OpenPGP (tooling-trusted-releases) via GitHub
• 2025/12/19 [I] Consider Sigstore or other alternatives to local signing (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: [I] Document how to provide a groupId for Maven (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: [I] Prioritise SHA512, and allow signature corroborated generation (tooling-trusted-releases) via GitHub
• 2025/12/19 [I] Disable the announce button until confirm is clicked (tooling-trusted-releases) via GitHub
• 2025/12/19 [I] Add a directory creation hint to the file management interface (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 [I] Make email templating much clearer to users (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: Is dist.apache.org being replaces? Craig Russell
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 [I] Document how to provide a groupId for Maven (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: [I] syft SBOM generation doesn't populate license field (tooling-trusted-releases) via GitHub
• 2025/12/19 [GH] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/19 Re: [I] syft SBOM generation doesn't populate license field (tooling-trusted-releases) via GitHub
• 2025/12/19 [I] syft SBOM generation doesn't populate license field (tooling-trusted-releases) via GitHub
• 2025/12/19 [I] Prioritise SHA512, and allow signature corroborated generation (tooling-trusted-releases) via GitHub
• 2025/12/19 [PR] Update outdated tool scanners and add ATR tool metadata to the SBOM (tooling-trusted-releases) via GitHub
• 2025/12/18 Re: Is dist.apache.org being replaces? Greg Stein
• 2025/12/18 Re: Is dist.apache.org being replaces? Greg Stein
• 2025/12/18 Re: Is dist.apache.org being replaces? Craig Russell
• 2025/12/18 Re: Is dist.apache.org being replaces? Dave Fisher
• 2025/12/18 [PR] Add RAT reproduction steps to task docs (tooling-trusted-releases) via GitHub
• 2025/12/18 Re: Is dist.apache.org being replaces? sebb
• 2025/12/18 [I] paths for failed license header checks include leading dir with archive name (tooling-trusted-releases) via GitHub
• 2025/12/18 [I] Automatically exclude `.min.js` and other generated files from RAT checks (tooling-trusted-releases) via GitHub
• 2025/12/18 Re: [PR] SBOM vulnerability and report updates (tooling-trusted-releases) via GitHub
• 2025/12/18 Re: [I] Not visible progress when you upload files (tooling-trusted-releases) via GitHub
• 2025/12/18 Re: [I] Not visible progress when you upload files (tooling-trusted-releases) via GitHub
• 2025/12/18 Re: [I] Not visible progress when you upload files (tooling-trusted-releases) via GitHub
• 2025/12/18 Re: Is dist.apache.org being replaces? Dave Fisher
• 2025/12/18 Re: Is dist.apache.org being replaces? sebb
• 2025/12/18 [PR] SBOM vulnerability and report updates (tooling-trusted-releases) via GitHub
• 2025/12/18 Re: Is dist.apache.org being replaces? Craig Russell
• 2025/12/18 Re: Is dist.apache.org being replaces? Dave Fisher
• 2025/12/17 Is dist.apache.org being replaces? Craig Russell
• 2025/12/17 Re: [I] Evaluate ASVS v5.0.0 compliance: server side execution (tooling-trusted-releases) via GitHub
• 2025/12/17 Re: [I] Evaluate ASVS v5.0.0 compliance: server side execution (tooling-trusted-releases) via GitHub
• 2025/12/17 Re: [I] Choose how to distinguish files for uploading to third party platforms (tooling-trusted-releases) via GitHub
• 2025/12/16 Re: [I] Release policy improvements for ATR (tooling-trusted-releases) via GitHub
• 2025/12/16 Re: [I] Release policy improvements for ATR (tooling-trusted-releases) via GitHub
• 2025/12/16 Re: [I] Release policy improvements for ATR (tooling-trusted-releases) via GitHub
• 2025/12/16 Re: [I] Release policy improvements for ATR (tooling-trusted-releases) via GitHub
• 2025/12/16 Re: [I] Evaluate ASVS v5.0.0 compliance: server side execution (tooling-trusted-releases) via GitHub
• 2025/12/16 Re: [I] Document the scope of ATR (tooling-trusted-releases) via GitHub
• 2025/12/16 [I] Choose how to distinguish files for uploading to third party platforms (tooling-trusted-releases) via GitHub
• 2025/12/16 [I] Document the scope of ATR (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [I] Evaluate endoflife.date (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [I] Ensure that JS packages are installed using recommended security practices (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [I] We should add `Hadolint` a Dockerfile linter, validate inline bash, written in Haskell (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [I] We should add `Hadolint` a Dockerfile linter, validate inline bash, written in Haskell (tooling-trusted-releases) via GitHub
• 2025/12/15 [I] Add a new class of check outcome that cannot be ignored (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [PR] SBOM report updates (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [PR] SBOM report updates (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [I] Fix how SBOMs are generated (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [I] Fix how SBOMs are generated (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [PR] Docker build improvements (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [PR] Docker build improvements (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [PR] Docker build improvements (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [PR] Docker build improvements (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [PR] Docker build improvements (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [I] Add SBOM generation for ZIP files (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [I] Add SBOM generation for ZIP files (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [I] Ensure that JS packages are installed using recommended security practices (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [I] Add SBOM generation for ZIP files (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [I] Fix how SBOMs are generated (tooling-trusted-releases) via GitHub
• 2025/12/15 Re: [PR] Docker build improvements (tooling-trusted-releases) via GitHub
• 2025/12/15 [PR] Docker build improvements (tooling-trusted-releases) via GitHub
• 2025/12/12 Re: [I] Evaluate ASVS v5.0.0 compliance: server side execution (tooling-trusted-releases) via GitHub
• 2025/12/12 Re: [I] Evaluate ASVS v5.0.0 compliance: server side execution (tooling-trusted-releases) via GitHub
• 2025/12/12 Re: [I] Evaluate ASVS v5.0.0 compliance: server side execution (tooling-trusted-releases) via GitHub
• 2025/12/12 Re: [I] Get admin users from Infra and Tooling LDAP groups (tooling-trusted-releases) via GitHub
• 2025/12/12 Re: [I] Get admin users from Infra and Tooling LDAP groups (tooling-trusted-releases) via GitHub
• 2025/12/12 Re: [I] Evaluate ASVS v5.0.0 compliance: server side execution (tooling-trusted-releases) via GitHub
• 2025/12/12 Re: [I] Fix how SBOMs are generated (tooling-trusted-releases) via GitHub
• 2025/12/12 Re: [I] Fix how SBOMs are generated (tooling-trusted-releases) via GitHub
• 2025/12/12 [I] Add SBOM generation for ZIP files (tooling-trusted-releases) via GitHub
• 2025/12/12 [GH] SBOM report updates (tooling-trusted-releases) via GitHub
• 2025/12/12 [GH] SBOM report updates (tooling-trusted-releases) via GitHub
• 2025/12/11 Re: [PR] Wait for SBOM task to complete before continuing with revision (tooling-trusted-releases) via GitHub
• 2025/12/11 Re: [I] Fix how SBOMs are generated (tooling-trusted-releases) via GitHub
• 2025/12/11 [PR] Wait for SBOM task to complete before continuing with revision (tooling-trusted-releases) via GitHub
• 2025/12/11 Re: [I] Evaluate ASVS v5.0.0 compliance: brute force identification (tooling-trusted-releases) via GitHub
• 2025/12/11 Re: [I] Fix how SBOMs are generated (tooling-trusted-releases) via GitHub
• 2025/12/11 [I] Fix how SBOMs are generated (tooling-trusted-releases) via GitHub
• 2025/12/11 [PR] SBOM report updates (tooling-trusted-releases) via GitHub
• 2025/12/11 Re: [I] Evaluate ASVS v5.0.0 compliance: brute force identification (tooling-trusted-releases) via GitHub

• Earlier messages
• Later messages