dev  

Messages by Date

• 2026/05/08 Re: [I] Ensure that a release can only be deleted or archived, and that the state is clear (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Allow release managers to be designated (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Beta track (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Ensure that a project can only be deleted or archived under certain conditions, and that the state is clear (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Ensure that Dependabot PRs are checked against the action allow list (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Ensure that Dependabot PRs are checked against the action allow list (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Infra documentation changes for the Release Manager role (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Infra documentation changes for Download pages (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Infra documentation additions to describe using ATR in release creation (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Incubator documentation for release management (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] FAQs on ATR for legal release policy (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Ensure that Dependabot PRs are checked against the action allow list (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Add release manager storage permissions (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Discuss integrations with ECMA standards (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Discuss upstreaming of certain components (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Improve session testing by using more realistic workflows (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Redirect a uniform release artifact url pattern into the ASF's preferred urls (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Keep the `atr.util` module organized and limited moving out like functionality (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Tidy test route blueprints (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Document reproducible builds, signing, SBOMs, and OpenSSF (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Add a "historical only" flag for outdated keys (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Tidy test route blueprints (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Document ATR disk layout and size requirements (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Study replacing repository.apache.org (tooling-trusted-releases) via GitHub
• 2026/05/08 [I] Link to file and line number in comment (tooling-agents) via GitHub
• 2026/05/08 Re: [I] Automatically delete unfinished releases (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Documents GitHub * workflow paths (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] pre-commit: we can add `checkmake` a linter for Makefiles. It scans Makefiles for potential issues based on configurable rules. (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Allow lightweight checks to skip files per archive (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Project cycle model (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Artifact catalog model (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Project reference metadata (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Project page reorganization (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Lifecycle event model (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Reorganize committee page (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Define yaml/json format api for project metadata, cycle, and policy settings (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Compose feature complete (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Vote feature complete (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Finish feature complete (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Project schema and models complete (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Update start release form to incorporate project cycles (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Swagger UI and OpenAPI Specification Publicly Accessible (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Committee release catalog schema and model complete (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Supporting the Erlang distribution channel (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] LDAP state in dev/debug/test modes and users (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Missing Centralized Documentation of Resource-Intensive Operations (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Sequential Template Substitution Allows Variable Injection in Email Templates (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Disallowed File Detection Occurs After Storage, Not At Upload Time (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] GPG detection (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Missing Authorization Documentation for Distribution/SSH/Keys/Policy/Project Operations (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] OAuth Client Does Not Request Explicit Scopes (Principle of Least Privilege) (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Swagger UI and OpenAPI Specification Publicly Accessible (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Session Cache Persists Sensitive Data Indefinitely Without TTL (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Unbounded Response Sizes on Multiple List Endpoints (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] No Documented Risk-Based Remediation Timeframes for Vulnerable Components (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] No Documented Update Timeframe for npm/Frontend Dependencies (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] No Update Timeframe or Monitoring for Dockerfile-Installed External Tools (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Syft Installed via Unverified Remote Script Execution (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] OSV API Unbounded Pagination and Detail Fetching (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Unbounded PGP Key Block Processing in Bulk Operations (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] No "Revoke All Tokens for ALL Users" Global Capability (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Principal Authorization Cache Lacks Purge for Inactive Users (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Set a 14 day cooldown for npm packages in Dependabot (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] General Library Update Timeframe Is Enforced but Undocumented as Policy (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Add logging framework to SBOM CLI (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Cover more types of archive in quarantine code (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Disallow phase transitions from any but the latest revision (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Work on the client before alpha3 (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Make compose and vote check result tables consistent (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Request feedback from users more prominently (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] During beta track (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Make email address selection in OpenPGP key generation clearer (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] The project settings page should be more prominent and better integrated (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Explain the consequences of OpenPGP committee association (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Change the navigation element on phase pages (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Add a vote mode for security releases (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Add committee metadata along with admin updates (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Incorrect license checks for non-code files (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Fix the Dependabot alert about uuid in Mermaid (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Incorrect complaint about dot files in a directory name (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Add improvements and enhancements for the Trusted Vote mode (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Add the option, on by default, to automatically resolve hybrid votes (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Introduce a `{{PROJECT_LABEL}}` template variable (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Add a contingent approvals vote system for arbitrary vote topics (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] The `Apache` prefix in project name (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Future parking lot (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Incorrect complaint about dot files in a directory name (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
• 2026/05/08 [I] Incorrect complaint about dot files in a directory name (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Add the option, on by default, to automatically resolve hybrid votes (tooling-trusted-releases) via GitHub
• 2026/05/08 [I] Audit calibration: model under-classifies Type B/C/D gaps when rubric mandates Critical (tooling-agents) via GitHub
• 2026/05/08 [I] Bundle agent writes empty/error stubs to CouchDB reports namespace (tooling-agents) via GitHub
• 2026/05/08 [I] Use CouchDB bulk APIs in `cleanStaleReports` and per-bundle storage (tooling-agents) via GitHub
• 2026/05/08 [I] Audit cache key doesn't invalidate on prompt changes (tooling-agents) via GitHub
• 2026/05/08 Re: [I] Add the option, on by default, to automatically resolve hybrid votes (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Add the option, on by default, to automatically resolve hybrid votes (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Session handling refactor (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] The project settings page should be more prominent and better integrated (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [PR] Draft PR for cycle UI (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Use a prefix for all secret tokens, and inform selected third party scanners (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Require the release manager to confirm that they are ignoring non-blocking errors (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [PR] Draft PR for cycle UI (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [PR] Draft PR for cycle UI (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [PR] Draft PR for cycle UI (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Make the vast majority of files compatible with `fix_order.sh`, and add to linting (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Use a prefix for all secret tokens, and inform selected third party scanners (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] The `Apache` prefix in project name (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Require the release manager to confirm that they are ignoring non-blocking errors (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Use a prefix for all secret tokens, and inform selected third party scanners (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Make the vast majority of files compatible with `fix_order.sh`, and add to linting (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Setup svn credentials to commit to dist/release (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Require the release manager to confirm that they are ignoring non-blocking errors (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Session handling refactor (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Allow lightweight checks to skip files per archive (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] All emails queried from LDAP on every vote tabulation (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Allow release managers to create special security releases (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] General Library Update Timeframe Is Enforced but Undocumented as Policy (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Consider moving the PubSub code to ASFQuart (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Pre-Release (Release Candidate) Dependency Used in Production (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Incorrect license checks for non-code files (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Make server startup more efficient (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] The `Apache` prefix in project name (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Count IPMC members' votes from a PPMC first round vote in the second round too (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Count IPMC members' votes from a PPMC first round vote in the second round too (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Handle missing committee logos with appropriate fallback (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Handle missing committee logos with appropriate fallback (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Handle missing committee logos with appropriate fallback (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Remind binding voters to vote through ATR in Trusted Vote mode (tooling-trusted-releases) via GitHub
• 2026/05/08 Re: [I] Remind binding voters to vote through ATR in Trusted Vote mode (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Ensure that a project can only be deleted or archived under certain conditions, and that the state is clear (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Deploy self hosted GitHub action runners for distribution workflows (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Prevent the reuse of detached session objects in database commit contexts (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Investigate remote promotion of artifacts on third party platforms (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Add explicit authentication level decorators for API endpoint functions (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Prevent the reuse of detached session objects in database commit contexts (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Investigate remote promotion of artifacts on third party platforms (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Prevent the reuse of detached session objects in database commit contexts (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Investigate remote promotion of artifacts on third party platforms (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Prevent the reuse of detached session objects in database commit contexts (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Investigate remote promotion of artifacts on third party platforms (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] The `Apache` prefix in project name (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] ASVS scan of airflow/task-sdk (tooling-agents) via GitHub
• 2026/05/07 Re: [I] Investigate scrutineer (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Investigate scrutineer (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [PR] Draft PR for cycle UI (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [PR] Api auth decorators 1169 (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Discuss integrations with ECMA standards (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Miscellaneous track (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Candidate phases track (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Candidate phases track (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [PR] Drop dsa_bits reference; rpgp-py 0.19.7 doesn't expose it (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [PR] Drop dsa_bits reference; rpgp-py 0.19.7 doesn't expose it (tooling-trusted-releases) via GitHub
• 2026/05/07 [PR] Drop dsa_bits reference; rpgp-py 0.19.7 doesn't expose it (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Add diffs between arbitrary revisions (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Allow viewing all checks for a single file across all revisions (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Let users view files as they were in any revision (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] [Discuss] Dependency release chains (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Add the ability to add zero or more CI reference URLs to the compose phase (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Allow viewing checks at any revision (tooling-trusted-releases) via GitHub
• 2026/05/07 [I] Future parking lot (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Allow error check results to be turned into a TODO list (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Allow error check results to be turned into a TODO list (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] The `Apache` prefix in project name (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] The `Apache` prefix in project name (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] ASVS scan of airflow/task-sdk (tooling-agents) via GitHub
• 2026/05/07 Re: [I] Require two approvals for important actions (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] The `Apache` prefix in project name (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] The `Apache` prefix in project name (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Add API endpoints for the Trusted Vote mode (tooling-trusted-releases) via GitHub
• 2026/05/07 [I] Add a contingent approvals vote system for arbitrary vote topics (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Add a contingent approvals vote system for arbitrary vote topics (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] ASVS scan of airflow/airflow-core (tooling-agents) via GitHub
• 2026/05/07 Re: [PR] Draft PR for cycle UI (tooling-trusted-releases) via GitHub
• 2026/05/07 [PR] Draft PR for cycle UI (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] ASVS scan of airflow/task-sdk (tooling-agents) via GitHub
• 2026/05/07 Re: [I] ASVS scan of airflow/airflow-core (tooling-agents) via GitHub
• 2026/05/07 Re: [I] Allow release managers to be notified by email when a vote ends (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Allow release managers to be notified by email when a vote ends (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [PR] Project cycle model - data models and initial CLE doc generation (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] ASVS scan of airflow/airflow-core (tooling-agents) via GitHub
• 2026/05/07 Re: [I] Allow release managers to be notified by email when a vote ends (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Add API endpoints for the Trusted Vote mode (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
• 2026/05/07 Re: [I] ASVS scan of airflow/airflow-core (tooling-agents) via GitHub
• 2026/05/06 Re: [I] ASVS scan of airflow/airflow-core (tooling-agents) via GitHub
• 2026/05/06 Re: [I] ASVS scan of airflow/airflow-core (tooling-agents) via GitHub
• 2026/05/06 Re: [I] ASVS scan of airflow/task-sdk (tooling-agents) via GitHub
• 2026/05/06 Re: [I] ASVS scan of airflow/task-sdk (tooling-agents) via GitHub
• 2026/05/06 [I] Audit produces zero Critical findings when severityThreshold is set; move filtering to consolidate phase (tooling-agents) via GitHub
• 2026/05/06 Re: [I] Projects to audit against ASVS (tooling-agents) via GitHub
• 2026/05/06 [I] ASVS scan of airflow/task-sdk (tooling-agents) via GitHub
• 2026/05/06 Re: [I] ASVS scan of airflow/airflow-core (tooling-agents) via GitHub
• 2026/05/06 [I] ASVS scan of airflow/airflow-core (tooling-agents) via GitHub
• 2026/05/06 [I] ASVS scan of gofannon (tooling-agents) via GitHub

• Earlier messages
• Later messages