dev
Thread
Date
Earlier messages
Later messages
Messages by Date
2026/04/13
[I] Do not allow first round podling votes to be sent to private lists (tooling-trusted-releases)
via GitHub
2026/04/13
Re: [I] Send form validation errors through the database, not through flash cookies (tooling-trusted-releases)
via GitHub
2026/04/13
[I] Send form validation errors through the database, not through flash cookies (tooling-trusted-releases)
via GitHub
2026/04/13
[I] Hard link files in the incubator directory for podling releases (tooling-trusted-releases)
via GitHub
2026/04/13
[I] Tabulate votes from the IPMC in the second podling vote round only (tooling-trusted-releases)
via GitHub
2026/04/13
Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases)
via GitHub
2026/04/13
[I] Document when second round podling votes can be held on `general@` (tooling-trusted-releases)
via GitHub
2026/04/13
Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases)
via GitHub
2026/04/13
Re: [I] Thread ID Parameter Lacks Format Validation Before Server-Side Request (tooling-trusted-releases)
via GitHub
2026/04/13
Re: [I] API Models Lack Cross-Field Contextual Validation (tooling-trusted-releases)
via GitHub
2026/04/12
Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases)
via GitHub
2026/04/11
Re: [I] API Models Lack Cross-Field Contextual Validation (tooling-trusted-releases)
via GitHub
2026/04/11
Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases)
via GitHub
2026/04/11
Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases)
via GitHub
2026/04/11
Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases)
via GitHub
2026/04/11
[I] Add SWHID identifiers for release verification (tooling-trusted-releases)
via GitHub
2026/04/11
Re: [I] Full Email Content Logged at INFO Level (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [PR] Invalidate SSH keys (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Vote Tabulation Authorization Check Commented Out (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] ldap.is_active() Returns True When LDAP Is Unconfigured (Fail-Open) (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] ldap.is_active() Returns True When LDAP Is Unconfigured (Fail-Open) (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Unbounded Directory Traversal and File Hashing in Signature Provenance Endpoint (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Unbounded Directory Traversal and File Hashing in Signature Provenance Endpoint (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] No Session Termination After SSH Key Changes (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] No Session Termination After SSH Key Changes (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] MFA OAuth logins fail for developers without LDAP credentials (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] MFA OAuth logins fail for developers without LDAP credentials (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [PR] Invalidate SSH keys (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] MFA OAuth logins fail for developers without LDAP credentials (tooling-trusted-releases)
via GitHub
2026/04/10
[I] MFA OAuth logins fail for developers without LDAP credentials (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] No Session Termination After SSH Key Changes (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Web-Issued JWTs Cannot Be Revoked and Survive PAT Deletion (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Web-Issued JWTs Cannot Be Revoked and Survive PAT Deletion (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Remove the ability to generate test JWT tokens (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] ATR JWTs Lack Explicit Token Type Identification (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Full Email Content Logged at INFO Level (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] rsync Subprocess Execution Without Timeout (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] rsync Subprocess Execution Without Timeout (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Distribution Operations Have No Audit Logging (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] API JWT Creation Endpoint Missing Cache-Control Header (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] API JWT Creation Endpoint Missing Cache-Control Header (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Admin Token Revocation Does Not Terminate User Web Sessions (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Admin Token Revocation Does Not Terminate User Web Sessions (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Admin Token Revocation Does Not Terminate User Web Sessions (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] SSH server lacks brute force protection (tooling-trusted-releases)
via GitHub
2026/04/10
[GH] Invalidate SSH keys (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] SSH Host Key Generated with RSA 2048-bit (~112 bits of security) (tooling-trusted-releases)
via GitHub
2026/04/10
[I] Remove the ability to generate test JWT tokens (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Remove the ability to generate test JWT tokens (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] No Session Termination After PAT Deletion or Creation (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] No Session Termination After PAT Deletion or Creation (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] No Session Termination After PAT Deletion or Creation (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] No Automatic Credential Revocation on Account Disable (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] No Session Termination After PAT Deletion or Creation (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] In-Memory Hash Function Could Process Unbounded Data (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] In-Memory Hash Function Could Process Unbounded Data (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Setup svn credentials to commit to dist/release (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] SSH Interface Lacks Rate Limiting for Write Operations (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [PR] #1003 - add rate limiting to SSH connections (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Git Clone Operations Without Network Timeout (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Implement server-side session store to enable session revocation (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [PR] Store session data in the server (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Implement server-side session store to enable session revocation (tooling-trusted-releases)
via GitHub
2026/04/10
Re: [I] Setup svn credentials to commit to dist/release (tooling-trusted-releases)
via GitHub
2026/04/10
[GH] Store session data in the server (tooling-trusted-releases)
via GitHub
2026/04/10
[GH] Store session data in the server (tooling-trusted-releases)
via GitHub
2026/04/10
[GH] Store session data in the server (tooling-trusted-releases)
via GitHub
2026/04/10
[GH] Store session data in the server (tooling-trusted-releases)
via GitHub
2026/04/10
[GH] Store session data in the server (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Full Email Content Logged at INFO Level (tooling-trusted-releases)
via GitHub
2026/04/09
[PR] Store session data in the server (tooling-trusted-releases)
via GitHub
2026/04/09
[I] API to list PMCs approved for CI staging (tooling-trusted-releases)
via GitHub
2026/04/09
[GH] #1003 - add rate limiting to SSH connections (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] JWT TTL Documentation Discrepancy (30 Minutes Actual vs 90 Minutes Documented) (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] JWT TTL Documentation Discrepancy (30 Minutes Actual vs 90 Minutes Documented) (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] JWT TTL Documentation Discrepancy (30 Minutes Actual vs 90 Minutes Documented) (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Swagger UI and OpenAPI Specification Publicly Accessible (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Discuss how we handle private mailing list votes in the security model (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Full Email Content Logged at INFO Level (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Vote Policy Form Bypasses Minimum Hours Range Check (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Vote Duration Not Validated Against Release Policy Minimum (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Vote Duration Not Validated Against Release Policy Minimum (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Unsandboxed render_string_sync API Allows Arbitrary Jinja2 Template Compilation (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Vote Policy Form Bypasses Minimum Hours Range Check (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Vote Policy Form Bypasses Minimum Hours Range Check (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Debug print() Bypasses Structured Logging (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [PR] Use the debug print format that is used throughout osv.py (tooling-trusted-releases)
via GitHub
2026/04/09
[I] Add logging framework to SBOM CLI (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [PR] Use the debug print format that is used throughout osv.py (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Debug print() Bypasses Structured Logging (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [PR] Use the debug print format that is used throughout osv.py (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Unbounded Directory Traversal and File Hashing in Signature Provenance Endpoint (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Git Clone Operations Without Network Timeout (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [PR] Use the debug print format that is used throughout osv.py (tooling-trusted-releases)
via GitHub
2026/04/09
[PR] Use the debug print format that is used throughout osv.pysv (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Unsandboxed render_string_sync API Allows Arbitrary Jinja2 Template Compilation (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Unsandboxed render_string_sync API Allows Arbitrary Jinja2 Template Compilation (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] No Validation of Uploaded OpenPGP Key Cryptographic Strength (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Archive Extraction Size Tracking Reset by Metadata Files (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Git Clone Operations Without Network Timeout (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Git Clone Operations Without Network Timeout (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Git Clone Operations Without Network Timeout (tooling-trusted-releases)
via GitHub
2026/04/09
[PR] #1003 - add rate limiting to SSH connections (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Git Clone Operations Without Network Timeout (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] Thread Message Fetching Without Timeout or Concurrency Limit (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] OSV Vulnerability Scanning Has No HTTP Timeout (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] IDOR in Check Ignore Operations via Numeric ID (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [I] IDOR in Check Ignore Operations via Numeric ID (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [PR] Bump cryptography from 46.0.6 to 46.0.7 (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [PR] Bump cryptography from 46.0.6 to 46.0.7 (tooling-trusted-releases)
via GitHub
2026/04/09
Re: [PR] Bump cryptography from 46.0.6 to 46.0.7 (tooling-trusted-releases)
via GitHub
2026/04/09
[GH] Invalidate SSH keys (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Unbounded Distribution Status Check Loop (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Preserve the history of configuration options that affect attestations (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Consider moving the PubSub code to ASFQuart (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [PR] Auth audit log and user preferences (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Web-Based JWT Issuance Not Audit-Logged (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Document database cascades (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Projects VM track (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Document vhost configuration (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] PAT Validation Exceptions Return HTTP 500 Instead of 401 (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] No SVG Sanitization Library or Function Exists in Codebase (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Resolve security issues with Mermaid dependencies (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Admin User Impersonation Has No Audit Trail (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] No Validation of Uploaded OpenPGP Key Cryptographic Strength (tooling-trusted-releases)
via GitHub
2026/04/08
[PR] Bump cryptography from 46.0.6 to 46.0.7 (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Make the user interface clearer in the finish phase (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Document vhost configuration (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Research whether structured ASFQuart permissions can be used more widely in ATR (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Discuss upstreaming of certain components (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Archive Extraction Does Not Inspect or Sanitize SVG Files (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Projects VM track (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [PR] Adding docs for cascading (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Preserve the history of configuration options that affect attestations (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Allow error check results to be turned into a TODO list (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Study replacing repository.apache.org (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] API Models Accept Client-Submitted Identity Alongside JWT (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] SSH Authentication Success Not Logged (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [I] Resolve security issues with Mermaid dependencies (tooling-trusted-releases)
via GitHub
2026/04/08
[I] Resolve security issues with Mermaid (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [PR] Fix build-bootstrap by resolving ICU dependency for dart-sass (tooling-trusted-releases)
via GitHub
2026/04/08
Re: [PR] Fix build-bootstrap by resolving ICU dependency for dart-sass (tooling-trusted-releases)
via GitHub
2026/04/08
[PR] Auth audit log and user preferences (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] No Evidence of postMessage Origin Validation in Application (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] No Evidence of postMessage Origin Validation in Application (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] Unverifiable Session Cookie Write in atr.util (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] Unverifiable Session Cookie Write in atr.util (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] Client-Side JWT Display TypeScript Not Available for Complete Audit (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] Client-Side JWT Display TypeScript Not Available for Complete Audit (tooling-trusted-releases)
via GitHub
2026/04/07
[PR] Fix build-bootstrap by resolving ICU dependency for dart-sass (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [PR] Invalidate SSH keys (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] pre-commit: add `markdown-link-check` to check for dead links in Markdown files (tooling-docs)
via GitHub
2026/04/07
[I] Set a 14 day cooldown for npm packages in Dependabot (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [PR] Bump lodash-es and mermaid in /bootstrap/source (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [PR] Bump mermaid from 11.4.1 to 11.10.0 in /bootstrap/source (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [PR] Bump lodash-es and mermaid in /bootstrap/source (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [PR] Bump lodash-es and mermaid in /bootstrap/source (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [PR] Bump mermaid from 11.4.1 to 11.10.0 in /bootstrap/source (tooling-trusted-releases)
via GitHub
2026/04/07
[PR] Bump lodash-es and mermaid in /bootstrap/source (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] Unverifiable Session Cookie Write in atr.util (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] JWT TTL Documentation Inconsistency (tooling-trusted-releases)
via GitHub
2026/04/07
[PR] Bump mermaid from 11.4.1 to 11.10.0 in /bootstrap/source (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] Support Mermaid charts in the documentation pages (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [PR] Adding mermaid support (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [PR] Adding mermaid support (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [PR] Adding docs for cascading (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] Missing .dockerignore for Build Context Optimization (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] Missing .dockerignore for Build Context Optimization (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] Admin Pages Using web.ElementResponse() May Lack Logout Button (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [PR] Adding docs for cascading (tooling-trusted-releases)
via GitHub
2026/04/07
[PR] Adding mermaid support (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [PR] Bump virtualenv from 20.35.4 to 20.36.1 (tooling-docs)
via GitHub
2026/04/07
Re: [PR] Bump filelock from 3.20.0 to 3.20.3 (tooling-docs)
via GitHub
2026/04/07
Re: [PR] Bump pygments from 2.18.0 to 2.20.0 (tooling-docs)
via GitHub
2026/04/07
Re: [PR] Bump urllib3 from 2.5.0 to 2.6.3 (tooling-docs)
via GitHub
2026/04/07
Re: [PR] Bump requests from 2.32.5 to 2.33.0 (tooling-docs)
via GitHub
2026/04/07
Re: [PR] Bump pygments from 2.18.0 to 2.20.0 (tooling-docs)
via GitHub
2026/04/07
Re: [I] Update pre-commit lint to use uv and act on push (tooling-docs)
via GitHub
2026/04/07
Re: [PR] Bump filelock from 3.20.0 to 3.20.3 (tooling-docs)
via GitHub
2026/04/07
Re: [PR] Bump virtualenv from 20.35.4 to 20.36.1 (tooling-docs)
via GitHub
2026/04/07
Re: [PR] Bump urllib3 from 2.5.0 to 2.6.3 (tooling-docs)
via GitHub
2026/04/07
Re: [PR] Bump requests from 2.32.5 to 2.33.0 (tooling-docs)
via GitHub
2026/04/07
Re: [I] Provide clear instructions for running pre-check locally (tooling-docs)
via GitHub
2026/04/07
Re: [I] We could add a `Dependabot` config for `actions` updates (tooling-docs)
via GitHub
2026/04/07
Re: [PR] Bump filelock from 3.20.0 to 3.20.3 (tooling-docs)
via GitHub
2026/04/07
[I] Make build-bootstrap error (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] Unauthenticated /api/tasks/list Endpoint Exposes Internal Error Details (tooling-trusted-releases)
via GitHub
2026/04/07
[PR] Bump pygments from 2.18.0 to 2.20.0 (tooling-docs)
via GitHub
2026/04/07
[PR] Bump requests from 2.32.5 to 2.33.0 (tooling-docs)
via GitHub
2026/04/07
[PR] Bump virtualenv from 20.35.4 to 20.36.1 (tooling-docs)
via GitHub
2026/04/07
[PR] Bump urllib3 from 2.5.0 to 2.6.3 (tooling-docs)
via GitHub
2026/04/07
[PR] Bump filelock from 3.20.0 to 3.20.3 (tooling-docs)
via GitHub
2026/04/07
Re: [I] ALLOW_TESTS Flag Enables Complete Authentication Bypass in Production Worker (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] Admin Pages Using template.blank() May Lack Logout Button (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] ALLOW_TESTS Flag Enables Complete Authentication Bypass in Production Worker (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] API JWT Creation Endpoint Missing Cache-Control Header (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] Admin Pages Using template.blank() May Lack Logout Button (tooling-trusted-releases)
via GitHub
2026/04/07
Re: [I] Optional Safe-Type URL Parameters Bypass Validation (tooling-trusted-releases)
via GitHub
Earlier messages
Later messages