dev  

Messages by Date

• 2026/01/29 Re: [I] Add easier methods to prevent check results from being cached (tooling-trusted-releases) via GitHub
• 2026/01/29 Re: [I] Add easier methods to prevent check results from being cached (tooling-trusted-releases) via GitHub
• 2026/01/29 Re: [PR] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/29 Re: [I] Root directory not matching ? Should we always use -source ? (tooling-trusted-releases) via GitHub
• 2026/01/29 Re: [I] Root directory not matching ? Should we always use -source ? (tooling-trusted-releases) via GitHub
• 2026/01/29 Re: [I] Litestream stream backups (tooling-trusted-releases) via GitHub
• 2026/01/29 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/29 Re: [I] Litestream stream backups (tooling-trusted-releases) via GitHub
• 2026/01/29 Re: [I] Ignore checks are ignored (tooling-trusted-releases) via GitHub
• 2026/01/29 Re: [I] Ignore checks are ignored (tooling-trusted-releases) via GitHub
• 2026/01/29 [I] Make check ignores apply per project, not per committee (tooling-trusted-releases) via GitHub
• 2026/01/29 Re: [I] Ignore checks are ignored (tooling-trusted-releases) via GitHub
• 2026/01/29 Re: [I] Committees where committers may release (tooling-trusted-releases) via GitHub
• 2026/01/29 [I] Add release manager storage permissions (tooling-trusted-releases) via GitHub
• 2026/01/29 Re: [PR] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/29 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/29 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/29 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/29 Re: [I] Allow release managers to be designated (tooling-trusted-releases) via GitHub
• 2026/01/29 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/29 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/29 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/29 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/29 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [PR] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/28 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/28 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/28 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/28 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/28 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] promote uploading via GHA (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Allow release managers to be designated (tooling-trusted-releases) via GitHub
• 2026/01/28 [I] Discuss refining permissions for uploading CI builds into ATR (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Allow release managers to be designated (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Allow release managers to be designated (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Promotion permissions for phase transitions and distributions (tooling-trusted-releases) via GitHub
• 2026/01/28 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Document how to provide a groupId for Maven (tooling-trusted-releases) via GitHub
• 2026/01/28 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Limit regex complexity in user-supplied ignore patterns (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Limit regex complexity in user-supplied ignore patterns (tooling-trusted-releases) via GitHub
• 2026/01/28 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/28 [GH] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Ensure that Dependabot PRs are checked against the action allow list (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Sanitize email header values against CRLF injection (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Document how to provide a groupId for Maven (tooling-trusted-releases) via GitHub
• 2026/01/28 [PR] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Document how to provide a groupId for Maven (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Document how to provide a groupId for Maven (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Ensure that Dependabot PRs are checked against the action allow list (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Sanitize email header values against CRLF injection (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Sanitize email header values against CRLF injection (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Document how to provide a groupId for Maven (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Document how to provide a groupId for Maven (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Document how to provide a groupId for Maven (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Sanitize email header values against CRLF injection (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Sanitize email header values against CRLF injection (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Allow files to be excluded on upload (tooling-actions) via GitHub
• 2026/01/28 Re: [I] Ensure that Dependabot PRs are checked against the action allow list (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Allow files to be excluded on upload (tooling-actions) via GitHub
• 2026/01/28 [I] Detect `npm pack` output and allow `package/` as its root directory (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Implement RAO / Maven connectivity (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [PR] Limit archive member count to prevent zip bomb attacks (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [PR] Limit archive member count to prevent zip bomb attacks (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [PR] Limit archive member count to prevent zip bomb attacks (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [PR] Bump biomejs/setup-biome from 2.6.0 to 2.7.0 (tooling-trusted-releases) via GitHub
• 2026/01/28 [I] Ensure that Dependabot PRs are checked against the action allow list (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Implement RAO / Maven connectivity (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Limit archive member count to prevent zip bomb attacks (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [PR] Limit archive member count to prevent zip bomb attacks (tooling-trusted-releases) via GitHub
• 2026/01/28 [GH] Limit archive member count to prevent zip bomb attacks (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Allow files to be excluded on upload (tooling-actions) via GitHub
• 2026/01/28 Re: [I] Implement RAO / Maven connectivity (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [PR] Bump biomejs/setup-biome from 2.6.0 to 2.7.0 (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Create centralized HTTP client with explicit TLS configuration (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Create centralized HTTP client with explicit TLS configuration (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Allow files to be excluded on upload (tooling-actions) via GitHub
• 2026/01/28 Re: [I] Enforce absolute maximum session lifetime for web sessions (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [PR] Bump actions/checkout from 6.0.1 to 6.0.2 (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [PR] Bump actions/cache from 5.0.1 to 5.0.2 (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [PR] feat(security): centralize secure HTTP sessions and enforce TLS 1.2+ … (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [PR] feat(security): centralize secure HTTP sessions and enforce TLS 1.2+ … (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Task resource limits do not work consistently between architectures (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [I] Task resource limits do not work consistently between architectures (tooling-trusted-releases) via GitHub
• 2026/01/28 Re: [PR] Bump biomejs/setup-biome from 2.6.0 to 2.7.0 (tooling-trusted-releases) via GitHub
• 2026/01/27 [PR] Limit archive member count to prevent zip bomb attacks (tooling-trusted-releases) via GitHub
• 2026/01/27 [I] Sanitize email header values against CRLF injection (tooling-trusted-releases) via GitHub
• 2026/01/27 [I] Limit archive member count to prevent zip bomb attacks (tooling-trusted-releases) via GitHub
• 2026/01/27 [I] Validate against CR/LF characters in HTTP header values (tooling-trusted-releases) via GitHub
• 2026/01/27 [I] Apply URL encoding to query parameters and paths (tooling-trusted-releases) via GitHub
• 2026/01/27 [I] Validate release workflow phase before operations (tooling-trusted-releases) via GitHub
• 2026/01/27 [I] Limit regex complexity in user-supplied ignore patterns (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [I] Add project-level authorization to /published/ endpoint (tooling-trusted-releases) via GitHub
• 2026/01/27 [I] Invalidate all PATs when user account is disabled (tooling-trusted-releases) via GitHub
• 2026/01/27 [I] Add project-level authorization to /published/ endpoint (tooling-trusted-releases) via GitHub
• 2026/01/27 [I] Enforce absolute maximum session lifetime for web sessions (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [I] Ensure that `TimeoutError: SSL shutdown timed out` do not happen or are not logged (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [I] Ensure that `TimeoutError: SSL shutdown timed out` do not happen or are not logged (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [PR] Clean up SSL shutdown noise in logs (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [PR] Clean up SSL shutdown noise in logs (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [I] Allow files to be excluded on upload (tooling-actions) via GitHub
• 2026/01/27 Re: [I] Allow files to be excluded on upload (tooling-actions) via GitHub
• 2026/01/27 Re: [I] Litestream stream backups (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [I] Litestream stream backups (tooling-trusted-releases) via GitHub
• 2026/01/27 [I] Allow files to be excluded on upload (tooling-actions) via GitHub
• 2026/01/27 Re: [I] Read enisa sbom landscape analysis (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [I] Create centralized HTTP client with explicit TLS configuration (tooling-trusted-releases) via GitHub
• 2026/01/27 [PR] feat(security): centralize secure HTTP sessions and enforce TLS 1.2+ … (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [PR] Bump biomejs/setup-biome from 2.6.0 to 2.7.0 (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [I] Allow different authentication methods on a single endpoint (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [I] Allow different authentication methods on a single endpoint (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [I] Block announcing a release if tagged distributions have not yet been done (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [I] Enable CPU and memory limits for worker processes (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [I] Enable CPU and memory limits for worker processes (tooling-trusted-releases) via GitHub
• 2026/01/27 Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Create centralized HTTP client with explicit TLS configuration (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [PR] Bump biomejs/setup-biome from 2.6.0 to 2.7.0 (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Guardrails for linting intentionally unused variables (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Guardrails for linting intentionally unused variables (tooling-trusted-releases) via GitHub
• 2026/01/26 [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [PR] Bump biomejs/setup-biome from 2.6.0 to 2.7.0 (tooling-trusted-releases) via GitHub
• 2026/01/26 [PR] Bump biomejs/setup-biome from 2.6.0 to 2.7.0 (tooling-trusted-releases) via GitHub
• 2026/01/26 [PR] Bump actions/checkout from 6.0.1 to 6.0.2 (tooling-trusted-releases) via GitHub
• 2026/01/26 [PR] Bump actions/cache from 5.0.1 to 5.0.2 (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Promotion permissions for phase transitions and distributions (tooling-trusted-releases) via GitHub
• 2026/01/26 [I] Litestream stream backups (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Create centralized HTTP client with explicit TLS configuration (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Escape database values before writing to database (tooling-trusted-releases) via GitHub
• 2026/01/26 [I] Guardrails for linting intentionally unused variables (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Create centralized HTTP client with explicit TLS configuration (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Ensure that `TimeoutError: SSL shutdown timed out` do not happen or are not logged (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Regression: in dev mode no ldap connection means no admin functions (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Regression: in dev mode no ldap connection means no admin functions (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Regression: in dev mode no ldap connection means no admin functions (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Escape database values before writing to database (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Make checklist URLs consistent with the corresponding model (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Make checklist URLs consistent with the corresponding model (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [PR] fix(security): implement centralized type-safe escaping for template substitutions (#554) (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [PR] fix(security): implement centralized type-safe escaping for template substitutions (#554) (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [PR] fix(security): implement centralized type-safe escaping for template substitutions (#554) (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Escape database values before writing to database (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Regression: in dev mode no ldap connection means no admin functions (tooling-trusted-releases) via GitHub
• 2026/01/26 [I] Regression: in dev mode no ldap connection means no admin functions (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Ensure that `TimeoutError: SSL shutdown timed out` do not happen or are not logged (tooling-trusted-releases) via GitHub
• 2026/01/26 [PR] fix(security): implement centralized type-safe escaping for template substitutions (#554) (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Make checklist URLs consistent with the corresponding model (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Create centralized HTTP client with explicit TLS configuration (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Enable CPU and memory limits for worker processes (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Escape database values before writing to database (tooling-trusted-releases) via GitHub
• 2026/01/26 [I] Make checklist URLs consistent with the corresponding model (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [PR] fix(security): centralize escaping for template substitutions (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [PR] fix(security): centralize escaping for template substitutions (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Escape database values before writing to database (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Create centralized HTTP client with explicit TLS configuration (tooling-trusted-releases) via GitHub
• 2026/01/26 [PR] fix(security): centralize escaping for template substitutions (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Escape database values before writing to database (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Implement log injection prevention (tooling-trusted-releases) via GitHub
• 2026/01/26 Re: [I] Implement log injection prevention (tooling-trusted-releases) via GitHub
• 2026/01/25 Re: [I] /api/project/releases/{name} should return 404 for non-existent project (tooling-trusted-releases) via GitHub
• 2026/01/24 Re: [I] Improve error reporting when /resolve/tabulated data is unavailable (tooling-trusted-releases) via GitHub
• 2026/01/24 Re: [I] Ensure that `TimeoutError: SSL shutdown timed out` do not happen or are not logged (tooling-trusted-releases) via GitHub
• 2026/01/24 [PR] Clean up SSL shutdown noise in logs (tooling-trusted-releases) via GitHub
• 2026/01/24 Re: Poetry in BAT, uv in ATR: should these continue to differ? Sean Palmer
• 2026/01/24 Re: Poetry in BAT, uv in ATR: should these continue to differ? tison
• 2026/01/24 Poetry in BAT, uv in ATR: should these continue to differ? sebb
• 2026/01/23 Re: [I] Ensure that `TimeoutError: SSL shutdown timed out` do not happen or are not logged (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Setup projects vm for development (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Ensure that `TimeoutError: SSL shutdown timed out` do not happen or are not logged (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Setup projects vm for development (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Read enisa sbom landscape analysis (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Read enisa sbom landscape analysis (tooling-trusted-releases) via GitHub
• 2026/01/23 [I] Read enisa sbom landscape analysis (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Consider allowing different authentication methods on a single endpoint (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Update `notes` (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Consider improving logging (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Update `notes` (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Preserve the history of configuration options that affect attestations (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Consider improving logging (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Ensure that `TimeoutError: SSL shutdown timed out` do not happen or are not logged (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Ensure that `TimeoutError: SSL shutdown timed out` do not happen or are not logged (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Implement rate limiting on authentication endpoints (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Implement rate limiting on authentication endpoints (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Implement rate limiting on authentication endpoints (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Implement rate limiting on authentication endpoints (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Implement rate limiting on authentication endpoints (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Implement rate limiting on authentication endpoints (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Implement rate limiting on authentication endpoints (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [PR] fixed issue 477 (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Implement file type/content validation for uploads (tooling-trusted-releases) via GitHub
• 2026/01/23 Re: [I] Implement rate limiting on authentication endpoints (tooling-trusted-releases) via GitHub

• Earlier messages
• Later messages