dev  

Messages by Date

• 2026/04/30 Re: [I] Compression of inputs (tooling-agents) via GitHub
• 2026/04/30 Re: [I] Refactor prompts (tooling-agents) via GitHub
• 2026/04/30 [I] Compression of inputs (tooling-agents) via GitHub
• 2026/04/29 [I] Refactor prompts (tooling-agents) via GitHub
• 2026/04/29 Re: [I] Set a 14 day cooldown for npm packages in Dependabot (tooling-trusted-releases) via GitHub
• 2026/04/29 Re: [I] Discuss how we handle private mailing list votes in the security model (tooling-trusted-releases) via GitHub
• 2026/04/29 [I] Investigate scrutineer (tooling-trusted-releases) via GitHub
• 2026/04/29 Re: [PR] Bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (tooling-releases-client) via GitHub
• 2026/04/29 Re: [PR] Bump actions/upload-artifact from 7.0.0 to 7.0.1 (tooling-releases-client) via GitHub
• 2026/04/29 Re: [PR] Bump actions/cache from 5.0.4 to 5.0.5 (tooling-releases-client) via GitHub
• 2026/04/29 Re: [PR] Bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (tooling-trusted-releases) via GitHub
• 2026/04/28 Re: [I] API to list PMCs approved for CI staging (tooling-trusted-releases) via GitHub
• 2026/04/28 [I] Add committee metadata along with admin updates (tooling-trusted-releases) via GitHub
• 2026/04/28 Re: [PR] Adding endpoint to list projects using CI staging (tooling-trusted-releases) via GitHub
• 2026/04/28 Re: [PR] Adding endpoint to list projects using CI staging (tooling-trusted-releases) via GitHub
• 2026/04/28 [PR] Bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (tooling-trusted-releases) via GitHub
• 2026/04/28 [GH] Api auth decorators 1169 (tooling-trusted-releases) via GitHub
• 2026/04/28 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
• 2026/04/28 Re: [I] Allow private vote threads to be tallied (tooling-trusted-releases) via GitHub
• 2026/04/28 [I] Add a vote mode for security releases (tooling-trusted-releases) via GitHub
• 2026/04/28 Re: [I] Allow private vote threads to be tallied (tooling-trusted-releases) via GitHub
• 2026/04/28 [PR] Api auth decorators 1169 (tooling-trusted-releases) via GitHub
• 2026/04/28 [I] Fix bugs associated with the manual voting mode (tooling-trusted-releases) via GitHub
• 2026/04/28 Re: [I] Migrate from pgpy to rpgp-py (tooling-trusted-releases) via GitHub
• 2026/04/28 Re: [I] Migrate from pgpy to rpgp-py (tooling-trusted-releases) via GitHub
• 2026/04/27 [PR] Bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (tooling-actions) via GitHub
• 2026/04/27 [PR] Bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (tooling-releases-client) via GitHub
• 2026/04/27 Re: [I] Anonymous emails come back from lists.a.o (tooling-trusted-releases) via GitHub
• 2026/04/27 Re: [I] Anonymous emails come back from lists.a.o (tooling-trusted-releases) via GitHub
• 2026/04/27 Re: [I] Record votes in the database (tooling-trusted-releases) via GitHub
• 2026/04/27 Re: [I] Record votes in the database (tooling-trusted-releases) via GitHub
• 2026/04/27 [I] Add a vote mode where binding votes must be cast through ATR (tooling-trusted-releases) via GitHub
• 2026/04/27 Re: [I] Set a 14 day cooldown for npm packages in Dependabot (tooling-trusted-releases) via GitHub
• 2026/04/27 Re: [I] Set a 14 day cooldown for npm packages in Dependabot (tooling-trusted-releases) via GitHub
• 2026/04/27 Re: [I] Migrate from pgpy to rpgp-py (tooling-trusted-releases) via GitHub
• 2026/04/27 Re: [I] A sources JAR was not detected as source by the classifier (tooling-trusted-releases) via GitHub
• 2026/04/27 Re: [I] A sources JAR was not detected as source by the classifier (tooling-trusted-releases) via GitHub
• 2026/04/27 Re: [I] Migrate from pgpy to rpgp-py (tooling-trusted-releases) via GitHub
• 2026/04/27 Re: [I] Migrate from pgpy to rpgp-py (tooling-trusted-releases) via GitHub
• 2026/04/24 Re: [I] Whole release check results are omitted in the vote table (tooling-trusted-releases) via GitHub
• 2026/04/24 Re: [I] Whole release check results are omitted in the vote table (tooling-trusted-releases) via GitHub
• 2026/04/24 Re: [I] Whole release check results are omitted in the vote table (tooling-trusted-releases) via GitHub
• 2026/04/24 Re: [I] Whole release check results are omitted in the vote table (tooling-trusted-releases) via GitHub
• 2026/04/24 Re: [I] The project settings page should be more prominent and better integrated (tooling-trusted-releases) via GitHub
• 2026/04/24 Re: [I] The output of the standard sha512 tool is rejected by checks (tooling-trusted-releases) via GitHub
• 2026/04/24 Re: [I] Explain the consequences of OpenPGP committee association (tooling-trusted-releases) via GitHub
• 2026/04/24 Re: [I] Allow uploading an OpenPGP key as a file (tooling-trusted-releases) via GitHub
• 2026/04/24 Re: [I] Make email address selection in OpenPGP key generation clearer (tooling-trusted-releases) via GitHub
• 2026/04/24 Re: [I] After a failed upload, the upload form is only available through a refresh (tooling-trusted-releases) via GitHub
• 2026/04/24 Re: [I] Request timeout when uploading multiple files (tooling-trusted-releases) via GitHub
• 2026/04/24 [I] Allow release managers to be notified by email when a vote ends (tooling-trusted-releases) via GitHub
• 2026/04/24 [I] Whole release check results are omitted in the vote table (tooling-trusted-releases) via GitHub
• 2026/04/24 [I] Change the navigation element on phase pages (tooling-trusted-releases) via GitHub
• 2026/04/24 [I] The project settings page should be more prominent and better integrated (tooling-trusted-releases) via GitHub
• 2026/04/24 [I] The output of the standard sha512 tool is rejected by checks (tooling-trusted-releases) via GitHub
• 2026/04/24 [I] SHA-512 generation failed despite a valid signature (tooling-trusted-releases) via GitHub
• 2026/04/24 [I] Explain the consequences of OpenPGP committee association (tooling-trusted-releases) via GitHub
• 2026/04/24 [I] Allow uploading an OpenPGP key as a file (tooling-trusted-releases) via GitHub
• 2026/04/24 [I] Make email address selection in OpenPGP key generation clearer (tooling-trusted-releases) via GitHub
• 2026/04/24 [I] A sources JAR was not detected as source by the classifier (tooling-trusted-releases) via GitHub
• 2026/04/24 [I] After a failed upload, the upload form is only available through a refresh (tooling-trusted-releases) via GitHub
• 2026/04/24 [I] Request timeout when uploading multiple files (tooling-trusted-releases) via GitHub
• 2026/04/24 Re: [I] Migrate from pgpy to rpgp-py (tooling-trusted-releases) via GitHub
• 2026/04/23 Re: [I] Discuss how we handle private mailing list votes in the security model (tooling-trusted-releases) via GitHub
• 2026/04/23 Re: [I] Record votes in the database (tooling-trusted-releases) via GitHub
• 2026/04/23 Re: [I] Record votes in the database (tooling-trusted-releases) via GitHub
• 2026/04/23 Re: [I] JWT DOM Auto-Clear Lacks Page Lifecycle Event Handlers (tooling-trusted-releases) via GitHub
• 2026/04/23 Re: [I] JWT DOM Auto-Clear Lacks Page Lifecycle Event Handlers (tooling-trusted-releases) via GitHub
• 2026/04/23 Re: [I] Add size limits to SSH/rsync file uploads (tooling-trusted-releases) via GitHub
• 2026/04/23 Re: [I] Add size limits to SSH/rsync file uploads (tooling-trusted-releases) via GitHub
• 2026/04/23 Re: [I] Binary Tool Downloaded Without Integrity Verification (CycloneDX CLI) (tooling-trusted-releases) via GitHub
• 2026/04/23 Re: [I] No Formal SBOM for ATR's Own Third-Party Dependencies (tooling-trusted-releases) via GitHub
• 2026/04/23 Re: [I] API Policy Update Bypasses Form-Level Business Validation (tooling-trusted-releases) via GitHub
• 2026/04/23 Re: [I] API Policy Update Bypasses Form-Level Business Validation (tooling-trusted-releases) via GitHub
• 2026/04/23 Re: [I] Add size limits to SSH/rsync file uploads (tooling-trusted-releases) via GitHub
• 2026/04/23 Re: [I] Add size limits to SSH/rsync file uploads (tooling-trusted-releases) via GitHub
• 2026/04/23 Re: [I] Prevent the reuse of detached session objects in database commit contexts (tooling-trusted-releases) via GitHub
• 2026/04/23 Re: [I] Steve run issue (tooling-agents) via GitHub
• 2026/04/23 Re: [I] Build test suite with fixtures (tooling-agents) via GitHub
• 2026/04/23 [I] Add specs in addition to ASVS (tooling-agents) via GitHub
• 2026/04/23 Re: [I] Steve run issue (tooling-agents) via GitHub
• 2026/04/23 [I] Steve run issue (tooling-agents) via GitHub
• 2026/04/23 [I] Audit projects (tooling-agents) via GitHub
• 2026/04/23 [I] Assess brief (tooling-agents) via GitHub
• 2026/04/23 [I] Assess scrutineer (tooling-agents) via GitHub
• 2026/04/23 [GH] Project delete / archival (tooling-trusted-releases) via GitHub
• 2026/04/23 [I] Auto PR generator (tooling-agents) via GitHub
• 2026/04/23 [I] Auto-file issues (tooling-agents) via GitHub
• 2026/04/23 [I] Keep last audit and compare new audit (tooling-agents) via GitHub
• 2026/04/23 [I] Pull open issues into pipeline (tooling-agents) via GitHub
• 2026/04/23 [I] Build test suite with fixtures (tooling-agents) via GitHub
• 2026/04/23 [I] Test email delivery on ASF infrastructure (tooling-agents) via GitHub
• 2026/04/23 [I] Test critical finding carve-out with privateRepo (tooling-agents) via GitHub
• 2026/04/22 Re: [I] Prevent the reuse of detached session objects in database commit contexts (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] API to list PMCs approved for CI staging (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] MFA from localhost is failing after authentication (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] MFA from localhost is failing after authentication (tooling-trusted-releases) via GitHub
• 2026/04/22 [I] During beta track (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Admin Pages Using web.ElementResponse() May Lack Logout Button (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Admin Pages Using web.ElementResponse() May Lack Logout Button (tooling-trusted-releases) via GitHub
• 2026/04/22 [I] MFA from localhost is failing after authentication (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Web-Issued JWTs Lack PAT Binding and Cannot Be Individually Revoked (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Web-Issued JWTs Lack PAT Binding and Cannot Be Individually Revoked (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Project Deletion Missing Additional Authorization Checks (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Project Deletion Missing Additional Authorization Checks (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Make the user interface clearer in the finish phase (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Make the user interface clearer in the finish phase (tooling-trusted-releases) via GitHub
• 2026/04/22 [I] Request feedback from users more clearly (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Use a prefix for all secret tokens, and inform selected third party scanners (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Data browser must include paging (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Finish option to automatically archive prior release (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Require the release manager to confirm that they are ignoring non-blocking errors (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Add explicit authentication level decorators for API endpoint functions (tooling-trusted-releases) via GitHub
• 2026/04/22 [GH] Project delete / archival (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] No Session Termination After SSH Key Changes (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Subscribe to pubsub for LDAP and use it to inform authorisation decisions (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Expand SBOM support (tooling-trusted-releases) via GitHub
• 2026/04/22 [GH] Project delete / archival (tooling-trusted-releases) via GitHub
• 2026/04/22 [GH] Project delete / archival (tooling-trusted-releases) via GitHub
• 2026/04/22 [GH] Project delete / archival (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Tie ATR server into the rsync path of svn dist artifacts (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Finish option to automatically archive prior release (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Make the user interface clearer in the finish phase (tooling-trusted-releases) via GitHub
• 2026/04/22 [GH] Project delete / archival (tooling-trusted-releases) via GitHub
• 2026/04/22 [GH] Project delete / archival (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [PR] Bump actions/cache from 5.0.4 to 5.0.5 (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Allow private vote threads to be tallied (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Anonymous emails come back from lists.a.o (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Expired Personal Access Tokens Not Automatically Purged (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Resolve security issues with Mermaid dependencies (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [PR] Adding mermaid back in (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Resolve security issues with Mermaid dependencies (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [PR] Adding mermaid back in (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [PR] #1177 - allow zip format archives (jar, war, apk, vsix, whl, nar, nbm) to be quarantine checked (tooling-trusted-releases) via GitHub
• 2026/04/22 Re: [I] Confusing error message when trying to upload an existing file (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add explicit authentication level decorators for GET and POST functions (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add explicit authentication level decorators for GET and POST functions (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add explicit authentication level decorators for GET and POST functions (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add explicit authentication level decorators for GET and POST functions (tooling-trusted-releases) via GitHub
• 2026/04/21 [I] Add explicit authentication level decorators for GET and POST functions (tooling-trusted-releases) via GitHub
• 2026/04/21 [PR] Bump actions/cache from 5.0.4 to 5.0.5 (tooling-trusted-releases) via GitHub
• 2026/04/21 [I] Make compose and vote check result tables consistent (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Require the release manager to confirm that they are ignoring non-blocking errors (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Require the release manager to confirm that they are ignoring non-blocking errors (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Require the release manager to confirm that they are ignoring non-blocking errors (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add a new class of check outcome that cannot be ignored (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Storage Layer Bypassed for Revision Tag Modification (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Storage Layer Bypassed for Revision Tag Modification (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add filetype warning checks (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add filetype warning checks (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add SHA512 generation to attestations (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add SHA512 generation to attestations (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Migrate from pgpy to rpgp-py (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [PR] Fix env var for expected secret crashes server (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Unvalidated Identity Parameter in Email and Vote Operations (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Unvalidated Identity Parameter in Email and Vote Operations (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add explicit authentication level decorators for API endpoint functions (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Add explicit authentication level decorators for API endpoint functions (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Ensure that a project can only be deleted or archived under certain conditions, and that the state is clear (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [PR] #1177 - allow zip format archives (jar, war, apk, vsix, whl, nar, nbm) to be quarantine checked (tooling-trusted-releases) via GitHub
• 2026/04/21 Re: [I] Expand SBOM support (tooling-trusted-releases) via GitHub
• 2026/04/21 [PR] Project delete / archival (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Add explicit authentication level decorators for API endpoint functions (tooling-trusted-releases) via GitHub
• 2026/04/20 [PR] Bump actions/cache from 5.0.4 to 5.0.5 (tooling-actions) via GitHub
• 2026/04/20 [I] Work on the client before alpha3 (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Disallow phase transitions from any but the latest revision (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Confusing error message when trying to upload an existing file (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Retry failed email deliveries (tooling-trusted-releases) via GitHub
• 2026/04/20 [PR] Bump actions/upload-artifact from 7.0.0 to 7.0.1 (tooling-releases-client) via GitHub
• 2026/04/20 [PR] Bump actions/cache from 5.0.4 to 5.0.5 (tooling-releases-client) via GitHub
• 2026/04/20 [I] Warn when an uploaded OpenPGP key does not have the ASF UID of the user (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Confusing error message when trying to upload an existing file (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Add filetype warning checks (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Expand SBOM support (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Confusing error message when trying to upload an existing file (tooling-trusted-releases) via GitHub
• 2026/04/20 [I] Confusing error message when trying to upload an existing file (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] LICENSE validation fails with https instead of http (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Add filetype warning checks (tooling-trusted-releases) via GitHub
• 2026/04/20 Re: [I] Migrate from pgpy to rpgp-py (tooling-trusted-releases) via GitHub
• 2026/04/20 [I] Disallow phase transitions from any but the latest revision (tooling-trusted-releases) via GitHub
• 2026/04/19 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
• 2026/04/18 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
• 2026/04/18 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] GET Blueprint Lacks Centralized Project-Level Authorization (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] GET Blueprint Lacks Centralized Project-Level Authorization (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] GET Blueprint Lacks Centralized Project-Level Authorization (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] API Models Lack Enum Validation for Phase Parameter (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] API Models Lack Enum Validation for Phase Parameter (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Vote Casting POST Endpoint Relies on Indirect Phase Check (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Vote Casting POST Endpoint Relies on Indirect Phase Check (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [PR] Fix env var for expected secret crashes server (tooling-trusted-releases) via GitHub
• 2026/04/17 [PR] Fix env var for expected secret crashes server (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] Migrate from gnupg to rpgp-py (tooling-trusted-releases) via GitHub
• 2026/04/17 Re: [I] `nbf` Claim Not Enforced as Required in ATR JWT Verification (tooling-trusted-releases) via GitHub

• Earlier messages