dev  

Messages by Date

• 2026/03/08 Re: [I] Project metadata to add to project database (tooling-trusted-releases) via GitHub
• 2026/03/08 Re: [I] Project metadata to add to project database (tooling-trusted-releases) via GitHub
• 2026/03/08 Re: [I] Project metadata to add to project database (tooling-trusted-releases) via GitHub
• 2026/03/08 Re: [I] Upload file path validation bypass when file_name parameter is provided (tooling-trusted-releases) via GitHub
• 2026/03/08 Re: [I] Some source archives are not detected at source (tooling-trusted-releases) via GitHub
• 2026/03/08 Re: [I] Some source archives are not detected at source (tooling-trusted-releases) via GitHub
• 2026/03/08 Re: [I] Some source archives are not detected at source (tooling-trusted-releases) via GitHub
• 2026/03/08 [I] Some source archives are not detected at source (tooling-trusted-releases) via GitHub
• 2026/03/08 Re: [I] Backfill archives (tooling-trusted-releases) via GitHub
• 2026/03/08 Re: [I] Backfill archives (tooling-trusted-releases) via GitHub
• 2026/03/08 Re: [I] Determine a list of file types that can be blocked based on extension (tooling-trusted-releases) via GitHub
• 2026/03/08 Re: [I] Determine a list of file types that can be blocked based on extension (tooling-trusted-releases) via GitHub
• 2026/03/08 Re: [I] Uploading PAX archives fails due to an extraction error (tooling-trusted-releases) via GitHub
• 2026/03/08 Re: [I] Uploading PAX archives fails due to an extraction error (tooling-trusted-releases) via GitHub
• 2026/03/08 Re: [I] Allow quarantine failure reports to be cleared (tooling-trusted-releases) via GitHub
• 2026/03/08 Re: [I] Allow quarantine failure reports to be cleared (tooling-trusted-releases) via GitHub
• 2026/03/08 Re: [I] Detailed quarantine archive extraction error messages are not reported (tooling-trusted-releases) via GitHub
• 2026/03/08 Re: [I] Detailed quarantine archive extraction error messages are not reported (tooling-trusted-releases) via GitHub
• 2026/03/08 [I] Allow quarantine failure reports to be cleared (tooling-trusted-releases) via GitHub
• 2026/03/08 [I] Detailed quarantine archive extraction error messages are not reported (tooling-trusted-releases) via GitHub
• 2026/03/07 Re: [I] Determine a list of file types that can be blocked based on extension (tooling-trusted-releases) via GitHub
• 2026/03/07 Re: [I] Uploading PAX archives fails due to an extraction error (tooling-trusted-releases) via GitHub
• 2026/03/06 Re: [I] Project metadata to add to project database (tooling-trusted-releases) via GitHub
• 2026/03/06 Re: [I] Project metadata to add to project database (tooling-trusted-releases) via GitHub
• 2026/03/06 Re: [I] Project metadata to add to project database (tooling-trusted-releases) via GitHub
• 2026/03/06 Re: [I] Document how to provide a groupId for Maven (tooling-trusted-releases) via GitHub
• 2026/03/06 Re: [I] Determine a list of file types that can be blocked based on extension (tooling-trusted-releases) via GitHub
• 2026/03/06 [I] Uploading PAX archives fails due to an extraction error (tooling-trusted-releases) via GitHub
• 2026/03/06 Re: [I] Implement file type/content validation for uploads (tooling-trusted-releases) via GitHub
• 2026/03/06 Re: [I] Determine a list of file types that can be blocked based on extension (tooling-trusted-releases) via GitHub
• 2026/03/06 Re: [I] Determine a list of file types that can be blocked based on extension (tooling-trusted-releases) via GitHub
• 2026/03/06 [I] Determine a list of file types that can be blocked based on extension (tooling-trusted-releases) via GitHub
• 2026/03/06 [I] Backfill archives (tooling-trusted-releases) via GitHub
• 2026/03/06 Re: [I] Verify all DistributionPlatform template URLs use HTTPS (tooling-trusted-releases) via GitHub
• 2026/03/06 Re: [I] Record 3-way merge metadata (tooling-trusted-releases) via GitHub
• 2026/03/06 Re: [I] Record 3-way merge metadata (tooling-trusted-releases) via GitHub
• 2026/03/06 Re: [PR] Utilising taint tracking types (tooling-trusted-releases) via GitHub
• 2026/03/06 [GH] Utilising taint tracking types (tooling-trusted-releases) via GitHub
• 2026/03/06 [GH] Utilising taint tracking types (tooling-trusted-releases) via GitHub
• 2026/03/06 Re: [I] Rework or remove the published endpoint (tooling-trusted-releases) via GitHub
• 2026/03/06 Re: [PR] Adjust topnav menu if ALLOW_TESTS (tooling-trusted-releases) via GitHub
• 2026/03/06 [GH] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/06 [GH] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/06 [GH] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/06 [GH] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/06 [GH] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/06 [GH] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/06 [GH] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/06 [GH] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/05 [PR] Make token change emails more clear (tooling-trusted-releases) via GitHub
• 2026/03/05 [PR] Adjust topnav menu if ALLOW_TESTS (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] [Discuss] Dependency release chains (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Study replacing repository.apache.org (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [PR] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Clarify and constrain permitted ASF TLP version numbers (tooling-trusted-releases) via GitHub
• 2026/03/05 [GH] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Revoke JWTs when a PAT is deleted (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Revoke JWTs when a PAT is deleted (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Implement JWT token revocation mechanism (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Implement JWT token revocation mechanism (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [PR] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [PR] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/05 [I] Study replacing repository.apache.org (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Validate release workflow phase before operations (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Validate release workflow phase before operations (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Validate release workflow phase before operations (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] [Discuss] Dependency release chains (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Vote result email To configuration (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Filter sensitive fields from Task objects in API responses (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Filter sensitive fields from Task objects in API responses (tooling-trusted-releases) via GitHub
• 2026/03/05 [I] Revoke JWTs when a PAT is deleted (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Remove `token_hash` from PersonalAccessToken API responses (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Remove `token_hash` from PersonalAccessToken API responses (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Check for bombs and other archival problems in uploads (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Check for bombs and other archival problems in uploads (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [PR] Add start_tls to smtp connection (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Add STARTTLS initiation to SMTP mail relay in `atr/mail.py` (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [PR] New atr logo topnav treatment (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [PR] Search ldap returning limited attributes (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [PR] Search ldap returning limited attributes (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [PR] Search ldap returning limited attributes (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [I] Storage layer accepts arbitrary user IDs for SSH key and PAT creation (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [PR] Use session asf_uid when adding ssh key and pat (tooling-trusted-releases) via GitHub
• 2026/03/05 [I] [Discuss] Dependency release chains (tooling-trusted-releases) via GitHub
• 2026/03/05 [I] Vote result email To configuration (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [PR] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [PR] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [PR] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/05 Re: [PR] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/05 [PR] Don't merge: for discussion (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [PR] New atr logo topnav treatment (tooling-trusted-releases) via GitHub
• 2026/03/04 [PR] New atr logo topnav treatment (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] ATR logo request (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Apply URL encoding to mailing list API query parameters (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [PR] Add start_tls to smtp connection (tooling-trusted-releases) via GitHub
• 2026/03/04 [PR] Add start_tls to smtp connection (tooling-trusted-releases) via GitHub
• 2026/03/04 [PR] Search ldap returning limited attributes (tooling-trusted-releases) via GitHub
• 2026/03/04 [PR] Use session asf_uid when adding ssh key and pat (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Add size limits to SSH/rsync file uploads (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Open redirect via unvalidated OAuth login redirect parameter (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Create centralized input validation documentation (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Logout is accessible via GET, enabling forced-logout attacks (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Admin override access lacks persistent audit logging (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Add explicit charset to JSON and text response helpers (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Add explicit charset to JSON and text response helpers (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Add explicit charset to JSON and text response helpers (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Add explicit charset to JSON and text response helpers (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [PR] Add explicit charset (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [PR] Add explicit charset (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Create centralized input validation documentation (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Create centralized input validation documentation (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [PR] Add explicit charset (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [PR] Add explicit charset (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [PR] Add explicit charset (tooling-trusted-releases) via GitHub
• 2026/03/04 [PR] Add explicit charset (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Create centralized input validation documentation (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Document approved cryptographic algorithms for the project (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Document pip-audit CVE exception/suppression process (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Vote resolved date is not set (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Vote resolved date is not set (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Add a quarantined validation period after uploading and before checks are started (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Add a quarantined validation period after uploading and before checks are started (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Vote resolved date is not set (tooling-trusted-releases) via GitHub
• 2026/03/04 Re: [I] Consider improving logging (tooling-trusted-releases) via GitHub
• 2026/03/04 [I] Vote resolved date is not set (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Improve error reporting when /resolve/tabulated data is unavailable (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Document how to provide a groupId for Maven (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Require two approvals for important actions (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] promote uploading via GHA (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] promote uploading via GHA (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Use Mailpit to improve email tests (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Prevent the reuse of detached session objects in database commit contexts (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Improve error reporting when /resolve/tabulated data is unavailable (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Make all client responses JSON by default (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Make all client responses JSON by default (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Make all client responses JSON by default (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Regular root file gets reported as directory when `targz.structure` fails (tooling-trusted-releases) via GitHub
• 2026/03/03 [I] Regular root file gets reported as directory when `targz.structure` fails (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Validate against CR/LF characters in HTTP header values (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] Validate no CR/LF in http header values (tooling-trusted-releases) via GitHub
• 2026/03/03 [PR] Validate no CR/LF in http header values (tooling-trusted-releases) via GitHub
• 2026/03/03 [GH] Adding Cache-Control params; fixes #788 (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Prefix and formatting for LLM audit comments (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Check XML parsing to prevent XXE attacks (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Check XML parsing to prevent XXE attacks (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Check XML parsing to prevent XXE attacks (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Path traversal in storage layer `delete_file` and `generate_hash_file` (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Path traversal in storage layer `delete_file` and `generate_hash_file` (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] Adding comments for SVN upload sizes; fixes #718 (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] Adding comments for SVN upload sizes; fixes #718 (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
• 2026/03/03 [I] Document ATR disk layout and size requirements (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] File type validation on upload through web browser (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] File type validation on upload through web browser (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] Adding Cache-Control params; fixes #788 (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] ShellResponse and JWT endpoint missing Content-Disposition headers (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Implement Sec-Fetch-* header validation middleware (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] Validate sec-fetch headers (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] Validate sec-fetch headers (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Move hardcoded committee membership to external configuration (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] Remove hardcoded tooling users (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] Adding comments for SVN upload sizes; fixes #718 (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] Adding comments for SVN upload sizes; fixes #718 (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add content size limits to SVN import (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] Satisfy ASVS #786 (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] Satisfy ASVS #786 (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add Origin header validation for API endpoints (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Add Origin header validation for API endpoints (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Missing `session.check_access()` in multiple route handlers (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] #656 - add check_access to remaining handlers (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Use accurate Content-Type for file downloads instead of generic application/octet-stream (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Fix Content-Type mismatch — JSON returned as text/plain in /result/data endpoint (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] Adding comment about data display; fixes #711 (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] Adding comment for confirm dialog; fixes #767 (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] Adding a comment about octet-stream; fixes #714 (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Refactor confirm dialog from inline JavaScript to data attributes (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [PR] Adding comment for vote email validation; fixes #773 (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] Vote email body construction lacks input sanitization (tooling-trusted-releases) via GitHub
• 2026/03/03 [GH] Adding Cache-Control params; fixes #788 (tooling-trusted-releases) via GitHub
• 2026/03/03 Re: [I] IDOR in distribution delete — missing `check_access()` and form/URL parameter mismatch (tooling-trusted-releases) via GitHub
• 2026/03/03 [PR] #656 - add check_access to remaining handlers (tooling-trusted-releases) via GitHub

• Earlier messages