dev  

Messages by Thread

• • Re: [I] Evaluate ASVS v5.0.0 compliance: denial of service (tooling-trusted-releases) via GitHub
• Re: [I] Evaluate ASVS v5.0.0 compliance: credential integrity (tooling-trusted-releases) via GitHub
  • Re: [I] Evaluate ASVS v5.0.0 compliance: credential integrity (tooling-trusted-releases) via GitHub
• Re: [I] Evaluate ASVS v5.0.0 compliance: brute force identification (tooling-trusted-releases) via GitHub
  • Re: [I] Evaluate ASVS v5.0.0 compliance: brute force identification (tooling-trusted-releases) via GitHub
• Re: [I] Evaluate ASVS v5.0.0 compliance: basic access (tooling-trusted-releases) via GitHub
  • Re: [I] Evaluate ASVS v5.0.0 compliance: basic access (tooling-trusted-releases) via GitHub
• Re: [I] Evaluate ASVS v5.0.0 compliance: credential stealing (tooling-trusted-releases) via GitHub
  • Re: [I] Evaluate ASVS v5.0.0 compliance: credential stealing (tooling-trusted-releases) via GitHub
• Re: [I] Evaluate ASVS v5.0.0 compliance: internal access (tooling-trusted-releases) via GitHub
  • Re: [I] Evaluate ASVS v5.0.0 compliance: internal access (tooling-trusted-releases) via GitHub
• Re: [I] Evaluate ASVS v5.0.0 compliance: universal spoofing (tooling-trusted-releases) via GitHub
  • Re: [I] Evaluate ASVS v5.0.0 compliance: universal spoofing (tooling-trusted-releases) via GitHub
• Re: [I] Evaluate ASVS v5.0.0 compliance: external access (tooling-trusted-releases) via GitHub
  • Re: [I] Evaluate ASVS v5.0.0 compliance: external access (tooling-trusted-releases) via GitHub
• Re: [I] Evaluate ASVS v5.0.0 compliance: weak cryptography (tooling-trusted-releases) via GitHub
  • Re: [I] Evaluate ASVS v5.0.0 compliance: weak cryptography (tooling-trusted-releases) via GitHub
• Re: [I] Evaluate ASVS v5.0.0 compliance: cross site scripting (tooling-trusted-releases) via GitHub
  • Re: [I] Evaluate ASVS v5.0.0 compliance: cross site scripting (tooling-trusted-releases) via GitHub
• Re: [I] Evaluate ASVS v5.0.0 compliance: server side execution (tooling-trusted-releases) via GitHub
  • Re: [I] Evaluate ASVS v5.0.0 compliance: server side execution (tooling-trusted-releases) via GitHub
• Re: [I] Evaluate compliance with ASVS v5.0.0 L1 criteria (tooling-trusted-releases) via GitHub
  • Re: [I] Evaluate compliance with ASVS v5.0.0 L1 criteria (tooling-trusted-releases) via GitHub
  • Re: [I] Evaluate compliance with ASVS v5.0.0 L1 criteria (tooling-trusted-releases) via GitHub
  • Re: [I] Evaluate compliance with ASVS v5.0.0 L1 criteria (tooling-trusted-releases) via GitHub
• Re: [I] Document the intended transition to JSON outputs by default in the client (tooling-trusted-releases) via GitHub
  • Re: [I] Document the intended transition to JSON outputs by default in the client (tooling-trusted-releases) via GitHub
• [I] Make client responses json by default (tooling-releases-client) via GitHub
• Re: [I] Add log sealing (tooling-trusted-releases) via GitHub
  • Re: [I] Add log sealing (tooling-trusted-releases) via GitHub
• Re: [I] Add further validation to check site consistency (tooling-trusted-releases) via GitHub
  • Re: [I] Add further validation to check site consistency (tooling-trusted-releases) via GitHub
  • Re: [I] Add further validation to check site consistency (tooling-trusted-releases) via GitHub
• Re: [I] Add read-only and read-write test projects (tooling-trusted-releases) via GitHub
  • Re: [I] Add read-only and read-write test projects (tooling-trusted-releases) via GitHub
• Re: [I] Discuss refining permissions for uploading CI builds into ATR (tooling-trusted-releases) via GitHub
  • Re: [I] Discuss refining permissions for uploading CI builds into ATR (tooling-trusted-releases) via GitHub
• Re: [I] Implement RAO / Maven connectivity (tooling-trusted-releases) via GitHub
  • Re: [I] Implement RAO / Maven connectivity (tooling-trusted-releases) via GitHub
• [I] Use accurate Content-Type for file downloads instead of generic application/octet-stream (tooling-trusted-releases) via GitHub
  • Re: [I] Use accurate Content-Type for file downloads instead of generic application/octet-stream (tooling-trusted-releases) via GitHub
• [I] Fix Content-Type mismatch — plain text error responses served as text/html in asfquart (tooling-trusted-releases) via GitHub
  • Re: [I] Fix Content-Type mismatch — plain text error responses served as text/html in asfquart (tooling-trusted-releases) via GitHub
  • Re: [I] Fix Content-Type mismatch — plain text error responses served as text/html in asfquart (tooling-trusted-releases) via GitHub
  • Re: [I] Fix Content-Type mismatch — plain text error responses served as text/html in asfquart (tooling-trusted-releases) via GitHub
• [I] Add explicit charset to JSON and text response helpers (tooling-trusted-releases) via GitHub
  • Re: [I] Add explicit charset to JSON and text response helpers (tooling-trusted-releases) via GitHub
  • Re: [I] Add explicit charset to JSON and text response helpers (tooling-trusted-releases) via GitHub
  • Re: [I] Add explicit charset to JSON and text response helpers (tooling-trusted-releases) via GitHub
  • Re: [I] Add explicit charset to JSON and text response helpers (tooling-trusted-releases) via GitHub
• [I] Fix Content-Type mismatch — JSON returned as text/plain in /result/data endpoint (tooling-trusted-releases) via GitHub
  • Re: [I] Fix Content-Type mismatch — JSON returned as text/plain in /result/data endpoint (tooling-trusted-releases) via GitHub
• [I] Populate `version.py` at build time (tooling-trusted-releases) via GitHub
  • Re: [I] Populate `version.py` at build time (tooling-trusted-releases) via GitHub
  • Re: [I] Populate `version.py` at build time (tooling-trusted-releases) via GitHub
• [I] Document pip-audit CVE exception/suppression process (tooling-trusted-releases) via GitHub
  • Re: [I] Document pip-audit CVE exception/suppression process (tooling-trusted-releases) via GitHub
• [I] Add a "historical only" flag for outdated keys (tooling-trusted-releases) via GitHub
  • Re: [I] Add a "historical only" flag for outdated keys (tooling-trusted-releases) via GitHub
  • Re: [I] Add a "historical only" flag for outdated keys (tooling-trusted-releases) via GitHub
• [I] Use explicit allowlist for GitHub OIDC payload fields (tooling-trusted-releases) via GitHub
  • Re: [I] Use explicit allowlist for GitHub OIDC payload fields (tooling-trusted-releases) via GitHub
  • Re: [I] Use explicit allowlist for GitHub OIDC payload fields (tooling-trusted-releases) via GitHub
• [I] Extend Dependabot configuration to cover pip and Docker ecosystems (tooling-trusted-releases) via GitHub
  • Re: [I] Extend Dependabot configuration to cover pip and Docker ecosystems (tooling-trusted-releases) via GitHub
• [I] Pin syft version in Dockerfile (tooling-trusted-releases) via GitHub
  • Re: [I] Pin syft version in Dockerfile (tooling-trusted-releases) via GitHub
• [I] Add integrity verification for Apache RAT JAR (tooling-trusted-releases) via GitHub
  • Re: [I] Add integrity verification for Apache RAT JAR (tooling-trusted-releases) via GitHub
  • Re: [I] Add integrity verification for Apache RAT JAR (tooling-trusted-releases) via GitHub
  • Re: [I] Add integrity verification for Apache RAT JAR (tooling-trusted-releases) via GitHub
  • Re: [I] Add integrity verification for Apache RAT JAR (tooling-trusted-releases) via GitHub
• [I] Prefix and formatting for LLM audit comments (tooling-trusted-releases) via GitHub
  • Re: [I] Prefix and formatting for LLM audit comments (tooling-trusted-releases) via GitHub
  • Re: [I] Prefix and formatting for LLM audit comments (tooling-trusted-releases) via GitHub
  • Re: [I] Prefix and formatting for LLM audit comments (tooling-trusted-releases) via GitHub
  • Re: [I] Prefix and formatting for LLM audit comments (tooling-trusted-releases) via GitHub
• [I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
  • Re: [I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
  • Re: [I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
  • Re: [I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
  • Re: [I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
  • Re: [I] Implement LDAP attribute allowlist instead of `ALL_ATTRIBUTES` (tooling-trusted-releases) via GitHub
• [I] Filter sensitive fields from Task objects in API responses (tooling-trusted-releases) via GitHub
  • Re: [I] Filter sensitive fields from Task objects in API responses (tooling-trusted-releases) via GitHub
  • Re: [I] Filter sensitive fields from Task objects in API responses (tooling-trusted-releases) via GitHub
• [I] Extend secret redaction patterns in `/admin/configuration` endpoint (tooling-trusted-releases) via GitHub
  • Re: [I] Extend secret redaction patterns in `/admin/configuration` endpoint (tooling-trusted-releases) via GitHub
• [I] Remove `token_hash` from PersonalAccessToken API responses (tooling-trusted-releases) via GitHub
  • Re: [I] Remove `token_hash` from PersonalAccessToken API responses (tooling-trusted-releases) via GitHub
  • Re: [I] Remove `token_hash` from PersonalAccessToken API responses (tooling-trusted-releases) via GitHub
• [I] Clear JWT token and CSRF token from DOM on session end / timeout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
  • Re: [I] Clear JWT token and CSRF token from DOM on session end / timeout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
  • Re: [I] Clear JWT token and CSRF token from DOM on session end / timeout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
  • Re: [I] Clear JWT token and CSRF token from DOM on session end / timeout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
  • Re: [I] Clear JWT token and CSRF token from DOM on session end / timeout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
  • Re: [I] Clear JWT token and CSRF token from DOM on session end / timeout (ASVS 14.3.1) (tooling-trusted-releases) via GitHub
• [I] Document reproducible builds, signing, SBOMs, and OpenSSF (tooling-trusted-releases) via GitHub
  • Re: [I] Document reproducible builds, signing, SBOMs, and OpenSSF (tooling-trusted-releases) via GitHub
  • Re: [I] Document reproducible builds, signing, SBOMs, and OpenSSF (tooling-trusted-releases) via GitHub
  • Re: [I] Document reproducible builds, signing, SBOMs, and OpenSSF (tooling-trusted-releases) via GitHub
  • Re: [I] Document reproducible builds, signing, SBOMs, and OpenSSF (tooling-trusted-releases) via GitHub
  • Re: [I] Document reproducible builds, signing, SBOMs, and OpenSSF (tooling-trusted-releases) via GitHub
• [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
  • Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
  • Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
  • Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
  • Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
  • Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
  • Re: [I] Add a mode for admins to browse as themselves with no admin permissions (tooling-trusted-releases) via GitHub
• [I] Remove release from SVN import options (tooling-trusted-releases) via GitHub
  • Re: [I] Remove release from SVN import options (tooling-trusted-releases) via GitHub
• [PR] clarify ASF distribution vs third party channels (tooling-trusted-releases) via GitHub
  • Re: [PR] clarify ASF distribution vs third party channels (tooling-trusted-releases) via GitHub
  • Re: [PR] clarify ASF distribution vs third party channels (tooling-trusted-releases) via GitHub
• [I] Update docs with relpath (tooling-trusted-releases) via GitHub
  • Re: [I] Update docs with relpath (tooling-trusted-releases) via GitHub
  • Re: [I] Update docs with relpath (tooling-trusted-releases) via GitHub
• [I] Use continuation passing style for creating new revisions (tooling-trusted-releases) via GitHub
  • Re: [I] Use continuation passing style for creating new revisions (tooling-trusted-releases) via GitHub
  • Re: [I] Use continuation passing style for creating new revisions (tooling-trusted-releases) via GitHub
• [I] Ensure that tasks themselves are cached as well as task results (tooling-trusted-releases) via GitHub
  • Re: [I] Ensure that tasks themselves are cached as well as task results (tooling-trusted-releases) via GitHub
  • Re: [I] Ensure that tasks themselves are cached as well as task results (tooling-trusted-releases) via GitHub
  • Re: [I] Ensure that tasks themselves are cached as well as task results (tooling-trusted-releases) via GitHub
• [PR] Use the intersection of algorithms from asyncssh and ssh-audit (tooling-trusted-releases) via GitHub
  • Re: [PR] Use the intersection of algorithms from asyncssh and ssh-audit (tooling-trusted-releases) via GitHub
  • Re: [PR] Use the intersection of algorithms from asyncssh and ssh-audit (tooling-trusted-releases) via GitHub
  • Re: [PR] Use the intersection of algorithms from asyncssh and ssh-audit (tooling-trusted-releases) via GitHub
• [PR] #677 - Add explicit ciphers, kex and mac algorithms. (tooling-trusted-releases) via GitHub
  • Re: [PR] #677 - Add explicit ciphers, kex and mac algorithms. (tooling-trusted-releases) via GitHub
  • Re: [PR] #677 - Add explicit ciphers, kex and mac algorithms. (tooling-trusted-releases) via GitHub
• [I] Verify all DistributionPlatform template URLs use HTTPS (tooling-trusted-releases) via GitHub
  • Re: [I] Verify all DistributionPlatform template URLs use HTTPS (tooling-trusted-releases) via GitHub
  • Re: [I] Verify all DistributionPlatform template URLs use HTTPS (tooling-trusted-releases) via GitHub
• [I] Add explicit TLS configuration to LDAP connections in `atr/ldap.py` (tooling-trusted-releases) via GitHub
  • Re: [I] Add explicit TLS configuration to LDAP connections in `atr/ldap.py` (tooling-trusted-releases) via GitHub
• [I] Add TLS enforcement to download shell script in `atr/static/sh/download-urls.sh` (tooling-trusted-releases) via GitHub
  • Re: [I] Add TLS enforcement to download shell script in `atr/static/sh/download-urls.sh` (tooling-trusted-releases) via GitHub
  • Re: [I] Add TLS enforcement to download shell script in `atr/static/sh/download-urls.sh` (tooling-trusted-releases) via GitHub
  • Re: [I] Add TLS enforcement to download shell script in `atr/static/sh/download-urls.sh` (tooling-trusted-releases) via GitHub
  • Re: [I] Add TLS enforcement to download shell script in `atr/static/sh/download-urls.sh` (tooling-trusted-releases) via GitHub
• [I] Enforce HTTPS-only for SVN PubSub listener URL in `atr/svn/pubsub.py` (tooling-trusted-releases) via GitHub
  • Re: [I] Enforce HTTPS-only for SVN PubSub listener URL in `atr/svn/pubsub.py` (tooling-trusted-releases) via GitHub
  • Re: [I] Enforce HTTPS-only for SVN PubSub listener URL in `atr/svn/pubsub.py` (tooling-trusted-releases) via GitHub
  • Re: [I] Enforce HTTPS-only for SVN PubSub listener URL in `atr/svn/pubsub.py` (tooling-trusted-releases) via GitHub
• [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases) via GitHub
  • Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases) via GitHub
  • Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases) via GitHub
  • Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases) via GitHub
  • Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases) via GitHub
  • Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases) via GitHub
  • Re: [I] Configure explicit TLS version constraints for Hypercorn server (tooling-trusted-releases) via GitHub
• [I] Add STARTTLS initiation to SMTP mail relay in `atr/mail.py` (tooling-trusted-releases) via GitHub
  • Re: [I] Add STARTTLS initiation to SMTP mail relay in `atr/mail.py` (tooling-trusted-releases) via GitHub
• [I] Add explicit SCM path rejection to `_validate_relpath_string` (tooling-trusted-releases) via GitHub
  • Re: [I] Add explicit SCM path rejection to `_validate_relpath_string` (tooling-trusted-releases) via GitHub
  • Re: [I] Add explicit SCM path rejection to `_validate_relpath_string` (tooling-trusted-releases) via GitHub
• [I] Document OAuth architecture and ASVS V10.4.x delegation (tooling-trusted-releases) via GitHub
  • Re: [I] Document OAuth architecture and ASVS V10.4.x delegation (tooling-trusted-releases) via GitHub
• [I] Replace `assert` with explicit error handling in OAuth callback (a.k.a. document no -O flag usage) (tooling-trusted-releases) via GitHub
  • Re: [I] Replace `assert` with explicit error handling in OAuth callback (a.k.a. document no -O flag usage) (tooling-trusted-releases) via GitHub
  • Re: [I] Replace `assert` with explicit error handling in OAuth callback (a.k.a. document no -O flag usage) (tooling-trusted-releases) via GitHub
  • Re: [I] Replace `assert` with explicit error handling in OAuth callback (a.k.a. document no -O flag usage) (tooling-trusted-releases) via GitHub
  • Re: [I] Replace `assert` with explicit error handling in OAuth callback (a.k.a. document no -O flag usage) (tooling-trusted-releases) via GitHub
  • Re: [I] Replace `assert` with explicit error handling in OAuth callback (a.k.a. document no -O flag usage) (tooling-trusted-releases) via GitHub
  • Re: [I] Replace `assert` with explicit error handling in OAuth callback (a.k.a. document no -O flag usage) (tooling-trusted-releases) via GitHub
• [I] Document approved cryptographic algorithms for the project (tooling-trusted-releases) via GitHub
  • Re: [I] Document approved cryptographic algorithms for the project (tooling-trusted-releases) via GitHub
• [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
  • Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
  • Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
  • Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
  • Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
  • Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
  • Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
  • Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
  • Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
• [I] SSH server: Configure explicit cipher suites, KEX, and MAC algorithms (tooling-trusted-releases) via GitHub
  • Re: [I] SSH server: Configure explicit cipher suites, KEX, and MAC algorithms (tooling-trusted-releases) via GitHub
  • Re: [I] SSH server: Configure explicit cipher suites, KEX, and MAC algorithms (tooling-trusted-releases) via GitHub
• [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases) via GitHub
  • Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases) via GitHub
  • Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases) via GitHub
  • Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases) via GitHub
  • Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases) via GitHub
  • Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases) via GitHub
  • Re: [I] Add temporal validation helper to `TrustedPublisherPayload` model (tooling-trusted-releases) via GitHub
• [I] Add `nbf` (not-before) claim to internally issued JWTs (tooling-trusted-releases) via GitHub
  • Re: [I] Add `nbf` (not-before) claim to internally issued JWTs (tooling-trusted-releases) via GitHub
• [I] Add not-before validation for SSH workflow keys (tooling-trusted-releases) via GitHub
  • Re: [I] Add not-before validation for SSH workflow keys (tooling-trusted-releases) via GitHub
• [I] Explicitly reject JWTs containing `jku`, `x5u`, or `jwk` headers (tooling-trusted-releases) via GitHub
  • Re: [I] Explicitly reject JWTs containing `jku`, `x5u`, or `jwk` headers (tooling-trusted-releases) via GitHub
• [I] Mark `unverified_header_and_payload` as internal and add security warnings (tooling-trusted-releases) via GitHub
  • Re: [I] Mark `unverified_header_and_payload` as internal and add security warnings (tooling-trusted-releases) via GitHub
• [I] Validate JWKS URI against allowlist in GitHub OIDC flow (tooling-trusted-releases) via GitHub
  • Re: [I] Validate JWKS URI against allowlist in GitHub OIDC flow (tooling-trusted-releases) via GitHub
• [I] Message sending lacks committee-scoped recipient validation (tooling-trusted-releases) via GitHub
  • Re: [I] Message sending lacks committee-scoped recipient validation (tooling-trusted-releases) via GitHub

• Earlier messages
• Later messages