Messages by Thread
-
-
[I] Deploy self hosted GitHub action runners for distribution workflows (tooling-trusted-releases)
via GitHub
-
[I] Merge env/tooling to production (tooling-trusted-releases)
via GitHub
-
[I] Make check ignores apply per project, not per committee (tooling-trusted-releases)
via GitHub
-
[I] Add release manager storage permissions (tooling-trusted-releases)
via GitHub
-
[I] Discuss refining permissions for uploading CI builds into ATR (tooling-trusted-releases)
via GitHub
-
[PR] Fix: Mitigate CRLF injection in email headers (Issue #603) (tooling-trusted-releases)
via GitHub
-
[I] Detect `npm pack` output and allow `package/` as its root directory (tooling-trusted-releases)
via GitHub
-
[I] Ensure that Dependabot PRs are checked against the action allow list (tooling-trusted-releases)
via GitHub
-
[PR] Limit archive member count to prevent zip bomb attacks (tooling-trusted-releases)
via GitHub
-
[I] Sanitize email header values against CRLF injection (tooling-trusted-releases)
via GitHub
-
[I] Limit archive member count to prevent zip bomb attacks (tooling-trusted-releases)
via GitHub
-
[I] Validate against CR/LF characters in HTTP header values (tooling-trusted-releases)
via GitHub
-
[I] Apply URL encoding to query parameters and paths (tooling-trusted-releases)
via GitHub
-
[I] Validate release workflow phase before operations (tooling-trusted-releases)
via GitHub
-
[I] Limit regex complexity in user-supplied ignore patterns (tooling-trusted-releases)
via GitHub
-
[I] Invalidate all PATs when user account is disabled (tooling-trusted-releases)
via GitHub
-
[I] Add project-level authorization to /published/ endpoint (tooling-trusted-releases)
via GitHub
-
[I] Enforce absolute maximum session lifetime for web sessions (tooling-trusted-releases)
via GitHub
-
[I] Allow files to be excluded on upload (tooling-actions)
via GitHub
-
[PR] feat(security): centralize secure HTTP sessions and enforce TLS 1.2+ … (tooling-trusted-releases)
via GitHub
-
[I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases)
via GitHub
-
Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases)
via GitHub
-
Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases)
via GitHub
-
Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases)
via GitHub
-
Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases)
via GitHub
-
Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases)
via GitHub
-
Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases)
via GitHub
-
Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases)
via GitHub
-
Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases)
via GitHub
-
Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases)
via GitHub
-
Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases)
via GitHub
-
Re: [I] Use validated asf_uid, not the value supplied by the user (tooling-trusted-releases)
via GitHub
-
[PR] Bump actions/checkout from 6.0.1 to 6.0.2 (tooling-trusted-releases)
via GitHub
-
[PR] Bump actions/cache from 5.0.1 to 5.0.2 (tooling-trusted-releases)
via GitHub
-
[I] Litestream stream backups (tooling-trusted-releases)
via GitHub
-
[I] Guardrails for linting intentionally unused variables (tooling-trusted-releases)
via GitHub
-
[I] Regression: in dev mode no ldap connection means no admin functions (tooling-trusted-releases)
via GitHub
-
[PR] fix(security): implement centralized type-safe escaping for template substitutions (#554) (tooling-trusted-releases)
via GitHub
-
[I] Make checklist URLs consistent with the corresponding model (tooling-trusted-releases)
via GitHub
-
[PR] fix(security): centralize escaping for template substitutions (tooling-trusted-releases)
via GitHub
-
[PR] Clean up SSL shutdown noise in logs (tooling-trusted-releases)
via GitHub
-
Poetry in BAT, uv in ATR: should these continue to differ?
sebb
-
[I] Read enisa sbom landscape analysis (tooling-trusted-releases)
via GitHub
-
[I] Ensure that `TimeoutError: SSL shutdown timed out` do not happen or are not logged (tooling-trusted-releases)
via GitHub
-
Docker log showing GET messages every couple of seconds
sebb
-
[PR] Only change perms if necessary (tooling-trusted-releases)
via GitHub