Messages by Thread
-
Tomcat security model
Mark Thomas
-
Using Github Actions Trusted Publisher for PyPI releases ?
Jarek Potiuk
-
Pixee AI
Mike Drob
-
Re: Siren by OpenSSF
Arnout Engelen
-
Re: Vulnerability found in your website !
Apache Security Team
-
Re: Package URLs for Apache Tomcat distributions
von Loewenstein, Jan
-
Fwd: Board report for this month (draft)
Dirk-Willem van Gulik
-
XZ, covert actions, Industry limits - drugs-smuggling
Dirk-Willem van Gulik
-
Binary blobs in source trees
Mike Drob
-
[DISCUSS] Should we update our policies to include source provenance check
Jarek Potiuk
-
Snyk, Sonartype, etc
Dirk-Willem van Gulik
-
Acceptability of Third-Party Password Manager
Bryan Ellis
-
Enabling security autofix suggestion ?
Jarek Potiuk
-
Apache SBOM tracking in DependencyTrack
Arnout Engelen
-
Proposed PyPI digital attestation PEP
Jarek Potiuk
-
approving basic security headers for POI web site
PJ Fanning
-
Reproducible builds [Airflow] -> done
Jarek Potiuk
-
2023 annual report published
Mark J Cox
-
CVE-2023-49735 in Apache Tiles
Sebastian Götz
-
Security track at CoC?
Mike Drob
-
Platypus attack on Docker affecting a number of our projects potentially?
Jarek Potiuk
-
How to approach the problem of "3rd-party CVE dependencies impact"
Jarek Potiuk
-
Website PR v2
Hen
-
Website PR
Hen
-
Participating in HackerOne Internet Bug Bounty
Arnout Engelen
-
Applying for OSSF Best Practices Badge Program ?
Jarek Potiuk
-
Dependency-Track INFRA ticket
Chris Thistlethwaite
-
Using DOAPs for publishing SBOM links (and mandating it)?
Jarek Potiuk
-
RFI on OSS Security and Memory Safe Programming Languages
Mark J Cox
-
Re: [REQUEST] Grant permission to deploy Maven project via GitHub Actions
tison
-
Should we encourage projects to publish a 'security.txt'?
Arnout Engelen
-
advice on non-ASF CVE that I want to dispute/reject
PJ Fanning
-
Who can review security issues?
Mike Drob
-
FOSS Security Campus
Isabel Drost-Fromm
-
Identifiers (purl, SWID) for Apache artifacts
Arnout Engelen
-
Re: Identifiers (purl, SWID) for Apache artifacts
Dirk-Willem van Gulik
-
Re: Identifiers (purl, SWID) for Apache artifacts
sebb
-
Re: Identifiers (purl, SWID) for Apache artifacts
Dirk-Willem van Gulik
-
Re: Identifiers (purl, SWID) for Apache artifacts
Arnout Engelen
-
Re: Identifiers (purl, SWID) for Apache artifacts
Dirk-Willem van Gulik
-
Re: Identifiers (purl, SWID) for Apache artifacts
Gilles Sadowski
-
Re: Identifiers (purl, SWID) for Apache artifacts
Jarek Potiuk
-
Re: Identifiers (purl, SWID) for Apache artifacts
Dirk-Willem van Gulik
-
Re: Identifiers (purl, SWID) for Apache artifacts
Jarek Potiuk
-
Re: Identifiers (purl, SWID) for Apache artifacts
sebb
-
Re: Identifiers (purl, SWID) for Apache artifacts
Arnout Engelen
-
Re: Identifiers (purl, SWID) for Apache artifacts
Philippe Ombredanne
-
Re: Identifiers (purl, SWID) for Apache artifacts
Dirk-Willem van Gulik
-
Re: Identifiers (purl, SWID) for Apache artifacts
Gary Gregory
-
Re: Identifiers (purl, SWID) for Apache artifacts
Jarek Potiuk
-
Re: Identifiers (purl, SWID) for Apache artifacts
Dirk-Willem van Gulik
-
Re: Identifiers (purl, SWID) for Apache artifacts
Arnout Engelen
-
Vulnerability Listing pages
Hen
-
ASF Security report for 2022 published
Mark J Cox
-
Reporting security vulnerabilities via Github Private security vulnerability ?
Jarek Potiuk