{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":282988279,"defaultBranch":"main","name":"wg-best-practices-os-developers","ownerLogin":"ossf","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2020-07-27T18:54:46.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/67707773?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1720203304.0","currentOid":""},"activityList":{"items":[{"before":"e065ab211975bdd08d77634a0b9e91c2a6b1152b","after":"01d5e05de81ea264ad5bae369e25bf1202ca41a0","ref":"refs/heads/xz_utils_counter","pushedAt":"2024-07-05T18:39:07.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Fix grammar nit in xz utils response\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Fix grammar nit in xz utils response"}},{"before":null,"after":"e065ab211975bdd08d77634a0b9e91c2a6b1152b","ref":"refs/heads/xz_utils_counter","pushedAt":"2024-07-05T18:15:04.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Provide recommendation to counter xz utils style attack\n\nThe malicious attack on the xz utils slipped through many\ndefenses because the \"source\" package included pre-generated\nmalicious code. This meant that review of the source code\n(e.g., as seen by git) couldn't find the problem.\n\nThis proposes a best practices to counter it. The text is longer\nthan I'd like, but it's hard to make it short, and this was a\nworrying attack so I think it's reasonable to say this.\n\nWe'll probably need to renumber this proposal if we also add\nthe proposed text to counter attacks like polyfill.io:\nhttps://github.com/ossf/wg-best-practices-os-developers/pull/559\n... but I think that's okay!\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Provide recommendation to counter xz utils style attack"}},{"before":"9f6d3a9c4595756c64e24c7faddd89942b1503b9","after":null,"ref":"refs/heads/cleanup_handling_errors","pushedAt":"2024-07-05T17:54:12.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"}},{"before":"b678838ee0c049ce1d751895871d62a577d01192","after":"6b4790946b95fb8756b578dfa8b5090a37fcf470","ref":"refs/heads/main","pushedAt":"2024-07-05T17:54:07.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Cleanup lab for handling errors (#558)\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Cleanup lab for handling errors (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2384789232\" data-permission-text=\"Title is private\" data-url=\"https://github.com/ossf/wg-best-practices-os-developers/issues/558\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/ossf/wg-best-practices-os-developers/pull/558/hovercard\" href=\"https://github.com/ossf/wg-best-practices-os-developers/pull/558\">#558</a>)"}},{"before":"57c0d8850ac132a1feb898fd750179107a7bc954","after":"db0724f89c1326fe62c601377fe809ce7f115cb1","ref":"refs/heads/polyfill_io","pushedAt":"2024-07-03T17:54:29.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Weaken the recommendation a little\n\nSometimes inclusion across domains really *is* what you want to do,\nand the risks are reasonable, so back it down a little from\n\"never\" do it.\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Weaken the recommendation a little"}},{"before":"a02d4953f1cbec2ada592988d3cd23490cfce33b","after":"57c0d8850ac132a1feb898fd750179107a7bc954","ref":"refs/heads/polyfill_io","pushedAt":"2024-07-03T17:43:30.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Reword text further to clarify polyfill issue\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Reword text further to clarify polyfill issue"}},{"before":"10b71270c9c7c958fb3da0f489ffe5a47298efb1","after":"a02d4953f1cbec2ada592988d3cd23490cfce33b","ref":"refs/heads/polyfill_io","pushedAt":"2024-07-03T17:38:02.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Update docs/Concise-Guide-for-Developing-More-Secure-Software.md\n\nCo-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com>\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Update docs/Concise-Guide-for-Developing-More-Secure-Software.md"}},{"before":"41acccfda27cbdeca690f46cdfd367deafb44388","after":"10b71270c9c7c958fb3da0f489ffe5a47298efb1","ref":"refs/heads/polyfill_io","pushedAt":"2024-07-03T14:56:03.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Improve polyfill.io text, fix markdownlint error\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Improve polyfill.io text, fix markdownlint error"}},{"before":null,"after":"41acccfda27cbdeca690f46cdfd367deafb44388","ref":"refs/heads/polyfill_io","pushedAt":"2024-07-03T14:44:55.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Add lesson learned from polyfill.io\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Add lesson learned from polyfill.io"}},{"before":"4ceb5c7128a75f03c5b0e64bb81e0d8b1b917f3b","after":"b678838ee0c049ce1d751895871d62a577d01192","ref":"refs/heads/main","pushedAt":"2024-07-03T11:03:04.000Z","pushType":"pr_merge","commitsCount":3,"pusher":{"login":"gkunz","name":"Georg Kunz","path":"/gkunz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11921824?s=80&v=4"},"commit":{"message":"Merge pull request #555 from myteron/pyCode2GitHub_CWE-197-01\n\nUploading only code for CWE-197 Control rounding when converting to l…","shortMessageHtmlLink":"Merge pull request <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2380377228\" data-permission-text=\"Title is private\" data-url=\"https://github.com/ossf/wg-best-practices-os-developers/issues/555\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/ossf/wg-best-practices-os-developers/pull/555/hovercard\" href=\"https://github.com/ossf/wg-best-practices-os-developers/pull/555\">#555</a> from myteron/pyCode2GitHub_CWE-197-01"}},{"before":null,"after":"9f6d3a9c4595756c64e24c7faddd89942b1503b9","ref":"refs/heads/cleanup_handling_errors","pushedAt":"2024-07-01T21:46:25.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Cleanup lab for handling errors\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Cleanup lab for handling errors"}},{"before":"99150f0800ba7f936f173f8bb2152a25d5fb7484","after":"4ceb5c7128a75f03c5b0e64bb81e0d8b1b917f3b","ref":"refs/heads/main","pushedAt":"2024-07-01T15:18:11.000Z","pushType":"pr_merge","commitsCount":4,"pusher":{"login":"gkunz","name":"Georg Kunz","path":"/gkunz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11921824?s=80&v=4"},"commit":{"message":"Merge pull request #547 from myteron/pyCode2GitHub_CWE-191\n\npyDoc2GitHub CWE-191","shortMessageHtmlLink":"Merge pull request <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2366243278\" data-permission-text=\"Title is private\" data-url=\"https://github.com/ossf/wg-best-practices-os-developers/issues/547\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/ossf/wg-best-practices-os-developers/pull/547/hovercard\" href=\"https://github.com/ossf/wg-best-practices-os-developers/pull/547\">#547</a> from myteron/pyCode2GitHub_CWE-191"}},{"before":"d7bd33bf00a6c627cfd6c6d375ece2715e567fd8","after":null,"ref":"refs/heads/vilarinho","pushedAt":"2024-06-29T01:51:05.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"}},{"before":"28a7fbf32ad7d4ca0558a37252387464fdcd2589","after":"99150f0800ba7f936f173f8bb2152a25d5fb7484","ref":"refs/heads/main","pushedAt":"2024-06-29T01:51:03.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Add Camila Vilarinho author of lab in progress (#556)\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Add Camila Vilarinho author of lab in progress (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2381282941\" data-permission-text=\"Title is private\" data-url=\"https://github.com/ossf/wg-best-practices-os-developers/issues/556\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/ossf/wg-best-practices-os-developers/pull/556/hovercard\" href=\"https://github.com/ossf/wg-best-practices-os-developers/pull/556\">#556</a>)"}},{"before":null,"after":"d7bd33bf00a6c627cfd6c6d375ece2715e567fd8","ref":"refs/heads/vilarinho","pushedAt":"2024-06-28T22:38:04.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Add Camila Vilarinho author of lab in progress\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Add Camila Vilarinho author of lab in progress"}},{"before":null,"after":"bfc9fec21aef593734c4da76d0e71597fc33d413","ref":"refs/heads/fvtable-verify","pushedAt":"2024-06-27T17:47:09.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"thomasnyman","name":"Thomas Nyman","path":"/thomasnyman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/636059?s=80&v=4"},"commit":{"message":"Add -fvtable-verify to list of considered options\n\nSigned-off-by: Thomas Nyman <thomas.nyman@ericsson.com>","shortMessageHtmlLink":"Add -fvtable-verify to list of considered options"}},{"before":"e5f2c466a1617a1aaffa77ef663cf7813e7b3f61","after":null,"ref":"refs/heads/bump_date","pushedAt":"2024-06-27T17:25:35.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"thomasnyman","name":"Thomas Nyman","path":"/thomasnyman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/636059?s=80&v=4"}},{"before":"5e7d20f8688a3892ba3ddcdb8e9d376123da98d8","after":"28a7fbf32ad7d4ca0558a37252387464fdcd2589","ref":"refs/heads/main","pushedAt":"2024-06-27T17:25:28.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"thomasnyman","name":"Thomas Nyman","path":"/thomasnyman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/636059?s=80&v=4"},"commit":{"message":"Bump date for Compiler Options Hardening Guide for C and C++\n\nSigned-off-by: Thomas Nyman <thomas.nyman@ericsson.com>","shortMessageHtmlLink":"Bump date for Compiler Options Hardening Guide for C and C++"}},{"before":null,"after":"e5f2c466a1617a1aaffa77ef663cf7813e7b3f61","ref":"refs/heads/bump_date","pushedAt":"2024-06-27T17:22:27.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"thomasnyman","name":"Thomas Nyman","path":"/thomasnyman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/636059?s=80&v=4"},"commit":{"message":"Bump date for Compiler Options Hardening Guide for C and C++\n\nSigned-off-by: Thomas Nyman <thomas.nyman@ericsson.com>","shortMessageHtmlLink":"Bump date for Compiler Options Hardening Guide for C and C++"}},{"before":"16a8f6e3b7cc165afeabb82d079799ab15878f44","after":null,"ref":"refs/heads/fix-missing-versions-for-stack-protector","pushedAt":"2024-06-27T11:40:45.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"thomasnyman","name":"Thomas Nyman","path":"/thomasnyman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/636059?s=80&v=4"}},{"before":"25020ca23291c8b51fd84c2316a71e41b634155a","after":"5e7d20f8688a3892ba3ddcdb8e9d376123da98d8","ref":"refs/heads/main","pushedAt":"2024-06-27T11:40:40.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"thomasnyman","name":"Thomas Nyman","path":"/thomasnyman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/636059?s=80&v=4"},"commit":{"message":"Adjust supported since versions for -fstack-protector options\n\n- Fix incorrect Clang version given for -fstack-protector-strong.\n- Add missing GCC and Clang versions for -fstack-protector and -fstack-protector-all.\n\nSigned-off-by: Thomas Nyman <thomas.nyman@ericsson.com>","shortMessageHtmlLink":"Adjust supported since versions for -fstack-protector options"}},{"before":null,"after":"16a8f6e3b7cc165afeabb82d079799ab15878f44","ref":"refs/heads/fix-missing-versions-for-stack-protector","pushedAt":"2024-06-27T11:37:17.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"thomasnyman","name":"Thomas Nyman","path":"/thomasnyman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/636059?s=80&v=4"},"commit":{"message":"Adjust supported since versions for -fstack-protector options\n\n- Fix incorrect Clang version given for -fstack-protector-strong.\n- Add missing GCC and Clang versions for -fstack-protector and -fstack-protector-all.\n\nSigned-off-by: Thomas Nyman <thomas.nyman@ericsson.com>","shortMessageHtmlLink":"Adjust supported since versions for -fstack-protector options"}},{"before":"760cd7b7a01dd49c262f85a7f88b0383f40d8bd0","after":null,"ref":"refs/heads/add_DONE_marker","pushedAt":"2024-06-21T19:12:43.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"}},{"before":"e42da1a34723e9a02a0f53ce4d431012830d8aac","after":"25020ca23291c8b51fd84c2316a71e41b634155a","ref":"refs/heads/main","pushedAt":"2024-06-21T19:12:39.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Add DONE marker for labs, note new lab (#544)\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Add DONE marker for labs, note new lab (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2360192240\" data-permission-text=\"Title is private\" data-url=\"https://github.com/ossf/wg-best-practices-os-developers/issues/544\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/ossf/wg-best-practices-os-developers/pull/544/hovercard\" href=\"https://github.com/ossf/wg-best-practices-os-developers/pull/544\">#544</a>)"}},{"before":"ff0d9f319f7be4c1b825665152c9006586f572a1","after":"e42da1a34723e9a02a0f53ce4d431012830d8aac","ref":"refs/heads/main","pushedAt":"2024-06-21T16:31:18.000Z","pushType":"pr_merge","commitsCount":4,"pusher":{"login":"gkunz","name":"Georg Kunz","path":"/gkunz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11921824?s=80&v=4"},"commit":{"message":"Merge pull request #530 from gkunz/license-header\n\nAdding SPDX license headers to the Python code examples","shortMessageHtmlLink":"Merge pull request <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2336182293\" data-permission-text=\"Title is private\" data-url=\"https://github.com/ossf/wg-best-practices-os-developers/issues/530\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/ossf/wg-best-practices-os-developers/pull/530/hovercard\" href=\"https://github.com/ossf/wg-best-practices-os-developers/pull/530\">#530</a> from gkunz/license-header"}},{"before":"f53974425982aa9125e09d4c14a482de15cee5d8","after":"ff0d9f319f7be4c1b825665152c9006586f572a1","ref":"refs/heads/main","pushedAt":"2024-06-19T11:13:47.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"gkunz","name":"Georg Kunz","path":"/gkunz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11921824?s=80&v=4"},"commit":{"message":"Merge pull request #534 from myteron/pyDoc2GitHub_CWE-1095\n\nContent for CWE-1095","shortMessageHtmlLink":"Merge pull request <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2340810359\" data-permission-text=\"Title is private\" data-url=\"https://github.com/ossf/wg-best-practices-os-developers/issues/534\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/ossf/wg-best-practices-os-developers/pull/534/hovercard\" href=\"https://github.com/ossf/wg-best-practices-os-developers/pull/534\">#534</a> from myteron/pyDoc2GitHub_CWE-1095"}},{"before":null,"after":"760cd7b7a01dd49c262f85a7f88b0383f40d8bd0","ref":"refs/heads/add_DONE_marker","pushedAt":"2024-06-18T15:52:27.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Add DONE marker for labs, note new lab\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Add DONE marker for labs, note new lab"}},{"before":"caeb4920b7fa891e247a6dc09bea9a0c4b0fb111","after":null,"ref":"refs/heads/pyDoc2GitHub_CWE-1095","pushedAt":"2024-06-18T15:48:25.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"gkunz","name":"Georg Kunz","path":"/gkunz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11921824?s=80&v=4"}},{"before":null,"after":"caeb4920b7fa891e247a6dc09bea9a0c4b0fb111","ref":"refs/heads/pyDoc2GitHub_CWE-1095","pushedAt":"2024-06-18T15:47:26.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"gkunz","name":"Georg Kunz","path":"/gkunz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11921824?s=80&v=4"},"commit":{"message":"Adding content for CWE-1095\n\nSigned-off-by: myteron <myteron@gmail.com>","shortMessageHtmlLink":"Adding content for CWE-1095"}},{"before":"caeb4920b7fa891e247a6dc09bea9a0c4b0fb111","after":null,"ref":"refs/heads/pyDoc2GitHub_CWE-1095","pushedAt":"2024-06-18T15:46:49.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"gkunz","name":"Georg Kunz","path":"/gkunz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11921824?s=80&v=4"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEeAn3EwA","startCursor":null,"endCursor":null}},"title":"Activity · ossf/wg-best-practices-os-developers"}