Google Git
Sign in
apache/tooling-trusted-releases

Apache Trusted Releases

Mirrored from https://github.com/apache/tooling-trusted-releases.git
Clone this repo:

Branches

More...
  1. bd42089 Validate no CR/LF in http header values by Dave Fisher · 25 hours ago main
  2. 66feba6 Adding comments; fixes #718 by Andrew K. Musselman · 2 days ago
  3. b4a8b06 Adding Cache-Control params; fixes #788 by Andrew Musselman · 28 hours ago
  4. cce3103 Forbid mutating navigations to the API and all mutating cross-site requests by Dave Fisher · 28 hours ago
  5. 0f5bbd2 Get Tooling members from LDAP instead of a hardcoded list by Dave Fisher · 29 hours ago

Apache Trusted Releases (ATR)

A prototype service for verifying and distributing Apache releases securely.

NOTE: New contributors must introduce themselves on the development mailing list first, to deter spam. Contributions are very welcome, but please do not submit a PR until you have introduced yourself.

Status

This repository contains code developed by the Apache Software Foundation (ASF) Tooling team.

As of January 2026, this code is available for internal ASF feedback only. The project is in alpha development and subject to significant changes.

We welcome feedback and discussion, but note that many known issues and design refinements are already scheduled for future iterations. Please review our issue tracker and inline comments before filing new issues.

Alpha test deployment: https://release-test.apache.org/

Note: This repository is not yet an officially maintained or endorsed ASF project. It does not represent final technical or policy decisions for future ASF Tooling products. The code is provided without guarantees regarding stability, security, or backward compatibility.

Quick start

Run with Docker Compose (recommended):

git clone https://github.com/apache/tooling-trusted-releases.git
cd tooling-trusted-releases
mkdir -p state
docker compose up --build

Then visit https://127.0.0.1:8080/ (accept the self-signed certificate).

See DEVELOPMENT.md for additional options including running without containers.

Documentation

DocumentDescription
DEVELOPMENT.mdQuick start guide for developers
BUILD.mdBuild instructions and Make targets
CONTRIBUTING.mdHow to contribute code
SUPPORT.mdGetting help and reporting issues
GOVERNANCE.mdProject governance

Online documentation: https://release-test.apache.org/docs/

Getting involved

Community feedback is encouraged! If you are an ASF committer or contributor interested in Trusted Releases:

  1. Try it out – The alpha test server allows you to experiment with the release process.

  2. Introduce yourself on the development mailing list: dev@tooling.apache.org

    Subscribe by sending email with empty subject and body to dev-subscribe@tooling.apache.org and replying to the automated response (per the ASF mailing list how-to).

  3. Share ideas or file issues: Use the GitHub Issues page to report bugs, suggest features, or discuss improvements.

  4. Chat with us: #apache-trusted-releases on ASF Slack

Contributing

See CONTRIBUTING.md for detailed contribution guidelines.

Key resources for contributors:

License

This project is licensed under the Apache License, Version 2.0.

Part of the Apache Tooling Initiative. For more information about the ASF, visit https://www.apache.org/.