Google Git
Sign in
apache/tooling-trusted-releases

Apache Trusted Releases

Mirrored from https://github.com/apache/tooling-trusted-releases.git
Clone this repo:

Branches

More...
  1. 2afb61f Update dependencies due to CVE-2026-44431 and CVE-2026-44432 by Sean B. Palmer · 12 hours ago altera main
  2. 15a37ea #1057 - don't expose cache endpoints in production by Alastair McFarlane · 19 hours ago sbp
  3. 2da7807 Automatically resolve trusted votes by default by Sean B. Palmer · 3 days ago
  4. 751c214 Note in the API when a first round podling vote is carried over by Sean B. Palmer · 4 days ago
  5. 249258b Use a general ASF logo for committees without their own logo by Sean B. Palmer · 4 days ago

Apache Trusted Releases (ATR)

A prototype service for verifying and distributing Apache releases securely.

NOTE: New contributors must introduce themselves on the development mailing list first, to deter spam. Contributions are very welcome, but please do not submit a PR until you have introduced yourself.

Status

This repository contains code developed by the Apache Software Foundation (ASF) Tooling team.

As of January 2026, this code is available for internal ASF feedback only. The project is in alpha development and subject to significant changes.

We welcome feedback and discussion, but note that many known issues and design refinements are already scheduled for future iterations. Please review our issue tracker and inline comments before filing new issues.

Alpha test deployment: https://release-test.apache.org/

Note: This repository is not yet an officially maintained or endorsed ASF project. It does not represent final technical or policy decisions for future ASF Tooling products. The code is provided without guarantees regarding stability, security, or backward compatibility.

Quick start

Run with Docker Compose (recommended):

git clone https://github.com/apache/tooling-trusted-releases.git
cd tooling-trusted-releases
mkdir -p state
docker compose up --build

Then visit https://127.0.0.1:8080/ (accept the self-signed certificate).

See DEVELOPMENT.md for additional options including running without containers.

Documentation

DocumentDescription
DEVELOPMENT.mdQuick start guide for developers
BUILD.mdBuild instructions and Make targets
CONTRIBUTING.mdHow to contribute code
SUPPORT.mdGetting help and reporting issues
GOVERNANCE.mdProject governance

Online documentation: https://release-test.apache.org/docs/

Getting involved

Community feedback is encouraged! If you are an ASF committer or contributor interested in Trusted Releases:

  1. Try it out – The alpha test server allows you to experiment with the release process.

  2. Introduce yourself on the development mailing list: dev@tooling.apache.org

    Subscribe by sending email with empty subject and body to dev-subscribe@tooling.apache.org and replying to the automated response (per the ASF mailing list how-to).

  3. Share ideas or file issues: Use the GitHub Issues page to report bugs, suggest features, or discuss improvements.

  4. Chat with us: #apache-trusted-releases on ASF Slack

Contributing

See CONTRIBUTING.md for detailed contribution guidelines.

Key resources for contributors:

License

This project is licensed under the Apache License, Version 2.0.

Part of the Apache Tooling Initiative. For more information about the ASF, visit https://www.apache.org/.