The moz_kinto_publisher script currently puts the exact values of MinTimestamp and MaxTimestamp that it receives from ct-fetch into each log's coverage metadata. I had originally planned to have clients adjust these values by the log's MMD before doing a coverage check, as that's similar to the existing behavior (clients are currently adjusting the filter timestamp by MMD in NSSCertDBTrustDomain::CheckCRLite).
On reflection I think moz_kinto_publisher should adjust the timestamps before including them in the coverage metadata. There are a couple of special cases to handle when ct-fetch has a "complete" log, and I'd rather not push that logic onto clients.
The moz_kinto_publisher script currently puts the exact values of
MinTimestampandMaxTimestampthat it receives from ct-fetch into each log'scoveragemetadata. I had originally planned to have clients adjust these values by the log's MMD before doing a coverage check, as that's similar to the existing behavior (clients are currently adjusting the filter timestamp by MMD inNSSCertDBTrustDomain::CheckCRLite).On reflection I think moz_kinto_publisher should adjust the timestamps before including them in the
coveragemetadata. There are a couple of special cases to handle when ct-fetch has a "complete" log, and I'd rather not push that logic onto clients.