Open ramonpetgrave64 opened 2 months ago
The work in https://github.com/slsa-framework/slsa-verifier/pull/731 retrieves the latest the signing key from the TUF root. There is metadata for a ValidFor.Start, and in the future there may be a ValidFor.End.
ValidFor.Start
ValidFor.End
Consider ensuring that the current timestamp is between the start and end timestamps.
The work in https://github.com/slsa-framework/slsa-verifier/pull/731 retrieves the latest the signing key from the TUF root. There is metadata for a
ValidFor.Start
, and in the future there may be aValidFor.End
.Consider ensuring that the current timestamp is between the start and end timestamps.