© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Some observations that people have made:
* Why check a date range on the system-user assertion. If snapd just checked the expiry timestamp of the assertion, then that may be all that's needed - and it should work in most cases.
* An attempt to prevent use of signed messages based on the *local* clock is unreliable. In most cases, the device owner can directly manipulate the clock and, where they can't, they can
likely insert a spoofed ntp daemon on the network, unless we use an authenticated time source.