Hacker News new | ask | show | jobs
by jvehent 500 days ago
Yeah. Sorry about that...

We didn't think that the intermediate CA expiring would break the signatures, because code signing generally doesn't care about expiration, but we never tested the code path until the intermediate expired and the signatures broke. That was a hard lesson to learn...
1 comments
extraduder_ire 499 days ago
I've seen the idea floated for combatting non signing related time-based bugs, but I'm a firm believer in having at least one machine run tests with its time set artificially far in the future (e.g. 1 year) to catch these ahead of time where possible.
link
jvehent 499 days ago
that was very much one of the lesson learned
link