Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
we do not correctly honour the validity period on server signing keys #4364
when we ask a server for its signing keys, it gives us a validity period, after which we should not accept federation requests signed by those keys, nor should we accept events with an origin_server_ts, unless we refresh the key list and it is still valid.
We need to start enforcing that