Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Ensure that server_keys fetched via a notary server are correctly signed. #5251
@@ Coverage Diff @@ ## develop #5251 +/- ## =========================================== + Coverage 62.78% 62.82% +0.04% =========================================== Files 341 341 Lines 35452 35451 -1 Branches 5799 5798 -1 =========================================== + Hits 22258 22273 +15 + Misses 11628 11612 -16 Partials 1566 1566
They have, but note that it's not the notary's signature that we're checking for here: it is the origin server's signature on the json object that is passed on by the notary server.
In theory the notary server should check that the json object is signed by the origin server before it accepts it, but empirically there are a couple of (ancient) key objects in matrix.org's database which aren't signed by the origin server. Also emprically, they don't actually seem to cause a problem with joining either HQ or -dev, so I'm ignoring them.