Skip to content

Comments

[WIP] Update binary signature validation logic#762

Draft
Copilot wants to merge 1 commit intomainfrom
copilot/update-signature-check-logic
Draft

[WIP] Update binary signature validation logic#762
Copilot wants to merge 1 commit intomainfrom
copilot/update-signature-check-logic

Conversation

Copy link

Copilot AI commented Feb 20, 2026

Thanks for asking me to work on this. I will get started on it and keep this PR's description up to date as I form a plan and make progress.

Our rule for checking if a binary has an expired signature currently looks for if the binary was signed by a certificate which is currently expired. However, I think this logically doesn't make sense - the signature is valid as long as the binary was signed during the certificates validity period, but it doesn't become unsafe because the certifiacate can no longer sign new things. Double check that we are correctly collecting all the needed fields to change this logic, add new data collection if required, and then update the rule logic to check that the certificate that was used for signing was in its validity period at the time the signature was made, instead of just checking if the signature is now expired.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI assigned Copilot and gfs Feb 20, 2026
Copilot AI requested a review from gfs February 20, 2026 19:04
Copilot stopped work on behalf of gfs due to an error February 20, 2026 19:04
The session was cancelled by the user.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gfs gfs Awaiting requested review from gfs

At least 1 approving review is required to merge this pull request.

Assignees

@gfs gfs

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gfs