add conservative key pinning for System Updater

2023-05-02 14:50:36 -04:00 · 2023-05-02 14:50:36 -04:00 · 41075cfe7f
commit 41075cfe7f
parent 15c98e1bec
1 changed files with 1 additions and 0 deletions
--- a/static/releases.html
+++ b/static/releases.html
@ -599,6 +599,7 @@

                    <ul>
                        <li>kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro: Mali GPU driver update</li>
+                        <li>System Updater: add TLS key pinning with expiration 2 months in the future to make TLS more useful as an additional layer of security before the 3 layers of offline update signing (update package signature, update_engine payload signature and verified boot signature) while also avoiding blocking updates on extremely out-of-date installs falling behind changes to our TLS certificate approach</li>
                    </ul>
                </article>
                -->