From 5ec3dab1410b0a0c7f8e203ac4f23550cfb65875 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@yossarian.net>
Date: Tue, 9 Apr 2024 10:50:49 -0400
Subject: [PATCH] attestation: document BACKFILL_CUTOFF better

Signed-off-by: William Woodruff <william@yossarian.net>
---
 Library/Homebrew/attestation.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Library/Homebrew/attestation.rb b/Library/Homebrew/attestation.rb
index fcaa726ab5..0c47aff12e 100644
--- a/Library/Homebrew/attestation.rb
+++ b/Library/Homebrew/attestation.rb
@@ -19,6 +19,14 @@ module Homebrew
     BACKFILL_REPO_CI_URI = "https://github.com/trailofbits/homebrew-brew-verify/.github/workflows/backfill_signatures.yml@refs/heads/main"
 
     # No backfill attestations after this date are considered valid.
+    #
+    # This date is shortly after the backfill operation for homebrew-core
+    # completed, as can be seen here: <https://github.com/trailofbits/homebrew-brew-verify/attestations>.
+    #
+    # In effect, this means that, even if an attacker is able to compromise the backfill
+    # signing workflow, they will be unable to convince a verifier to accept their newer,
+    # malicious backfilled signatures.
+    #
     # @api private
     BACKFILL_CUTOFF = DateTime.new(2024, 3, 14).freeze