bmersereau puts a shelf life on Mike's download links

Shared download links stop living forever - by default they now expire after 30 days.

security

Mike hands out download links protected by a cryptographic signature, so only a genuinely-issued link works. bmersereau's change adds an expiry date to that signature: once a link is older than its window, the backend refuses it. The default window is 30 days, which the author frames as a deliberate trade-off - long enough that a link pasted into a chat thread still works when someone comes back to it later, short enough to limit the damage if the underlying signing key ever has to be swapped out.

Crucially, nothing breaks on day one. Links created before this change carry no expiry and keep working, so existing shares in the wild aren't killed the moment it lands. Only new links start the clock. The work also brings the backend its first automated test setup, with a handful of tests covering the new behaviour.

So what Anyone weighing Mike for handling client documents should note this: it bounds how long a leaked or stale download link stays usable.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?