This code is wrong, as the comment in the code explains: https://github.com/element-hq/synapse/blob/v1.153.0/synapse/handlers/room_policy.py#L264 (.update() is implemented in rust and overwrites all existing signatures as per https://github.com/element-hq/synapse/blob/v1.153.0/rust/src/events/signatures.rs#L128)
If signatures are already present from the server, the policy server signature must be merged instead of replacing the existing signature.
The bug was originally fixed by #19503 and later reintroduced by #19706
This code is wrong, as the comment in the code explains: https://github.com/element-hq/synapse/blob/v1.153.0/synapse/handlers/room_policy.py#L264 (
.update()is implemented in rust and overwrites all existing signatures as per https://github.com/element-hq/synapse/blob/v1.153.0/rust/src/events/signatures.rs#L128)If signatures are already present from the server, the policy server signature must be merged instead of replacing the existing signature.
The bug was originally fixed by #19503 and later reintroduced by #19706