Less error-prone OS package signature counting
From system-transparency/project/docs!10 (comment 13283):
[The current behavior] is an exact-match comparison on the raw certificate bytes. This is error prone and should be changed to exact matching on the key instead. I consider that a bug-fix rather than a proposal.
Just to explain briefly why the current behavior is bad. Including things like NotBefore and NotAfter into the comparison can lead to situations like: the root signs the same leaf key again before it expired (not an unreasonable thing to do), which means there are two possible certificates for the same key that counts towards ST's signature threshold (which is very unreasonable).
For reference: