Add comment that integration time is only trustworthy with an SET (#442)

gen/jsonschema/schemas/Bundle.schema.json

@@ -314,7 +314,7 @@
                 },
                 "integratedTime": {
                     "type": "string",
-                    "description": "The UNIX timestamp from the log when the entry was persisted."
+                    "description": "The UNIX timestamp from the log when the entry was persisted. The integration time MUST NOT be trusted if inclusion_promise is omitted."
                 },
                 "inclusionPromise": {
                     "$ref": "#/definitions/dev.sigstore.rekor.v1.InclusionPromise",

gen/jsonschema/schemas/Input.schema.json

@@ -507,7 +507,7 @@
                 },
                 "integratedTime": {
                     "type": "string",
-                    "description": "The UNIX timestamp from the log when the entry was persisted."
+                    "description": "The UNIX timestamp from the log when the entry was persisted. The integration time MUST NOT be trusted if inclusion_promise is omitted."
                 },
                 "inclusionPromise": {
                     "$ref": "#/definitions/dev.sigstore.rekor.v1.InclusionPromise",

gen/jsonschema/schemas/TransparencyLogEntry.schema.json

@@ -20,7 +20,7 @@
                 },
                 "integratedTime": {
                     "type": "string",
-                    "description": "The UNIX timestamp from the log when the entry was persisted."
+                    "description": "The UNIX timestamp from the log when the entry was persisted. The integration time MUST NOT be trusted if inclusion_promise is omitted."
                 },
                 "inclusionPromise": {
                     "$ref": "#/definitions/dev.sigstore.rekor.v1.InclusionPromise",

gen/jsonschema/schemas/VerificationMaterial.schema.json

@@ -231,7 +231,7 @@
                 },
                 "integratedTime": {
                     "type": "string",
-                    "description": "The UNIX timestamp from the log when the entry was persisted."
+                    "description": "The UNIX timestamp from the log when the entry was persisted. The integration time MUST NOT be trusted if inclusion_promise is omitted."
                 },
                 "inclusionPromise": {
                     "$ref": "#/definitions/dev.sigstore.rekor.v1.InclusionPromise",

gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs

@@ -127,6 +127,8 @@ pub struct TransparencyLogEntry {
     #[prost(message, optional, tag = "3")]
     pub kind_version: ::core::option::Option<KindVersion>,
     /// The UNIX timestamp from the log when the entry was persisted.
+    /// The integration time MUST NOT be trusted if inclusion_promise
+    /// is omitted.
     #[prost(int64, tag = "4")]
     pub integrated_time: i64,
     /// The inclusion promise/signed entry timestamp from the log.

protos/sigstore_rekor.proto

@@ -101,6 +101,8 @@ message TransparencyLogEntry {
         // verification.
         KindVersion kind_version = 3 [(google.api.field_behavior) = REQUIRED];
         // The UNIX timestamp from the log when the entry was persisted.
+        // The integration time MUST NOT be trusted if inclusion_promise
+        // is omitted.
         int64 integrated_time = 4 [(google.api.field_behavior) = REQUIRED];
         // The inclusion promise/signed entry timestamp from the log.
         // Required for v0.1 bundles, and MUST be verified.