Clarification from Wiktor via #121

book/source/04-certificates.md

@@ -345,7 +345,11 @@ In addition, GnuPG offers two explicit methods for certificate minimization, des
 
 Some implementations, such as Sequoia, prefer to rely on the full historical set of self-signatures to construct a view of the certificate over time. This way, signatures can be verified at different reference times. In this model, removing superseded self-signatures can cause problems with the validation of historical signature.
 
-An example for the tension between minimization and nuanced verification of the [temporal validity](temporal-validity) of signatures can be seen in the case of [rpm-sequoia](https://github.com/rpm-software-management/rpm-sequoia/issues/50#issuecomment-1689642607). To handle the limited availability of historical self-signatures on certificates in the wild, the rpm-sequoia implementation was adjusted to accept binding self-signatures that predate the current self-signature of the primary key[^primary-self-sig].
+An example for the tension between minimization and nuanced verification of the [temporal validity](temporal-validity) of signatures can be seen in the case of rpm-sequoia. See [this discussion](https://github.com/rpm-software-management/rpm-sequoia/issues/50#issuecomment-1689642607) for details:
+
+Initially, when checking the validity of a data signature for a software package, `rpm-sequoia` used the signature's creation time as the reference time. However, the availability of historical self-signatures in certificates is limited. So sometimes only a more recent self-signature for the primary key is available, and there is no evidence that the primary key was valid at the reference time.
+
+To deal with this reality, the rpm-sequoia implementation was adjusted to accept data signatures that predate the validity of the current primary key self-signature[^primary-self-sig].
 
 [^primary-self-sig]: Which in OpenPGP version 4 is often a primary User ID binding signature.