It turns out that the combination of
(pid, start time) is not
enough to be unique. For temporary authorizations, we can avoid
separate users racing on pid reuse by simply comparing the uid.
And the above original email report is included in full in a new comment.
Reported-by: Jann Horn firstname.lastname@example.org
Closes: #75 (closed)