How many package signatures use a certificate that is revoked? What is the revocation date? How many packages are affected?
How many package signatures use a certificate that chains to an untrusted root on Windows?
How many package signatures use a certificate that is invalid?
This table should contain all certificates used to author sign, repository sign, or timestamp packages. This certificate data should be joinable against JverPackageSignatures.
Add a table to answer questions like:
This table should contain all certificates used to author sign, repository sign, or timestamp packages. This certificate data should be joinable against
JverPackageSignatures
.Consider reusing: https://github.com/NuGet/NuGet.Jobs/blob/main/src/Validation.PackageSigning.ValidateCertificate/OnlineCertificateVerifier.cs