installer pkg signing certificate is not consistent

jamf / aftermath

Aftermath is a free macOS IR framework

MIT License

460 stars 33 forks source link

installer pkg signing certificate is not consistent #61

Open bartreardon opened 4 months ago

bartreardon commented 4 months ago

The certificate for the v2.0 pkg is Developer ID Installer: Stuart Ashenbrenner (6PV5YF2UES)

The certificate for the latest release is Developer ID Installer: Jaron Bradley (C793NB2B2B)

Is there a plan to use a standard certificate for the pkg? We perform a check on the team ID when downloading a new package to ensure legitimacy so it would be good if this was consistent going forward.

adibue commented 3 months ago

Just noticed this as well. Would be glad to have a consistent Team ID here :-)

nick-f commented 3 months ago

This also means that tools like Installomator that check the expected team ID are unable to proceed without being constantly updated.

https://github.com/Installomator/Installomator/blob/47d5bccb3354160ea35037b3664b5e2abbe263c1/fragments/labels/aftermath.sh#L7

iDvL-dracea commented 3 weeks ago

@jbradley89 - is this new TeamID a permanent change? I cannot deploy the package via Installomator, and I would like to avoid having to manually check new releases/update the script every time it breaks.