Open teridon opened 5 years ago
Hmm... interesting...
Haven't thought about it, guess thats the drawback to the signing binaries :) Wonder how to solve it, the "old" binaries are just as valid right...
I guess I can release a new version with a new signature, but what do I do with all old ones? Re-release them with a new signature? Or let them stay with an old certificate?
My suggestion is that new releases should have a new signature using a non-expired cert. It's up to you whether you want to release a new version with the ONLY change being the new signature.
In my opinion, the old ones should retain their previous signature. The signature for those releases is still valid -- it's only that the signing cert has expired since they were released. It shouldn't be a problem, unless you get people complaining that they cannot install due to the signing error. I haven't encountered any installation issues, but it's possible there are different Windows security configurations out there which require the digital signature cert to be valid.
In my opinion, the old ones should retain their previous signature.
+1 It's perfectly valid to leave them signed with the old certificate as long as the signature date is before the expiration date on the certificate, there shouldn't be any problems with signature verification.
Issue and Steps to Reproduce
Describe your issue and tell us how to reproduce it.
Expected Behavior
Status should be 'Valid'
Actual Behavior
Status is 'UnknownError'. Investigation using Windows file properties shows that the digital signature for "My Computer Solutions Nordic KB" expired 2018-11-01
Details
Additional Details
Example: