Open denelon opened 3 years ago
Could this please include the older appx and appxbundle formats? These can also be signed with a timestamp (I have verified that this is possible for appxbundles with SignTool).
All the following extensions are considered MSIX (.appx, .appxbundle, .msix, .msixbundle) by the Windows Package Manager.
@denelon Would this fall under Area-Validation-Pipelines ?
Description of the new feature/enhancement
Per @jaifroid
Proposed technical implementation details (optional)
If possible, instrument the validation pipeline to provide a warning when MSIX packages have not been timestamp signed. This will help notify publishers when their applications aren't timestamp signed.
Periodic validation should also be instrumented for this check so Issues can be created for existing packages that have not been timestamp signed. These packages should be removed if the certificate has expired and they are not timestamp signed.