Microsoft.WinGetSourceCreator.Helpres not using time server for signing #4948
Labels
Issue-Feature
This is a feature request for the Windows Package Manager client.
Comments
microsoft-github-policy-service
bot
added
the
Needs-Triage
denelon
added
Issue-Feature
|
The PreIndexed package source is updated every time the publishing pipeline runs over at winget-pkgs. In general, the index gets refreshed mutiple times per day. I'm not sure we actually need or want to have this package to be usable if it's expired. The |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Brief description of your issue
Microsoft.WinGetSourceCreator.Helpres SignFile is not using a time server for signing.
Once a code signing certificate expires signed packages will no longer be usable without a time stamp.
Steps to reproduce
Look into src\WinGetSourceCreator\Helpres.cs
Line 39
Expected behavior
Time stamp is added to signature
Actual behavior
No time stamp is added to signature
Environment
Windows 11 Enterprise
The text was updated successfully, but these errors were encountered: