Digital signature is not up to date

[SyntaxError]

Good morning,
My company does not want to offer Paint.net in the employee software catalog because the digital signature is not up to date.
Is it possible for you to renew it?

(It was valid from 08/23/2020 to 08/24/2023)

Thanks in advance and congratulations for the quality of your developments!

 

Bruno

[Rick Brewster]

The signatures are not invalid or "not up to date."

 

The binaries are signed with a timestamp, which validates when the files were signed. This is unlike an SSL certificate which absolutely must be renewed when it expires. For a code signing certificate, it only needs to be non-expired when the files are signed and timestamped. So "old" binaries are fine. The next PDN update will be signed with a new certificate (you can't sign and timestamp with an expired certificate).

 

If your IT department can't understand this then they need to figure it out. Otherwise they will not be able to offer any software that hasn't been released (and thus signed) recently.

 

Also, code signing is moving in the direction of ultra-short-lived certificates. For instance, the next PDN update will be signed with a certificate with a validity range of only 3 days (via Microsoft's own Azure Code Signing service). But, timestamping is used, so the file's signatures are not "invalid" once that date range is in the past.

[Rick Brewster]