Why isn't Apple time-stamping these updates?

Time-stamping during code signing ensures that the signed files are still verifiable after certificate expiration.

Apple is doing this with software distributed for Windows (e.g., QuickTime, iTunes, etc.), so why not for updates for the Mac OS?

Of course, for its Windows software, Apple seems to be using a code-signing certificate issued by Verisign.

This is a really lame problem to have that can be avoided entirely by following basic best practices for code-signing.

Posted on May 7, 2012 1:41 PM

There are no replies.

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.