aftermath icon indicating copy to clipboard operation
aftermath copied to clipboard
verified publisher icon jamf

installer pkg signing certificate is not consistent

Open bartreardon opened this issue 1 year ago • 4 comments

The certificate for the v2.0 pkg is Developer ID Installer: Stuart Ashenbrenner (6PV5YF2UES)

The certificate for the latest release is Developer ID Installer: Jaron Bradley (C793NB2B2B)

Is there a plan to use a standard certificate for the pkg? We perform a check on the team ID when downloading a new package to ensure legitimacy so it would be good if this was consistent going forward.

bartreardon avatar Mar 26 '24 23:03 bartreardon

Just noticed this as well. Would be glad to have a consistent Team ID here :-)

adibue avatar May 06 '24 13:05 adibue

This also means that tools like Installomator that check the expected team ID are unable to proceed without being constantly updated.

https://github.com/Installomator/Installomator/blob/47d5bccb3354160ea35037b3664b5e2abbe263c1/fragments/labels/aftermath.sh#L7

nick-f avatar May 23 '24 06:05 nick-f

@jbradley89 - is this new TeamID a permanent change? I cannot deploy the package via Installomator, and I would like to avoid having to manually check new releases/update the script every time it breaks.

iDvL-dracea avatar Jul 26 '24 11:07 iDvL-dracea