No multiple signature support

[JakeSmarter]

I am sorry if this is not the right place to voice this kind of feedback but I it is the closest I could find.

The appx/msix package specification and/or implementation does not support multiple signatures.

This is a bit of a bummer since every other major package manager does (including its predecessor MSI and direct competitor jar/apk). Additionally, what is perhaps even more perplexing is the fact that multiple signatures on PEs on Windows have been supported since Authenticode's introduction. IMHO, the consumer should be free to decide which signature to trust. I would be happy if you could address this feature in the next iteration of appx/msix.