The MSI itself is signed, but the binaries are not
06/23/2021, 11:35 AM
Er, what? I think I downloaded the msi from GitHub and checked that the inner binary was signed. Which one did you download?
Possible the website one was different
06/23/2021, 6:31 PM
yeah likely, I think the one on the website is pointing to the S3 bins, the one I grabbed was from the GitHub release
06/23/2021, 6:51 PM
Seems weird. We should understand how that happened and remediate.
I sorta wonder if we can make all the downloads single sourced.
06/23/2021, 8:53 PM
I think the issue with this, was that while I was testing things out, we have logic to not overwrite the GH release artifacts, as attempting to re-submit is what was causing the stack-traces and failures, so the MSI had been stale from testing those flows, and I forgot to delete it and re-run the whole submission pipeline after we had all the kinks worked out