The MSI itself is signed, but the binaries are not

Er, what? I think I downloaded the msi from GitHub and checked that the inner binary was signed. Which one did you download? Possible the website one was different

yeah likely, I think the one on the website is pointing to the S3 bins, the one I grabbed was from the GitHub release

Seems weird. We should understand how that happened and remediate.

I think the issue with this, was that while I was testing things out, we have logic to not overwrite the GH release artifacts, as attempting to re-submit is what was causing the stack-traces and failures, so the MSI had been stale from testing those flows, and I forgot to delete it and re-run the whole submission pipeline after we had all the kinks worked out