Per https://bugzilla.mozilla.org/show_bug.cgi?id=1697185#c4 and https://jira.mozilla.com/browse/RELENG-429 .
We haven't made a product-level decision here, but a) it looks like timestamp.digicert.com may have silently EOLed sha1 timestamps since Microsoft has EOLed sha1 signing years ago, and b) it may be the case that changing the signature may only affect Windows 7 SP 0 users on first install. I'm not 100% sure about the second point. Should we continue testing and rolling out, or pause work here until we make a product decision? _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
