installer pkg signing certificate is not consistent

[bartreardon]

The certificate for the v2.0 pkg is Developer ID Installer: Stuart Ashenbrenner (6PV5YF2UES)

The certificate for the latest release is Developer ID Installer: Jaron Bradley (C793NB2B2B)

Is there a plan to use a standard certificate for the pkg? We perform a check on the team ID when downloading a new package to ensure legitimacy so it would be good if this was consistent going forward.

[adibue]

Just noticed this as well. Would be glad to have a consistent Team ID here :-)

[nick-f]

This also means that tools like Installomator that check the expected team ID are unable to proceed without being constantly updated.

https://github.com/Installomator/Installomator/blob/47d5bccb3354160ea35037b3664b5e2abbe263c1/fragments/labels/aftermath.sh#L7

[iDvL-dracea]

@jbradley89 - is this new TeamID a permanent change? I cannot deploy the package via Installomator, and I would like to avoid having to manually check new releases/update the script every time it breaks.

[golbiga]

Thanks all. We're looking into addressing this in the next release.