Why can an expired certificate be used to sign a JAR file?
How does a timestamp prevent use of a leaked expired certificate to sign a malignant executable?
If it is supposedly fine to share or leak expired certificates then why is it safe to allow use of such certificate to sign code if the signat…