Best Practices for Maintaining Long-Term Validity of Signed XCFrameworks

I am developing and distributing an XCFramework, and I want to ensure that it remains valid for as long as possible. I have some questions regarding certificate expiration and revocation:

I understand that if an XCFramework is signed with a timestamp, it remains valid even after the signing certificate expires.

However, if the signing certificate is revoked, the XCFramework immediately becomes unusable.

As far as I know, Apple allows a maximum of two active distribution certificates at the same time.

  1. I assume that once a certificate expires, it will eventually need to be revoked in order to issue a third certificate. Is this correct?

  2. If an expired certificate is later revoked, will the XCFrameworks signed with that certificate also become invalid, even though they were timestamped?

  3. I want to ensure that released XCFrameworks remain valid for as long as possible. What is the best approach to achieve this?

If anyone has insights or official documentation references on how to manage signing certificates for long-term XCFramework validity, I would appreciate your guidance.

Thank you!

Best Practices for Maintaining Long-Term Validity of Signed XCFrameworks
 
 
Q