As a part of SHA1 deprecation we need to re-sign existing Windows (do we need to do this for win64?) full and stub installers, upload them (probably to a different directory which will stay around for a while), and add Bouncer entries (different product name?). I'm not sure if our current signing script will upload already signed binaries, so we either should teach the script to do so (and verify the result) or use the partner repack script with a dummy config. Not sure if we can use it for the stub installer though.
Tracking for 43, just realized we need this step in place as well.
this part, iiuc, can wait until next week where we will have more hands to deal with it. the immediate concern is getting https://bugzilla.mozilla.org/show_bug.cgi?id=1079858 landed on m-r before RC release on monday
Looks like we don't need this for 43.0, and probably not a 43.0.1, but will for 43.0.2 when we swap to SHA-2.
We decided to not manually resign the installers.
Marking wontfix based on comment 4.