I ran into an issue with signing Thunderbird ESR 10 where version '10.0' rather than '10.0esr' was passed to the signing step. As a result, the already signed-off 10.0 final bits were overwritten. We should make it more difficult to change bits after they have been signed - to help prevent situations like this from happening - by making those files non-writable. So make sure that what was signed off is what is being pushed to mirrors and avoid costly respins.
I think it would be better to check if the target files exists, then copy files, and fail otherwise.
Maybe dupe of bug 737812 since we don't sign as a separate step anymore and Thunderbird will use the same process soon?