Is it the right place to ask developers to re-sign the package with a proper certificate?
Code:
$ pkgutil --check-signature ~/Downloads/RasClient-Mac-16.5.3-20740.pkg
Package "RasClient-Mac-16.5.3-20740.pkg":
Status: signed by a certificate that has since expired
Certificate Chain:
1. 3rd Party Mac Developer Installer: Parallels International GmbH (4C6364ACXT)
SHA1 fingerprint: B7 1F 5F 78 9B 8D FB CE 94 4C 50 DC D4 CC 06 F0 B9 E3 48 B1
-----------------------------------------------------------------------------
2. Apple Worldwide Developer Relations Certification Authority
SHA1 fingerprint: FF 67 97 79 3A 3C D7 98 DC 5B 2A BE F5 6F 73 ED C9 F8 3A 64
-----------------------------------------------------------------------------
3. Apple Root CA
SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60