Mozilla no longer provides any trust information for code signing, opting only to supply VERIFY trust, so that Mozilla neither provides policy, nor removes the functionality from NSS. There is no trusted source of authority for code signing (such as we use Mozilla for TLS/S-Mime). The following list of certificate hashes that are already installed (as they have TLS trust from Mozilla) that are also trusted by Microsoft for code signing. The Microsoft Trusted Root Certificate Program's inclusion policy is available for review at https://docs.microsoft.com/en-us/previous-versions/azure/mt171474(v=azure.100). 02265526,062cdee6,157753a5,244b5494,2c543cd1,2e4eed3c,3513523f,4304c5e5, 442adcac,480720ec,48bec511,4a6481c9,4bfab552,5ad8a5d6,653b494a,6b99d060, 7d0b38bd,ae8153b9,aee5f10d,b1159c4c,b204d74a,b7a5b843,ba89ed3b,c01cdfa2, c0ff1f52,cbf06781,d7e8dc79,e2799e36,f081611a,f3377b1b,f387163d,f39fc864