A developer signed an installer package in April 2017 and it’s still valid, but Apple signed a Catalina installer app in December 2019 and its certificate has now expired. This article explains why.
Suspicious Package
in Mac OS 8 and 9, you could patch the system direct. OS X was harder, and became sprawling and interdependent, encouraging users to reinstall macOS. That has now ended with the introduction of the SSV.
Here’s how to find out just what that last update installed, so you can remove it manually if necessary.
The Eclectic Light Company 