Is it absolutely necessary to any internal app must be signed?

I've written a WPF app, which has been used by us for about a year. Today I needed to make a change to the app, and re-publish it to开发者_StackOverflow our network drive, where it would be picked up by our users. However, I couldn't publish it, as I was getting an error message saying that the certificate had expired. I'd forgotten, but a year ago or so I must have generated a test certificate, which I associated with the app, when I initially published it.

Fast forward to today, as I said, I made some changes and tried to re-publish it, when I discovered that problem. We don't need this app's assembly signed - it is used internally only and will never be used outside of our agency. I went into the project's properties, opened up the Signing tab, and on a whim decided to clear the checkbox next to "Sign the ClickOnce manifests". I rebuilt it, re-published it (with no errors in this case) and tested it on a machine to see if I could install it. It installed fine, and works.

So, the bottom line is this; is it absolutely necessary that any and all ClickOnce applications must always and for all time, be signed? In our situation, writing only for my agency, an app which will only be used here, I just don't see the need.

No, not really. Users will get the "this app is not signed and might steal your money, your family and your favourite jumper" prompt, but in an internal app one could argue that's not a problem because it's from a known source and you can publish instructions.

For apps you were building for external use (or more accurately for your customers) then it's not really very good for those users to have this sort of thing, so you'd go get a proper certificate from a trusted authority.