Just found a reference to this: "My understanding is that this follows the same path as Developer ID signed apps on macOS: The signature includes a secure timestamp and we only require that the identity was valid at the time that it was signed" Based on that it seems irrelevant if the certificate for an XCFramework expires as far it was valid at the time of signing, being only an issue if it's not signed at all or if it is revoked. Any further confirmation on this would be great.

Adding to this, it would be great to include in the support page a clear differentiation of what's recommended in terms deployment versions and what's the minimum. You mentioned iOS 12 still supported.., for how long?, will it be dropped silently?, is iOS 11 supported too? The legend at the moment reads as " The OS range supported by this version of Xcode for uploading apps to App Store Connect."