still a few glitches in the system...

Its strange how MSFT Legal approached this. They require that you certify that the binary you will upload “to be signed must not be licensed under GPLv3 or similar open source licenses,” which Bottomley notes is a bit unclear, and the contract you must agree to prohibits a bunch of different licenses by name.

One could create a license, the MSFT_LEGAL_CORNER_CASE license, that is in no way "open-source" simply because it requires nothing with respect to source code, but that is anti-tivo in requiring that anyone distributing a signed copy of the binary it must distribute the private key.

It wouldn't be on any of their blacklists because its completely made-up, presumably it must be covered under some generic clause in the contract, and that neither uploading a file now downloading a binary will oblige MSFT... But why make such a fuss over the GPLv3 and disallowed licenses when you can't cover the actual item of concern with those clauses.

A much simpler solution is obvious. Don't return the binary. You upload the binary, they send you back a signature with a placeholder (all 00 or EE) for your binary, you insert the binary into the signature packet. No need for them to dirty their hands by distributing your binary.