I just downloaded the Obduction "offline installer" version 1.7.2 for mac, but when I run the app it says it is from an unidentified developer. I'm well aware that I can work around this by right-clicking, selecting Open, and choosing to open the app regardless, but from previous threads in this forum it seems that the app is supposed to be signed, and these days I wouldn't expect any reputable software to be unsigned.

Is it a known issue / regression that the app is not signed? Are there any SHAs or similar I could use to verify it downloaded correctly and without interference?

I asked on the general forum and was told a way to verify GOG downloads using an MD5 hash; see [the forum base url]/forum/general/verifying_integrity_of_downloaded_games/page1 (apologies for the weird link — I'm not allowed to post links yet)

So I've been able to confirm that it downloaded correctly (if anybody wants to know the hash without following the process in the link, for the OSX 1.7.2 zip it should be 7196bbbc227a9708ee9a633b03d36606)

I'm still curious why the app isn't recognised as from a trusted developer though, especially since this seems to have come up multiple times in the past.