To sign an application with Apple you need to be enrolled as an active Apple Developer and pay the yearly fee to get your applications code signed. A sthe builds for the releases not signed you will get that warning.
Simple answer is: you can’t as of now. You have to work around that with a different configuration in LS.
Technically, yes. But:
I can’t speak for fd0 who makes the builds but I don’t think that this is gonna happen.
See other OSS projects like rclone or caddy. None of the builds are signed.
See
In my original post I added a statement exactly like that where I was saying “Most of the times releases come with a SHA hash and this you can use to verify if a binary has been altered” but then it made me think of "what if the binary is not altered when downloaded but afterwards when it’s already bin installed. So I removed it as I didn’t want to branch off of the initial question.
Nobody (big *) is gonna go through their binaries and checks if the SHA still matches, right?
This is where LS comes into action as it can alert you if a binary has been altered or replaced.
Maybe Apple will come around and lower the bar for folks who want to develop for macOS and ideally get rid of or substantially lower the cost for the annual membership.
Indeed, similar to what @mholt does with Caddy, we’re signing our binaries and the source code with my personal GPG key on release. We (as a project) don’t have the resources to add signing for the different platforms (OS X, Windows, …) at the moment.