@citty @misty This is codesign, a tool for generating code signatures. I don’t think any of the other options would make sense with verifying a signature.

Don’t get me wrong, this is incredibly bad design. I just doubt it could be a security hole like you would normally expect not verifying a signature to be.