>>heavys+(OP)
It's reasonable to know the app isn't self-signed and having to do the right-click "Open" for the first launch.
I appreciate that I can both benefit from PKI attestation of apps (for a small degree of protection against malware), and I can override it and run unsigned stuff.