Toolchain packages over the last month have had invalid signing, making them fail to open after double clicking. Manually opening the package (or removing the quarantine attribute, I assume) lets it install, but that could be a dangerous step. Can this be fixed?