Toolchain packages over the last month have had invalid signing, making them fail to open after double clicking. Manually opening the package (or removing the quarantine attribute, I assume) lets it install, but that could be a dangerous step. Can this be fixed?
I posted this here since previous signing topics have been here. Feel free to move it somewhere more appropriate if necessary.