Code signing should be done though.

You can disagree with Apple’s approach that maintains them as the only signing authority, but, at a fundamental level, code signing is the only way to distribute an executable and have the user be able to trust who authored it and what’s in it.