I downloaded an app from github (mac2imgur), and it refused to run.
$ codesign -vv mac2imgur.app
mac2imgur.app: invalid Info.plist (plist or signature have been modified)
In architecture: x86_64
It seems unlikely the developer uploaded something with a bad signature.
Is this a red flag that the app may have been compromised and reuploaded?
Best Answer
It’s quite likely a developer uploaded something incorrectly codesigned. As a developer myself, I know it takes time to get it right, and many don’t bother.