Issue with unsigned beta package

@uu_sharkey,

That's not what we're seeing here:

pkgutil --check-signature ~/Downloads/1Password-7.7.1.BETA-7.pkg  
Package "1Password-7.7.1.BETA-7.pkg":
   Status: signed by a developer certificate issued by Apple for distribution
   Signed with a trusted timestamp on: 2021-02-04 21:48:26 +0000
   Certificate Chain:
    1. Developer ID Installer: AgileBits Inc. (2BUA8C4S2C)
       Expires: 2022-03-03 19:23:21 +0000
       SHA256 Fingerprint:
           75 74 B9 83 A6 43 7E FB 23 B9 4E B4 BE 19 F5 07 35 20 40 DB 2D 4F 
           99 3D 22 DA C7 6B 3B 1C 85 FF
       ------------------------------------------------------------------------
    2. Developer ID Certification Authority
       Expires: 2027-02-01 22:12:15 +0000
       SHA256 Fingerprint:
           7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D 03 
           F2 9C 88 CF B0 B1 BA 63 58 7F
       ------------------------------------------------------------------------
    3. Apple Root CA
       Expires: 2035-02-09 21:40:36 +0000
       SHA256 Fingerprint:
           B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C 
           68 C5 BE 91 B5 A1 10 01 F0 24

I'd be willing to investigate though, what app are you inspecting the package with?

Seems like it might be https://mothersruin.com/software/SuspiciousPackage/get.html ?

Just ran it on the same pkg file and the result was this…

The only difference i see between our screenshots is yours says "No Scripts" where mine says "All Scripts", if your package didn't come directly from us or was modified by another step to remove the scripts then that would invalidate both the signature and notarization of the pkg.