View Single Post
Here's a pointer to Leopard's code signing guide.

The quick summary is that Leopard doesn't care who signs code, it just tracks whether the application's internal code-signing requirements are met: in OmniWeb's case, the requirements are that the application identifier is com.omnigroup.OmnIWeb5 and that its anchor certificate is the Omni CA. (It tracks this certificate by its checksum, not its name.)

When validating the identity of an application, Leopard just tests whether those requirements are identical to the previous requirements, and if so it considers it the same application. (At the moment, this only affects the keychain, firewall, and parental controls.) If it changes for some reason (either because the resources no longer match the signature, or because the signature was replaced with a new signature containing different requirements) then Leopard considers it a different application. (There's nothing to stop a hacker from replacing Omni's signature with their own and distributing that app with their signature—except that Leopard will notice the change and will prompt all over again for access to secured resources.)

Hope this helps!