> But in reality, it's the sanest solution to this problem.
Absolutely not. It puts Apple in total control over user's software. You have to place all of your trust in Apple that the binary you're running is actually build from the source code it is supposed to be.
Now, over in the free digital world, this problem is being addressed sanely. For example, NixOS and GNU Guix are tackling the issues of reproducible builds and package signing that can use a distributed web of trust. This way, no one has to trust a single company/entity or build machine. Debian is also after reproducible builds.
It doesn't care who the developer is though, which is an issue. As long as there's a valid signature, the application runs.
(btw, if you don't want to enable "allow all apps" on OSX, just rightclick (two finger click) and pick "open" from the context menu. it'll prompt for launch as opposed to just "no.")
The sanest solution to the problem is for OSes to fix their permission models and realize that app isolation is as important as -- or more important than -- user isolation.
When the OS enforces signature checking, you don't have to worry about whether it was downloaded over HTTP or who owned the domain name.