Google screwed up the application signing in their update procedure. I'm just randomly guess they switched the OS X binary over to something like what they were doing with the Windows version (a decompiling, then patching procedure, then recompiling) without considering the possibility of differing hashes.
Mac OS X 10.5 Leopard includes a new
code signing security feature that
helps verify the integrity of an
application. Applications are signed
by their creators before being
distributed using their private key,
and then can be verified on the
customer’s machine using the company’s
public key.
Mac OS X’s Keychain
Services leverage this new code
signing feature to verify the
signature of each application before
allowing access to the contents of the
keychain. By verifying the signature,
the Mac OS X keychain Services can
detect when a potentially malicious
change has been made to an application
and thereby protect your sensitive
data by denying the changed
application access.
src: http://help.agile.ws/1Password3/invalid_code_signature.html
As for the fix? Not quite sure. I've just been hammering on Always Allow. I still get them sometimes but ever since I've started hammering, I've been getting less. Eventually, it'll go away if you keep doing that.
Hey, looking back at my guess, try reinstalling.
this is happening to me again, a year later. boo Google :( – Kyle Wild – 2011-09-22T18:17:26.090
1[one year later] - Is this some kind of Groundhog Day? From A to Z, I had to click
Always Allow
for all the stored sites... – brasofilo – 2013-01-02T10:50:06.120