So MakeMKV is not passing Gatekeeper, because it is not signed with a Developer ID:
https://developer.apple.com/developer-id/
I'm guessing this centralized ID system is avoided because of the legal status of ripping programs in most countries (correct me if I'm wrong).
So, why not use a decentralized signing system like GPG? That is what the Tor Browser is using. Simply provide a signature along with the DMG file. That way I can verify that the software has been signed with the right key. Of course, I still have to trust this key to begin with... but at least I only have to trust this key once, when I download it. As it is now, I have to "renew" my trust every time I download the software.