I didn't expect such positive replies.
Please note,that it's (very) important to know which files have a valid digital signature in terms of #date. In other words, to less or equal to current date. That could be a method.
Now, extending the idea of complex verification, It could also use an 'offline database', perhaps a text file (list) that contains default/custom trusted vendors. The vendors that are listed in the respective text file will show in a color, let's say green while the others that are not in the list will be marked red. Of course, colors could be customizable/user-choice -- whatever seems appropriate to DonationCoder.
Thanks again for the great feedback.