Someone compared hashes of the sectors of both drivers and they are identical except for the signature.

You don't know what due diligence was done.

I don't, no, but why should I trust the maintainer, and why should the maintainer trust Randy from some random site?

To sibling comment: I don't understand your line of reasoning. How does using someone's software make you trust them? Don't you need trust to run someone's software first?

Because you intend to run their software? And don't try to tell me you've never ran any proprietary software.