When clicking Fepper's executable files, Mac and Windows may warn that the developer is unidentified. There is no verification process for these type of files. This isn't the usual context for "apps" as the general public knows of them.
However, Fepper distros are verified on GitHub, the only place you should be downloading them from. When the "Verified" badge is displayed on GitHub, this means that Electric Eloquence has signed the code commits with a GPG private key. Only Electric Eloquence is committing Fepper code. Only Electric Eloquence is releasing Fepper versions.
As such, you can click Fepper executables with confidence.
If you use the command line instead of clicking, the same regard for security applies even if you don't get warning popups.
Please consider our regard for security when choosing among the many many tools that do (almost) the same thing :)