OSS Resistance is about not asking for time to do something yourself while removal of unsigned casks is about what they host in the official Homebrew/cask repo. You're free to make & use your own tap to use with Homebrew without asking, so there's not really anything to square between the two stances - any conflict all comes purely from your 3rd stance about signing in general.

I just threw them a small donation for supporting this software for so long, even if it's only 98% how I'd want the project to be run all these years myself.

I square them because both of them allow me to do lots of open source work and enjoy it.

Your signing point is not accurate. It doesn’t apply to all packages, only casks in the official tap. With casks the trust model, particularly on things that auto-update and don’t expose versions or checksums on download URLs, heavily relies on Apple’s security guardrails. We pushed against them for a while but Apple’s direction of travel made it clear that it was a waste of our energy and that we were at risk of compromising our users through doing so.

You can still automatically remove quarantine in third-party taps as desired, we’re just making it less easy to do so because we consider it a security feature that should require a deliberate bypass.

I don’t think anyone is obliged to donate to Homebrew but this sort of framing, assuming you use Homebrew, isn’t great. If you find what we do morally distasteful: go use something else. MacPorts, Mise and Nix are all good. This will be better for everyone than using us begrudgingly.