If the signature alternative is used, disabling SIP to add the -p option to taskgated is not required.
Which alternative is more secure I guess boils down to the choice between 1) trusting self-signed certificates and 2) giving users more privileges. There are two solutions to the problem, and they are both mentioned in other answers to this question and to How to get gdb to work using macports under OSX 10.11 El Capitan?, but to clear up some confusion here is my summary (as an answer since it got a bit long for a comment):
In particular, the legacy option is quite possibly deprecated. For newer versions, beware that it may no longer apply. Please note that this answer was written for Mac OS El Capitan.
