❓ Is the need to notarize a DMG really a hard 'Apple' limitation for distributing Mac Apps beyond your local build machine? What makes me doubtful is that you frequently come across ad-hoc distributed Mac Apps in the wild; which refuse to run normally due to having not being signed; and yet you can still run them with 'Right Click -> Open' on the App, as a kind of 'confirmation' that you accept the risk. What makes CfD's packaging different? Could we not achieve the same experience? It's not ideal of course, but still very useful in many situations e.g. just wanting to share a utility App with colleagues.

macos is getting stricter. unsigned M1 apps won't even run with right-click.

The strictness also depends on the version of your macOS and how you download the file.

Interesting! Even for people testing my program in macOS, it looks like I'll have to try just JVM jars.